HA! I figured out how to get ssh-keygen to read stdin by using the
authorJameson Graef Rollins <jrollins@finestructure.net>
Mon, 17 Nov 2008 23:07:33 +0000 (18:07 -0500)
committerJameson Graef Rollins <jrollins@finestructure.net>
Mon, 17 Nov 2008 23:07:33 +0000 (18:07 -0500)
bash "Here Strings" redirection.  No more stupid tempfiles to get ssh
key fingerprints.

src/monkeysphere-server
src/monkeysphere-ssh-proxycommand

index 34b06b73e99bf84212029831db8e69f3867a7132..a1844eeeba6af74cfe129836e7744d477ef54940 100755 (executable)
@@ -132,13 +132,13 @@ show_server_key() {
     fingerprint=$(fingerprint_server_key)
     gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
 
-    # dumping to a file named ' ' so that the ssh-keygen output
-    # doesn't claim any potentially bogus hostname(s):
-    tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
-    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
+    # do some crazy "Here Strings" redirection to get the key to
+    # ssh-keygen, since it doesn't read from stdin cleanly
     echo -n "ssh fingerprint: "
-    ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
-    rm -rf "$tmpkey"
+    ssh-keygen -l -f /dev/stdin \
+       <<<$(gpg_authentication "--export $fingerprint" | \
+       openpgp2ssh "$fingerprint" 2>/dev/null) | \
+       awk '{ print $1, $2, $4 }'
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
 }
index b3dc5625509732be84c6aeee7f9f9926b50611ea..a6091994f80dd0e8eef06dfdb1fb2b244656cdfe 100755 (executable)
@@ -77,12 +77,11 @@ output_no_valid_key() {
                    log "An OpenPGP key matching the ssh key offered by the host was found:"
                    log
 
-                   # get the fingerprint of the ssh key
-                   tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
-                   echo "$sshKeyGPG" > "$tmpkey"
-                   sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \
+                   # do some crazy "Here Strings" redirection to get the key to
+                   # ssh-keygen, since it doesn't read from stdin cleanly
+                   sshFingerprint=$(ssh-keygen -l -f /dev/stdin \
+                       <<<$(echo "$sshKeyGPG") | \
                        awk '{ print $2 }')
-                   rm -rf "$tmpkey"
 
                    # get the sigs for the matching key
                    gpgSigOut=$(gpg --check-sigs \