update-known_hosts.sh 1.03 KB
Newer Older
1
#!/bin/bash
2 3 4 5 6 7 8 9 10 11 12 13

host="${1}"

if [ -z "${host}" ]; then
    echo "No argument given. Exiting."
    exit
elif [ ! -s "${host}/host" ]; then
    echo "Host '${host}' cannot be found at ${host}/host. Exiting."
    exit
fi

full_host=$(<"${host}/host")
14
current_fingerprint=$(<"${host}/fingerprint")
15 16
echo "Getting LIVE fingerprint for '${host}' ($full_host)..."
fingerprint=$(ssh-keyscan -4 -T 5 -t rsa -f "${host}/host" 2>&1)
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

if diff -q <(echo "$fingerprint") <(echo "$current_fingerprint"); then
    echo "The live fingerprint for '${host}' is the SAME as ${host}/fingerprint."
else
    echo "The live fingerprint has CHANGED:"
    echo "$fingerprint"
    read -p "Accept updated fingerprint? (y/n) " -n 1 -r
    echo
    if [[ "$REPLY" =~ ^[Yy]$ ]]; then
        echo "Updating saved fingerprint..."
        mv "${host}/fingerprint" "${host}/fingerprint.bak"
        sleep 0.5
        echo "$fingerprint" > "${host}/fingerprint"
        echo "Done. Saved old fingerprint as ${host}/fingerprint.bak."
    else
        echo "Exiting with no changes."
    fi
fi