[dns/SSHFP] Ajout des clef ecdsa et de l'algorithm de hash sha256 pour SSHFP (cf rfc6594)

2014-01-19 00:59:36 +01:00 · 2014-01-19 00:59:36 +01:00 · 0587b59de9
commit 0587b59de9
parent 1b44f5357d
3 changed files with 14 additions and 4 deletions
--- a/gestion/gen_confs/bind.py
+++ b/gestion/gen_confs/bind.py
@ -379,8 +379,10 @@ zone "%(NOM_zone)s" {
                                break
                        if not algo: 
                            raise ValueError("Invalid Algorithms %s" % algo_txt)
-                        key=hashlib.sha1(base64.b64decode(key)).hexdigest()
-                        ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key)
+                        key1=hashlib.sha1(base64.b64decode(key)).hexdigest()
+                        key2=hashlib.sha256(base64.b64decode(key)).hexdigest()
+                        ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key1)
+                        ligne +="%s\tIN\tSSHFP\t%s\t2\t%s\n" % (nom,algo,key2)
                    except(ValueError,TypeError): pass
                direct[zone] = direct.get(zone, "") + ligne
                if isinstance(machine,ldap_crans.BorneWifi):
--- a/gestion/gen_confs/populate_sshFingerprint.py
+++ b/gestion/gen_confs/populate_sshFingerprint.py
@ -31,8 +31,11 @@ def ip4_addresses():
 def ssh_keyscan(host,algo):
    p=subprocess.Popen(["/usr/bin/ssh-keyscan", "-t",  "%s" %  algo,"%s" % host],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
    ret=p.communicate()[0].split()
-    key=ret[2]
-    return key
+    if len(ret)>2:
+        key=ret[2]
+        return key
+    else:
+        sys.stderr.write("No key for algo %s used by host %s\n" % (algo, host))

 def ssh_md5_hash(path):
    key=base64.b64decode(open(path).read().split()[1])