- ssh-keygen will fail hard if it doesn't find what it needs, even when
quiet - Don't find "$PATH_PUBKEYS_DIR/" if it doesn't exist - Retrieve CA comment only inside find, when it's really needed - Quiet down ssh-keygen in get_ca_sk_comment_from_pk if ca.pub is not present
This commit is contained in:
parent
06b4ec5354
commit
e0bc09679e
20
cassh.sh
20
cassh.sh
@ -33,7 +33,7 @@ err()
|
||||
# present.
|
||||
get_ca_sk_comment_from_pk()
|
||||
{
|
||||
ssh-keygen -lf "$1" | {
|
||||
ssh-keygen -lf "$1" 2>/dev/null | {
|
||||
read -r pk_sz pk_fp pk_extra
|
||||
_comment=$(ssh-add -l | while read -r sk_sz sk_fp sk_extra; do
|
||||
if [ "X$sk_fp" = "X$pk_fp" ]; then
|
||||
@ -117,24 +117,18 @@ main_issue()
|
||||
usage
|
||||
fi
|
||||
|
||||
if [ ! -f "$PATH_CA_PUB" ]; then
|
||||
err "no $PATH_CA_PUB found"
|
||||
fi
|
||||
if ! ssh-add $qflag $vflag -T "$PATH_CA_PUB"; then
|
||||
err "can't use CA key"
|
||||
fi
|
||||
if [ ! -d "$PATH_PUBKEYS_DIR/" ]; then
|
||||
err "no pubkeys directory found"
|
||||
fi
|
||||
|
||||
if [ ! -f "$PATH_CA_SERIAL" ]; then
|
||||
echo 0 >"$PATH_CA_SERIAL"
|
||||
fi
|
||||
read -r serial <"$PATH_CA_SERIAL"
|
||||
|
||||
ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
|
||||
: ${ca_comment:=cassh}
|
||||
if [ ! -d "$PATH_PUBKEYS_DIR" ]; then
|
||||
exit 0
|
||||
fi
|
||||
find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
|
||||
ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
|
||||
: ${ca_comment:=cassh}
|
||||
|
||||
while read -r pk; do
|
||||
pkname=${pk%.pub}
|
||||
pkname=${pkname#$PATH_PUBKEYS_DIR/}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user