-
Notifications
You must be signed in to change notification settings - Fork 8
/
aws-host-fingerprints
executable file
·61 lines (49 loc) · 1.55 KB
/
aws-host-fingerprints
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#! /bin/sh
# aws-host-fingerprints (Bourne shell script) -- extract SSH host key fingerprints from boot log
#
# Keywords: ssh AWS EC2 security
# *** DEFINITIONS ***
self=aws-host-fingerprints
# E.g. "<14>Jul 6 07:30:24 " -- 2 match groups
OPTIONAL_PREFIX='\(<[0-9]\+>\)\?\([[:alnum:]]\{3\} [ 0-9]\{2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\} \)\?'
# *** FUNCTIONS ***
cleanup()
{
rm -f /tmp/aws-host-fingerprints_$$
}
# *** MAINLINE ***
while [ "$(echo "x$1" | cut -c2)" = - ] ; do
args="$args $1"
shift
done
if [ -z "$1" ] ; then
echo "Usage: $self <instance-id>" >&2
exit 1
fi
trap 'cleanup' EXIT
cont=y
while [ $cont = y ]
do
# Redirect STDERR because
aws ec2 --output=text get-console-output $args --instance-id=$1 |
sed -n "/^${OPTIONAL_PREFIX}ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----/,/^${OPTIONAL_PREFIX}ec2: -----END SSH HOST KEY FINGERPRINTS-----/ s/^${OPTIONAL_PREFIX}//p" |
tee /tmp/aws-host-fingerprints_$$ 2> /tmp/aws-host-fingerprints_errors_$$
# Check if valid output was produced
if [ -s /tmp/aws-host-fingerprints_errors_$$ ] &&
grep -q -v -e "'Output'" -e '^$' /tmp/aws-host-fingerprints_errors_$$
then
# if not, loop again
echo waiting...
sleep 3
cont=y
else
# print the errors as they would have been if not captured
cat /tmp/aws-host-fingerprints_errors_$$ >&2
cont=n
fi
done
# If there is nothing in the file, throw an error
if [ ! -s /tmp/aws-host-fingerprints_$$ ] ; then
echo "${self}: Warning: console output for instance $1 does not contain host fingerprints" >&2
exit 2
fi