Report all SSH fingerprints of the created DomU, not only RSA one

2026-01-14 07:29:42 +00:00 · 2015-07-04 01:02:34 +02:00 · 2015-07-04 01:02:34 +02:00 · 6b82585cc1
commit 6b82585cc1
parent ff87729cfe
2 changed files with 27 additions and 9 deletions
--- a/bin/xen-create-image
+++ b/bin/xen-create-image
@ -797,6 +797,7 @@ use Env;
 use File::Path qw/ mkpath /;
 use File::Temp qw/ tempdir /;
 use File::Copy qw/ mv cp /;
+use File::Slurp;
 use File::Which;
 use Getopt::Long;
 use Pod::Usage;
@ -4119,21 +4120,35 @@ END

    exit $exitcode if $VERSION || $HELP || $MANUAL || $DUMPCONFIG;

-    my $host_rsa_key = '';
+    my %host_key = ();
    #
    #  Unmount the image if it is still mounted.
    #
    if ( defined($MOUNT_POINT) )
    {
        #
-        #  Before we unmount get the host's RSA key
+        #  Before we unmount get the host's SSH keys' fingerprints
        #
-        my $key_path .= $MOUNT_POINT;
-        $key_path .= '/etc/ssh/ssh_host_rsa_key.pub';
-        if ( `ssh-keygen -lf $key_path` =~ /^(\S+)\s+(\S+)/ ) {
-            $host_rsa_key = $2;
-        } else {
-            $host_rsa_key = "N/A";
+        my $key_dir = $MOUNT_POINT.'/etc/ssh';
+        my @pubkey_files =
+            grep { /^ssh_host_.*\.pub$/; } read_dir($key_dir);
+        foreach my $pubkey_file (@pubkey_files) {
+            my $pubkey_path = "$key_dir/$pubkey_file";
+            my $fingerprint_line = `ssh-keygen -lf "$pubkey_path"`;
+            if ($fingerprint_line =~ /^(\S+)\s+(\S+)/ ) {
+                my $fingerprint = $2;
+                my $algo = '[unspecified hashing algorithm]';
+                if ($fingerprint_line =~ /^\S+\s+\S+\s+\S+\s+\((\S+)\)/ ) {
+                    $algo = $1;
+                } elsif ($pubkey_file =~ /^ssh_host_(\S+)_key\.pub$/) {
+                    $algo = uc($1);
+                } elsif ($pubkey_file eq 'ssh_host_key.pub') {
+                    $algo = 'SSH1';
+                }
+                $host_key{$algo} = $fingerprint;
+            } else {
+                warn "Can't parse ssh-keygen output: $fingerprint_line";
+            }
        }
        unMountImage($MOUNT_POINT, $CONFIG{'FAIL'});
    }
@ -4249,7 +4264,9 @@ END
           logprint( $IP_ADDRESSES );
        }
        logprint("\n");
-        logprint("RSA Fingerprint :  $host_rsa_key\n");
+        foreach my $algo (sort keys %host_key) {
+            logprint("SSH Fingerprint :  $host_key{$algo} ($algo)\n");
+        }
        logprint("Root Password   :  ");
        if ( $PASSWORD ) {
            logprint("$PASSWORD\n");
--- a/debian/changelog
+++ b/debian/changelog
@ -32,6 +32,7 @@ xen-tools (4.5+dev-1) UNRELEASED; urgency=medium
    + Pass --yes to lvcreate only if LVM version is 2.02.99 or
      higher. Fixes regression introduced with 4.5 by the fix for #754517.
      - Add new (build-)dependency on libsort-versions-perl.
+    + Report all SSH fingerprints of the created DomU, not only RSA ones.
  * Update Vcs-* headers as Gitorious will close its doors in June.
  * Recommend debian-archive-keyring (for installing Debian DomUs on
    derivatives) and ubuntu-archive-keyring (for installing Ubuntu DomUs