1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

add DSA and ED25519 SSHFP records if those keys are present (#1078)

This commit is contained in:
Sean Watson 2017-03-01 05:02:41 -08:00 committed by Joshua Tauberer
parent 3830facf78
commit 368b9c50d0
2 changed files with 3 additions and 1 deletions

View File

@ -11,6 +11,7 @@ In Development
* Allow larger messages to be checked by SpamAssassin.
* Made nightly re-provisioning of TLS certificates less noisy.
* Fixed bugs in rsync backup method.
* Added support for DSA and ED25519 SSHFP records.
v0.21c (February 1, 2017)
-------------------------

View File

@ -342,6 +342,7 @@ def build_sshfp_records():
"ssh-rsa": 1,
"ssh-dss": 2,
"ecdsa-sha2-nistp256": 3,
"ssh-ed25519": 4,
}
# Get our local fingerprints by running ssh-keyscan. The output looks
@ -359,7 +360,7 @@ def build_sshfp_records():
ports = ports + [s[1]]
# the keys are the same at each port, so we only need to get
# them at the first port found (may not be port 22)
keys = shell("check_output", ["ssh-keyscan", "-p", ports[0], "localhost"])
keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
for key in sorted(keys.split("\n")):
if key.strip() == "" or key[0] == "#": continue
try: