From d668d739e6d89da1c567f6e164edf43f59ea1d28 Mon Sep 17 00:00:00 2001 From: Patrick Neumann Date: Thu, 9 Jan 2020 15:36:42 +0000 Subject: [PATCH] initial commit --- ssh/chkh | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 ssh/chkh diff --git a/ssh/chkh b/ssh/chkh new file mode 100644 index 0000000..7bbba8b --- /dev/null +++ b/ssh/chkh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash + +# Usage: ./chkh [hostname | -h | --help | -?] [known_hosts] +# or +# bash [hostname | -h | --help | -?] [known_hosts] +# Examples: ~$ ./chkh (localhost in own known_hosts) +# ~$ bash chkh (localhost in own known_hosts) +# ~# ./chkh www.ncfi.no (www.ncfi.no in own [roots] known_hosts) +# ~# bash chkh www.ncfi.no (www.ncfi.no in own [roots] known_hosts) +# ~$ sudo ./chkh www.ncfi.no /home/user/.ssh/known_hosts +# ~$ sudo bash chkh www.ncfi.no /home/user/.ssh/known_hosts +# Description: Search for hashed known_hosts like "ssh-keygen -F hostname" +# Author: Patrick Neumann (patrick@neumannsland.de) +# Version: 1.0 +# Date: 09.01.2020 +# License: GPL3 +# Warranty: This program is distributed WITHOUT ANY WARRANTY + +# config: +readonly DEFAULT_H="localhost" +readonly DEFAULT_K="${HOME}/.ssh/known_hosts" + +# display help: +if [ "${1}" = "-h" -o "${1}" = "--help" -o "${1}" = "-?" ] ; then + echo "Usage: ${0} [hostname | -h | --help | -?] [known_hosts]" + echo " Default hostname: ${DEFAULT_H}" + echo " Default known_host: ${DEFAULT_K}" + exit 0 +fi + +# set and check hostname: +if [ -n "${1}" ] ; then + readonly HOSTNAME="${1}" +else + readonly HOSTNAME="${DEFAULT_H}" +fi +if ! echo "${HOSTNAME}" | grep -E "^[[:alnum:]]+.*" 2>&1 > /dev/null ; then + echo "Please specify a valid hostname!" + exit 1 +fi + +# set and check known_hosts: +if [ -n "${2}" ] ; then + readonly KNOWN_HOSTS="${2}" +else + readonly KNOWN_HOSTS="${DEFAULT_K}" +fi +[ -f "${KNOWN_HOSTS}" ] || { echo "file not found!" ;exit 2; } + +# walk through known_hosts... +while IFS= read -r line +do + # the "second" field (the file is starting with the separator!) + # is the salt in base64: + SALT="$( echo "${line}" \ + | cut -d "|" -f 3 \ + | base64 --decode \ + | xxd -p )" + # the "third" field is the "hmaced" hash: + SHA1="$( echo -n "${HOSTNAME}" \ + | openssl dgst -sha1 -mac HMAC -macopt hexkey:"${SALT}" \ + | cut -d " " -f 2 \ + | xxd -r -p \ + | base64 )" + # grep to get the hole line: + grep -F "${SHA1}" "${KNOWN_HOSTS}" +done < "${KNOWN_HOSTS}" + +exit 0 \ No newline at end of file