[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Generating ~/.ssh/known_hosts from LDAP

I couldn't find any way to authenticate db.debian.org when using direct LDAP
(TLS doesn't seem to be supported), but nonetheless this is damn convenient.

(requires python-ldap)

 - mdz

# debian-known-hosts
#   Dump ssh host keys from db.debian.org in a format suitable for an
#   ssh known_hosts file
# BUGS: has no way to authenticate db.debian.org
# Matt Zimmerman <mdz@debian.org>, 12/13/2003

import ldap

conn = ldap.ldapobject.SmartLDAPObject('ldap://db.debian.org')
msgid = conn.search('dc=debian,dc=org', ldap.SCOPE_SUBTREE,
                    attrlist=('hostname', 'sshRSAHostKey'))
restype, resdata = conn.result(msgid)

for dn, attrs in resdata:
    if 'sshRSAHostKey' not in attrs:
    hostnames = ','.join(attrs['hostname'])
    for hostkey in attrs['sshRSAHostKey']:
        print hostnames, hostkey

Attachment: signature.asc
Description: Digital signature

Reply to: