add DSA and ED25519 SSHFP records if those keys are present (#1078)

2024-11-22 02:17:26 +00:00 · 2017-03-01 05:02:41 -08:00 · 2017-03-01 05:02:41 -08:00 · 368b9c50d0
commit 368b9c50d0
parent 3830facf78
2 changed files with 3 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,7 @@ In Development
 * Allow larger messages to be checked by SpamAssassin.
 * Made nightly re-provisioning of TLS certificates less noisy.
 * Fixed bugs in rsync backup method.
 * Added support for DSA and ED25519 SSHFP records.
 v0.21c (February 1, 2017)
 -------------------------
--- a/management/dns_update.py
+++ b/management/dns_update.py
@ -342,6 +342,7 @@ def build_sshfp_records():
 		"ssh-rsa": 1,
 		"ssh-dss": 2,
 		"ecdsa-sha2-nistp256": 3,
 		"ssh-ed25519": 4,
 	}
 	# Get our local fingerprints by running ssh-keyscan. The output looks
@ -359,7 +360,7 @@ def build_sshfp_records():
 				ports = ports + [s[1]]
 	# the keys are the same at each port, so we only need to get
 	# them at the first port found (may not be port 22)
-	keys = shell("check_output", ["ssh-keyscan", "-p", ports[0], "localhost"])
+	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
 	for key in sorted(keys.split("\n")):
 		if key.strip() == "" or key[0] == "#": continue
 		try: