Initial revision
authorMaximilian Wilhelm <max@rfc2324.org>
Thu, 1 Sep 2005 16:00:07 +0000 (16:00 +0000)
committerMaximilian Wilhelm <max@rfc2324.org>
Thu, 1 Sep 2005 16:00:07 +0000 (16:00 +0000)
14 files changed:
debian/changelog [new file with mode: 0644]
debian/control [new file with mode: 0644]
debian/copyright [new file with mode: 0644]
debian/dirs [new file with mode: 0644]
debian/files [new file with mode: 0644]
debian/rbm-ssh-keysync-client.cron.d [new file with mode: 0644]
debian/rbm-ssh-keysync-client.postinst [new file with mode: 0644]
debian/rbm-ssh-keysync-server.cron.d [new file with mode: 0644]
debian/rbm-ssh-keysync-server.postinst [new file with mode: 0644]
debian/rules [new file with mode: 0755]
files/ssh-keysync [new file with mode: 0755]
files/ssh-keysync-client.conf [new file with mode: 0644]
files/ssh-keysync-merge [new file with mode: 0755]
files/ssh-keysync-server.conf [new file with mode: 0644]

diff --git a/debian/changelog b/debian/changelog
new file mode 100644 (file)
index 0000000..271c4a1
--- /dev/null
@@ -0,0 +1,100 @@
+rbm-ssh-keysync (0.4) stable; urgency=high
+
+  * Initial official version
+  * Made the this software configurable to allow public distribution
+  * Made code review and fixed some minor things
+
+ -- Maximilan Wilhelm <max@rfc2324.org>  Sun, 09 Jan 2005 23:19:34 +0100
+
+rbm-ssh-keysync (0.3-7) stable; urgency=high
+
+  * make sure tempfiles are deleted
+  * chown fai /var/cache/ssh-keysync/keys on the server
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Fri,  1 Oct 2004 14:36:39 +0200
+
+rbm-ssh-keysync (0.3-6) stable; urgency=high
+
+  * Remove pathcollision between client and server script (occur if both are
+    installed)
+  * server script should be started as user skeysync
+  * Again more quietness
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Thu, 23 Sep 2004 01:49:28 +0200
+
+rbm-ssh-keysync (0.3) stable; urgency=high
+
+  * Renamed package again.
+  * Bugfix for server version.
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Wed, 15 Sep 2004 16:35:44 +0200
+
+uni-ssh-keysync (0.2-7) stable; urgency=high
+
+  * ssh-keysync-server now keeps more quiet.
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Fri, 20 Aug 2004 17:27:14 +0200
+
+uni-ssh-keysync (0.2-6) stable; urgency=high
+
+  * ssh_known_hosts will be build and fetched hourly
+  * Server only sends mail if an error occured
+  * Fix from Holger for client script: known_hosts => ssh_known_hosts)
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Fri, 20 Aug 2004 15:11:15 +0200
+
+uni-ssh-keysync (0.2-5) stable; urgency=high
+
+  * Publish created know_hosts also in case, that it's different to the old one
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Thu,  8 Jul 2004 18:17:42 +0200
+uni-ssh-keysync (0.2-4) stable; urgency=high
+
+  * Check if download was successful or not.
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Mon,  5 Jul 2004 15:23:42 +0200
+uni-ssh-keysync (0.2-3) stable; urgency=high
+
+  * Bugfix: made postinst and cron.d fit to the new package name
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Mon,  5 Jul 2004 12:36:58 +0200
+
+uni-ssh-keysync (0.2-2) stable; urgency=high
+
+  * Bugfixes
+  * Create client BASE_DIR if not there
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Fri,  2 Jul 2004 19:36:11 +0200
+uni-ssh-keysync (0.2-1) stable; urgency=high
+
+  * Renamed package (RBM Policy)
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Tue, 22 Jun 2004 11:25:10 +0200
+ssh-keysync (0.2-1) stable; urgency=high
+
+  * Renamed scriptes to avoid name collision with s/keys
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Wed,  5 May 2004 19:35:14 +0200
+
+ssh-keysync (0.1-3) stable; urgency=high
+
+  * Some minor fixes and dependency changes
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Wed,  5 May 2004 19:35:14 +0200
+ssh-keysync (0.1-2) stable; urgency=high
+
+  * Added automagic update
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Wed,  5 May 2004 19:22:14 +0200
+
+ssh-keysync (0.1-1) stable; urgency=high
+
+  * Initial Release.
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Fri, 16 Apr 2004 19:16:10 +0200
+
diff --git a/debian/control b/debian/control
new file mode 100644 (file)
index 0000000..15a2ab2
--- /dev/null
@@ -0,0 +1,19 @@
+Source: rbm-ssh-keysync
+Section: admin
+Priority: optional
+Maintainer: Maximilian Wilhelm <max@rfc2324.org>
+Build-Depends: debhelper (>> 3.0.0)
+Standards-Version: 3.5.2
+
+Package: rbm-ssh-keysync-server
+Architecture: all
+Depends: ssh, textutils, mawk, diff, host
+Description: server-side script for distributing ssh_known_hosts
+ Scripts for the server, on which the ssh-keys are collected
+
+Package: rbm-ssh-keysync-client
+Architecture: all
+Depends: ssh, wget, netkit-ping
+Description: client side script for distributing ssh_known_hosts
+ Scripts to be run on every client, which should get a global
+ ssh_known_hosts file
diff --git a/debian/copyright b/debian/copyright
new file mode 100644 (file)
index 0000000..f5e0fa6
--- /dev/null
@@ -0,0 +1,13 @@
+This package was debianized by Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de> on
+Fri, 16 Apr 2004 19:16:10 +0200.
+
+Upstream Author: Maximilian Wilhelm <max@rfc2324.org>
+
+Copyright:
+
+  ____   ____    _     
+ / ___| |  _ \  | |    
+| |  _  | |_) | | |    
+| |_| | |  __/  | |___ 
+ \____| |_|     |_____|
+                       
diff --git a/debian/dirs b/debian/dirs
new file mode 100644 (file)
index 0000000..81692db
--- /dev/null
@@ -0,0 +1,3 @@
+opt/sbin
+var/cache/ssh-keysync
+etc/rbm
diff --git a/debian/files b/debian/files
new file mode 100644 (file)
index 0000000..71d63c3
--- /dev/null
@@ -0,0 +1,2 @@
+rbm-ssh-keysync-server_0.4_all.deb admin optional
+rbm-ssh-keysync-client_0.4_all.deb admin optional
diff --git a/debian/rbm-ssh-keysync-client.cron.d b/debian/rbm-ssh-keysync-client.cron.d
new file mode 100644 (file)
index 0000000..af16445
--- /dev/null
@@ -0,0 +1,5 @@
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/sbin:/opt/bin
+#
+# Regular cron jobs for the ssh-keysync-client package
+#
+42 * * * * root ( /opt/sbin/ssh-keysync -pull -quiet )
diff --git a/debian/rbm-ssh-keysync-client.postinst b/debian/rbm-ssh-keysync-client.postinst
new file mode 100644 (file)
index 0000000..f0d2d22
--- /dev/null
@@ -0,0 +1,53 @@
+#! /bin/sh
+# postinst script for sshkey-sync-client
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+case "$1" in
+    configure)
+       mkdir -p /var/cache/ssh-keysync
+       if [ /opt/sbin/ssh-keysync -configcheck 2>/dev/null ]; then
+               /opt/sbin/ssh-keysync -pull
+       else
+               echo "Attention: You have to customize /etc/rbm/ssh-keysync-client.conf to make ssh-keysync work."
+       fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
diff --git a/debian/rbm-ssh-keysync-server.cron.d b/debian/rbm-ssh-keysync-server.cron.d
new file mode 100644 (file)
index 0000000..e0630d7
--- /dev/null
@@ -0,0 +1,5 @@
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/sbin:/opt/bin
+#
+# Regular cron jobs for the ssh-keysync-server package
+#
+23 * * * * skeysync ( /opt/sbin/ssh-keysync-merge -quiet )
diff --git a/debian/rbm-ssh-keysync-server.postinst b/debian/rbm-ssh-keysync-server.postinst
new file mode 100644 (file)
index 0000000..1e8c488
--- /dev/null
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+
+# User fuer die Verwaltung der Keys anlegen, wenn noch keiner da ist.
+if ! getent passwd skeysync > /dev/null; then
+    useradd -m -d /var/cache/ssh-keysync -c "Schluesselmeister" skeysync
+fi
+
+# set feasible rights
+chown skeysync.root /var/cache/ssh-keysync
+chmod 755 /var/cache/ssh-keysync
+
+# create directories for storing the client keys and the generated key file
+mkdir -p /var/cache/ssh-keysync/keys /var/cache/ssh-keysync/pub
+
+# if you have an fai user make him able to write to the keys-dir, to
+# allow an easy and automated update of the keys
+if getent passwd fai > /dev/null; then
+       chown fai /var/cache/ssh-keysync/keys
+fi
+
+# let the skeysync user write to the output dir
+chown skeysync /var/cache/ssh-keysync/pub
diff --git a/debian/rules b/debian/rules
new file mode 100755 (executable)
index 0000000..4ed5363
--- /dev/null
@@ -0,0 +1,156 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper. 
+# GNU copyright 1997 by Joey Hess.
+#
+# This version is for a hypothetical package that builds an
+# architecture-dependant package, as well as an architecture-independent
+# package.
+
+# Uncomment this to turn on verbose mode. 
+#export DH_VERBOSE=1
+
+# This is the debhelper compatibility version to use.
+export DH_COMPAT=3
+
+
+
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+       CFLAGS += -g
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+       INSTALL_PROGRAM += -s
+endif
+
+configure: configure-stamp
+configure-stamp:
+       dh_testdir
+       # Add here commands to configure the package.
+
+       touch configure-stamp
+
+
+build-arch: configure-stamp  build-arch-stamp
+build-arch-stamp:
+       dh_testdir
+
+       # Add here command to compile/build the package.
+#      $(MAKE)
+
+       touch build-arch-stamp
+
+build-indep:  configure-stamp build-indep-stamp
+build-indep-stamp:
+       dh_testdir
+
+       # Add here command to compile/build the arch indep package.
+       # It's ok not to do anything here, if you don't need to build
+       #  anything for this package.
+       #/usr/bin/docbook-to-man debian/sshkey-sync.sgml > sshkey-sync.1
+
+       touch build-indep-stamp
+
+build: build-arch build-indep
+
+clean:
+       dh_testdir
+       dh_testroot
+       rm -f build-stamp configure-stamp
+
+       # Add here commands to clean up after the build process.
+#      -$(MAKE) clean
+
+       rm -rf $(CURDIR)/debian/rbm-ssh-keysync-{server,client}
+       rm -rf $(CURDIR)/debian/tmp
+
+       dh_clean
+
+install: DH_OPTIONS=
+install: build
+       dh_testdir
+       dh_testroot
+       dh_clean -k
+       dh_installdirs
+
+       # Add here commands to install the package into debian/sshkey-sync.
+#      $(MAKE) install DESTDIR=$(CURDIR)/debian/sshkey-sync
+
+       mkdir -p $(CURDIR)/debian/tmp
+
+       ## ssh-keysync-client ##
+       mkdir -p $(CURDIR)/debian/rbm-ssh-keysync-client/opt/sbin
+       mkdir -p $(CURDIR)/debian/rbm-ssh-keysync-client/etc/rbm
+       
+       install -m 750 -o root -g root files/ssh-keysync $(CURDIR)/debian/rbm-ssh-keysync-client/opt/sbin
+       install -m 640 -o root -g root files/ssh-keysync-client.conf $(CURDIR)/debian/rbm-ssh-keysync-client/etc/rbm
+
+
+       ## ssh-keysync-server ##
+       mkdir -p $(CURDIR)/debian/rbm-ssh-keysync-server/opt/sbin
+       mkdir -p $(CURDIR)/debian/rbm-ssh-keysync-server/etc/rbm
+       install -m 750 -o root -g root files/ssh-keysync-merge $(CURDIR)/debian/rbm-ssh-keysync-server/opt/sbin
+       install -m 640 -o root -g root files/ssh-keysync-server.conf $(CURDIR)/debian/rbm-ssh-keysync-server/etc/rbm
+
+       dh_movefiles
+
+
+# Build architecture-independent files here.
+# Pass -i to all debhelper commands in this target to reduce clutter.
+binary-indep: build install
+       dh_testdir -i
+       dh_testroot -i
+#      dh_installdebconf -i
+       dh_installdocs -i
+#      dh_installexamples -i
+#      dh_installmenu -i
+#      dh_installlogrotate -i
+#      dh_installemacsen -i
+#      dh_installpam -i
+#      dh_installmime -i
+#      dh_installinit -i
+       dh_installcron -i
+#      dh_installman -i
+#      dh_installinfo -i
+#      dh_undocumented -i
+       dh_installchangelogs  -i
+       dh_link -i
+       dh_compress -i
+       dh_fixperms -i
+       dh_installdeb -i
+#      dh_perl -i
+       dh_gencontrol -i
+       dh_md5sums -i
+       dh_builddeb -i
+
+# Build architecture-dependent files here.
+binary-arch: build install
+       dh_testdir -a
+       dh_testroot -a
+#      dh_installdebconf -a
+       dh_installdocs -a
+#      dh_installexamples -a
+#      dh_installmenu -a
+#      dh_installlogrotate -a
+#      dh_installemacsen -a
+#      dh_installpam -a
+#      dh_installmime -a
+#      dh_installinit -a
+       dh_installcron -a
+#      dh_installman -a
+#      dh_installinfo -a
+#      dh_undocumented -a
+       dh_installchangelogs  -a
+       dh_strip -a
+       dh_link -a
+       dh_compress -a
+       dh_fixperms -a
+#      dh_makeshlibs -a
+       dh_installdeb -a
+#      dh_perl -a
+       dh_shlibdeps -a
+       dh_gencontrol -a
+       dh_md5sums -a
+       dh_builddeb -a
+
+binary: binary-indep
+#binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
diff --git a/files/ssh-keysync b/files/ssh-keysync
new file mode 100755 (executable)
index 0000000..a275f8c
--- /dev/null
@@ -0,0 +1,153 @@
+#!/bin/sh
+#
+# Pull ssh host keys
+#
+# Maximilian Wilhelm <max@rfc2324.org>
+# -- Sat, 17 Apr 2004 13:36:30 +0200
+#
+
+# Show debug statements by default
+debug=1;
+
+# Some variable to be defined...
+TMP_DIR="/tmp"
+
+# 
+CONFIG_FILE="/etc/rbm/ssh-keysync-client.conf"
+
+
+# Check some things
+init()
+{
+       check_config
+       check_root
+       check_dir
+}
+
+
+# 
+# Nice little die function
+die()
+{
+       echo $@ >&2
+       exit 1
+}
+
+
+# Check if the config file exist and load options if possbile
+check_config()
+{
+       if [ -f ${CONFIG_FILE} -a -r ${CONFIG_FILE} ]; then
+               if ! source ${CONFIG_FILE}; then
+                       echo "Failed to load config file \"${CONFIG_FILE}\", exiting." >&2
+                       exit 1
+               fi
+       else
+               echo "Unable to load config file \"${CONFIG_FILE}\". File does not exist or is not accessable, exiting." >&2
+               exit 1;
+       fi
+
+       # Check 
+       [ -z "${SERVER_HOST}" ] && die "Error, SERVER_HOST undefined!"
+       [ -z "${SERVER_PATH}" ] && die "Error, SERVER_PATH undefined!"
+       
+       if [ -z "${LOCAL_FILE}" ]; then 
+               [ "${debug}" ] &&  "LOCAL_FILE undefined, defaulting to /etc/ssh/ssh_known_hosts!"
+               export LOCAL_FILE="/etc/ssh/ssh_known_hosts"
+       fi
+
+}
+
+# Check whether we are started by root
+check_root()
+{
+        if [ "`whoami`" != "root" ]; then
+                echo "Sorry, `basename ${0}` can only be run as root!"
+                exit 1
+        fi
+}
+
+
+# Check if our working directory does exist
+check_dir()
+{
+       if [ ! -d ${TMP_DIR} ]; then
+               echo "Tempdir \"${TMP_DIR}\" does not exist, exiting..." >&2
+               exit 1
+       fi
+}
+
+
+# Check if the Server is reachable
+check_server()
+{
+       ping -c 0.42 ${SERVER_HOST} 2>&1 >/dev/null
+       retval=$?;
+       [ "${retval}" != "0" ] && echo "Server ${SERVER_HOST} not reachable!";
+
+       return ${retval};
+}
+
+
+# Push local keys to the server.
+push()
+{
+       echo "Command not implemented for security reasons."
+       exit 0;
+}
+
+
+# Get global ssh_known_hosts from the server
+pull() {
+       [ "${debug}" ] && echo -n "Getting global key file from the server: "
+       
+       if [ check_server ]; then
+               FILE=`basename ${SERVER_PATH}`
+               TMPFILE=`tempfile -d "${TMP_DIR}" -s '.skeysync'`
+               
+               if wget -q -O ${TMPFILE} http://${SERVER_HOST}/${SERVER_PATH}; then
+                   mv ${TMPFILE} ${LOCAL_FILE}
+                   [ "${debug}" ] && echo "done."
+               else
+                   echo "Download failed!" >&2
+                   echo "Check the config file and/or check if the partition where ${TMP_DIR} lives is full." >&2
+                   exit 1
+               fi
+       fi
+}
+
+
+# Print out little help
+help() {
+       echo "Usage: $0 { -configcheck | -pull | -help } [ -quiet ]"
+       exit 0
+}
+
+
+#
+# Let the show begin
+#
+
+# What to do?
+    [ $# == 0 ] && help
+
+    while [ $# -gt 0 ]; do
+       case "$1" in
+           -push)              export TASK=push ;;
+           -pull)              export TASK=pull ;;
+           -quiet)             unset debug ;;
+           -configcheck)       export TASK=" ";;
+           *)                  help ;;
+       esac
+       shift
+    done
+
+# Let's do it
+if [ ! "${TASK}" ]; then
+       echo "Nothing to do..." >&2
+       exit 0
+fi
+
+init
+$TASK
+exit 0
diff --git a/files/ssh-keysync-client.conf b/files/ssh-keysync-client.conf
new file mode 100644 (file)
index 0000000..af2c8b7
--- /dev/null
@@ -0,0 +1,22 @@
+#
+# /etc/rbm/ssh-keysync-client.conf
+#
+# Maximilian Wilhelm <debian@rfc2324.org>
+#  -- Sat, 25 Dec 2004 00:06:58 +0100
+
+#
+# The hostname or IP of the server can be downloaded (via HTTP)
+#
+# SERVER_HOST="ssh-keysync-server.example.org"
+SERVER_HOST=""
+
+#
+# Specify the path to the file on the server
+#
+# SERVER_PATH="ssh/ssh_known_hosts"
+SERVER_PATH=""
+
+#
+# Where to put the downloaded file.
+# '/etc/ssh/ssh_known_hosts' is default for debian.
+LOCAL_FILE="/etc/ssh/ssh_known_hosts"
diff --git a/files/ssh-keysync-merge b/files/ssh-keysync-merge
new file mode 100755 (executable)
index 0000000..2cf9528
--- /dev/null
@@ -0,0 +1,205 @@
+#!/bin/bash
+#
+# ssh-keysync-merge
+#
+# Merge the client ssh host keys to one file
+#
+# Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>
+#  -- Sat, 17 Apr 2004 17:21:09 +0200
+#
+
+
+# Be verbose by default
+debug=1
+
+# Environment (to be checked!)
+CONFIG_FILE="/etc/rbm/ssh-keysync-server.conf"
+BASE_DIR="/var/cache/ssh-keysync"
+KEY_FILES_DIR="${BASE_DIR}/keys"
+KNOWN_HOSTS="${BASE_DIR}/ssh_known_hosts"
+KNOWN_HOSTS_OLD="${KNOWN_HOSTS}.old"
+
+VALID_USER="skeysync"
+
+# Check some things
+init()
+{
+       if [ -f ${CONFIG_FILE} -a -r ${CONFIG_FILE} ]; then
+                if ! source ${CONFIG_FILE}; then
+                        echo "Failed to load config file \"${CONFIG_FILE}\", exiting." >&2
+                        exit 1
+                fi
+        else
+                echo "Unable to load config file \"${CONFIG_FILE}\". File does not exist or is not accessable, exiting." >&2
+                exit 1;
+        fi
+
+
+       # Who has called us?
+       if [ `whoami` != "${VALID_USER}" ]; then
+               echo "Script `basename $0` can only be run as user \"${VALID_USER}\"." >&2
+               exit 1;
+       fi
+
+       # Is there room for us?
+       for dir in "${BASE_DIR}" "${KEY_FILES_DIR}"; do
+               if [ ! -d "${dir}" ]; then
+                       echo "The directory ${dir} does not exist, but is neccessary for this script to work!" >&2
+                       echo -n "Please create ${dir}" >&2
+                       [ "${dir}" == "${BASE_DIR}" ] && echo " and allow user '${VALID_USER}' to write there." >&2
+                       echo ""
+                       exit 1;
+               fi
+       done
+
+       # DOMAIN_LIST given?
+       if [ -z "${DOMAIN_LIST}" ]; then
+               echo "Error: DOMAIN_LIST not set in $0!" >&2
+               echo "Please edit ${CONFIG_FILE} an set DOMAIN_LIST to the correct value." >&2
+               exit 1
+       fi
+}
+
+
+# Merge all client host keys
+merge()
+{
+       if [ `ls "${KEY_FILES_DIR}"/*.key 2>/dev/null | wc -l` == 0 ]; then
+               echo "No client host keys available, aborting" >&2
+               exit 0;
+       else
+
+               [ "${debug}" ] && echo -n "Merging client hosts keys "
+
+
+               # create an empty file, if there is no known_hosts file
+               [ ! -f "${KNOWN_HOSTS}" ] && touch "${KNOWN_HOSTS}"
+               # Make backup of old ssh_known_hosts file
+               mv "${KNOWN_HOSTS}" "${KNOWN_HOSTS_OLD}"
+               [ "${debug}" ] && echo -n "."
+
+
+               # Go to the working directory
+               cd "${KEY_FILES_DIR}"
+               [ "${debug}" ] && echo -n ". "
+
+
+               echo "# ssh_known_hosts generated by ssh-keysync-merge at "$(date +%d.%m.%Y) > ${KNOWN_HOSTS}
+               echo "# " >> "${KNOWN_HOSTS}"
+
+               # Building new one
+               for file in *.key; do
+                       convert_file "${file}" >> "${KNOWN_HOSTS}"
+                       [ "${debug}" ] && echo -n "."
+               done
+
+               [ "${debug}" ] && echo " done."
+       fi
+}
+
+
+
+# convert host key into the right format
+#
+# convert_file <hostname>.<keytype>
+convert_file()
+{
+       if [ $# == 1 ]; then
+               # get all needed information
+               HOST=$(echo $1 | cut -d. -f1);
+               IP=`host ${HOST} | awk '{ print $NF }'`
+
+               expr="s/,/,${HOST}./g"
+#              HOSTNAMES="${HOST},${HOST}."`echo ${DOMAIN_LIST} | tr -d '[:space:]' | sed -e "${expr}"`",${IP}"
+               HOSTNAMES="${HOST},${HOST}.`echo ${DOMAIN_LIST} | sed -e ${expr}`,${IP}"
+
+               # make sure that ${HOSTNAMES} does not include any white spaces
+               # and appand one white space at the end of ${HOSTNAMES}, to
+               # seperate the following key
+               echo -n ${HOSTNAMES} | tr -d '[:space:]'
+               echo -n " "
+               cat "${1}"
+       else
+               echo "Usage: convert_file <hostname>.<type>" >&2
+       fi
+}
+
+# Compare present and last version of ssh_known_hosts
+diff_files()
+{
+       [ "${debug}" ] && echo -n "Comparing present and last version of knonw_hosts: "
+
+       # Create a tempfile
+       TEMPFILE=`tempfile -d /tmp -s skeysync`
+       touch "${TEMPFILE}"
+
+       # one first run, there will not be an old file
+       if [ ! -f "${KNOWN_HOSTS_OLD}" ]; then
+               touch "${KNOWN_HOSTS_OLD}"
+       fi
+
+       diff -u "${KNOWN_HOSTS_OLD}" "${KNOWN_HOSTS}" > "${TEMPFILE}"
+
+       if [ -s "${TEMPFILE}" ]; then
+       # There are differences...
+           if [ `grep -c '^-# ssh_known_hosts\|^+# ssh_known_hosts' "${TEMPFILE}"` == 2 ]; then
+               echo "Attention: Files are different!"
+               echo "==============================="
+               echo ""
+               cat "${TEMPFILE}"
+               rm "${TEMPFILE}"
+               return 1
+           fi
+       else
+       # Nothing changed
+               [ "${debug}" ] && echo "equal."
+               "rm ${TEMPFILE}"
+               return 0
+       fi
+
+}
+
+
+# Put ssh_known_hosts file in public web dir
+publish()
+{
+       [ "${debug}" ] && echo -n "Putting ssh_known_hosts into web directory: "
+       cp "${KNOWN_HOSTS}" "${BASE_DIR}/pub"
+       [ "${debug}" ] && echo " done."
+}
+
+
+# Print a little help message
+help()
+{
+       echo "Usage: $0 [ -quiet ] [ -help ]"
+       echo " -quiet   Only show warnings"
+       echo " -help    Print this help"
+       exit 0
+}
+
+# What to do
+while [ $# -gt 0 ]; do
+    case "$1" in
+        -quiet)        unset debug ;;
+        -help) help ;;
+       *)      help;;
+    esac
+    shift
+done
+
+#
+# Let the show begin
+#
+
+# everything ok?
+init
+
+# build the file
+merge
+
+# publish it 
+publish
+
+# if file has changed, send mail
+diff_files
diff --git a/files/ssh-keysync-server.conf b/files/ssh-keysync-server.conf
new file mode 100644 (file)
index 0000000..eee1228
--- /dev/null
@@ -0,0 +1,43 @@
+#
+# /etc/rbm/ssh-keysync-server.ini
+#
+
+##
+# General configuration options
+[general]
+base_dir="/var/cache/ssh-keysnc"
+key_files_dir="/var/cache/ssh-keysync/keys"
+user="skeysync"
+
+##
+# The domains managed by RBM::sshKeySync
+#
+# [dom.ain.name]
+# alt_domains="alt.rnateiv.dom.ain.name, another.dom.ain.name"
+# separate_outfile = yes (default)
+# common_outfile = no (default)
+#
+# Example:
+#
+#  To merge all hostkeys in the domain 'sourceforge.net' into
+#  a separate known_host file for this domain and into a global
+#  known_host file and adding $hostname.sf.net to each entry,
+#  you could specify the following:
+# 
+#  [sourceforge.net]
+#  alt_domains="sf.net"
+#  separate_outfile=no
+#  common_outfile=yes
+
+##
+# Domain math.uni-paderborn.de
+[math.uni-paderborn.de]
+alt_domains="math.upb.de"
+separate_outfile=yes
+common_outfile=yes
+
+# Domain ifim.uni-paderborn.de
+[ifim.math.uni-paderborn.de]
+alt_domains="ifim.upb.de"
+separate_outfile=yes
+common_outfile=yes