mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-22 15:27:56 +08:00
95 lines
2.8 KiB
Text
95 lines
2.8 KiB
Text
|
#! /usr/bin/env perl
|
||
|
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
||
|
use common::sense;
|
||
|
|
||
|
use File::Basename;
|
||
|
use lib dirname(__FILE__) . '/../../../lib/perl';
|
||
|
use OVH::Result;
|
||
|
use OVH::Bastion;
|
||
|
use OVH::Bastion::Plugin qw( :DEFAULT help );
|
||
|
|
||
|
my $remainingOptions = OVH::Bastion::Plugin::begin(
|
||
|
argv => \@ARGV,
|
||
|
header => "remove a known hostkey",
|
||
|
options => {},
|
||
|
helptext => <<'EOF',
|
||
|
Forget a known host key from your bastion account
|
||
|
|
||
|
Usage: --osh SCRIPT_NAME [--host HOST] [--port PORT]
|
||
|
|
||
|
--host HOST Host to remove from the known_hosts file
|
||
|
--port PORT Port to look for in the known_hosts file (default: 22)
|
||
|
|
||
|
This command is useful to remove the man-in-the-middle warning when a key has changed,
|
||
|
however please verify that the host key change is legit before using this command.
|
||
|
The warning SSH gives is there for a reason.
|
||
|
EOF
|
||
|
);
|
||
|
|
||
|
#
|
||
|
# code
|
||
|
#
|
||
|
my $fnret;
|
||
|
|
||
|
if (not $host and not $ip) {
|
||
|
help();
|
||
|
osh_exit 'ERR_MISSING_PARAMETER', "Missing argument 'host'";
|
||
|
}
|
||
|
|
||
|
my @toCheck;
|
||
|
if ($port && $port ne '22') {
|
||
|
if ($host) {
|
||
|
push @toCheck, "[$host]:$port";
|
||
|
}
|
||
|
if ($ip and $host ne $ip) {
|
||
|
push @toCheck, "[$ip]:$port";
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
if ($host) {
|
||
|
push @toCheck, $host;
|
||
|
}
|
||
|
if ($ip and $host ne $ip) {
|
||
|
push @toCheck, $ip;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
my $result_hash = {};
|
||
|
foreach my $item (@toCheck) {
|
||
|
next unless $item;
|
||
|
osh_info "Looking for keys in your known_hosts for $item";
|
||
|
|
||
|
# if the user's known_hosts doesn't exist, it makes ssh-keygen -F very angry
|
||
|
if (!-e "$HOME/.ssh/known_hosts") {
|
||
|
osh_ok(R('OK_NO_CHANGE', msg => "Your account didn't have any known_hosts file, nothing to do"));
|
||
|
}
|
||
|
|
||
|
my @command = qw{ ssh-keygen -F };
|
||
|
push @command, $item;
|
||
|
$fnret = OVH::Bastion::execute(cmd => \@command, noisy_stderr => 1, noisy_stdout => 1);
|
||
|
if ($fnret->err eq 'OK' || $fnret->value->{'sysret'} == 1) {
|
||
|
if (not @{$fnret->value->{'stdout'} || []}) {
|
||
|
$result_hash->{$item} = {action => 'OK_NO_MATCH'};
|
||
|
osh_info "... none found (maybe you forgot to specify --port ?)";
|
||
|
next;
|
||
|
}
|
||
|
osh_info "At least one key was found, deleting it...";
|
||
|
@command = qw{ ssh-keygen -R };
|
||
|
push @command, $item;
|
||
|
$fnret = OVH::Bastion::execute(cmd => \@command, noisy_stderr => 1, noisy_stdout => 1);
|
||
|
if ($fnret->err eq 'OK') {
|
||
|
$result_hash->{$item} = {action => 'OK_DELETED'};
|
||
|
osh_info "Key for '$item' deleted successfully";
|
||
|
}
|
||
|
else {
|
||
|
$result_hash->{$item} = {action => 'ERR_DELETE_FAILED'};
|
||
|
osh_crit "An error occurred while trying to delete the key (" . $fnret->msg . ")";
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
osh_exit 'ERR_SSH_KEYGEN_FIND', "An error occurred while trying to look for the key (" . $fnret->msg . ")";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
osh_ok $result_hash;
|