This file is indexed.

/usr/sbin/ltsp-update-sshkeys is in ltsp-server 5.4.2-6+deb7u1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/sh
#
#  Copyright (c) 2005 Canonical LTD
#
#  Author: Matt Zimmerman <mdz@canonical.com>
#
#  2006, Oliver Grawert <ogra@canonical.com>
#        Vagrant Cascadian <vagrant@freegeek.org>
#  2007, Scott Balneaves <sbalneav@ltsp.org>
#        Oliver Grawert <ogra@canonical.com>
#  2008, Vagrant Cascadian <vagrant@freegeek.org>
#        Oliver Grawert <ogra@canonical.com>
#        Warren Togami <wtogami@redhat.com>
#        Eric Harrison <eharrison@k12linux.mesd.k12.or.us>
#        Scott Balneaves <sbalneav@ltsp.org>
#  2010, Gideon Romm <gadi@ltsp.org>
#  2012, Alkis Georgopoulos <alkisg@gmail.com>
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License as
#  published by the Free Software Foundation; either version 2 of the
#  License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, you can find it on the World Wide
#  Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
#  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
#  MA 02110-1301, USA.
#

# /etc/ltsp/ltsp-update-sshkeys.conf is automatically sourced if it exists
. /usr/share/ltsp/ltsp-server-functions

usage() {
    cat <<EOF
$0 [OPTION] [host...]

If any hosts are specified, their SSH keys are exported in a file,
by default /etc/ltsp/ssh_known_hosts.auto.
Otherwise, all LTSP chroots are updated to trust the SSH keys of this server
along with any additional keys in /etc/ltsp/ssh_known_hosts.* files.

Options:
  -b, --base     Base of ltsp chroot. Default is /opt/ltsp if unspecified.
  -e, --export   File name to export the hosts SSH keys to (- for stdout).
                 Default is /etc/ltsp/ssh_known_hosts.auto if unspecified.
  -h, --help     This message.
  -p, --port     SSH port for remote servers.
  -u, --update   Update the chroot SSH keys even if hosts are specified.
EOF
}

# One may run the following command to replace the hostnames/IPs with *:
#   sed 's/^[^# ][^ ]* /* /' -i /opt/ltsp/i386/etc/ssh/ssh_known_hosts
# This way the clients will trust those hosts even if their IP changes.
# In general that should be avoided though, it's safer to connect by hostname.
# The boot server is always known as "server", and others can be declared in
# DNS, in CHROOT/etc/hosts.ltsp, or with HOSTS_xx lts.conf directives.
# LDM_SERVER entries should match whatever was specified in the SSH keys.

# Parse command line arguments
ARGS=$(getopt -o b:e:hp:u --long base:,export:,help,port:,update -n $0 -- "$@")
[ $? != 0 ] && exit 1
eval set -- "$ARGS"
while true ; do
    case "$1" in
        -b|--base)   BASE=$2 ; shift 2 ;;
        -e|--export) EXPORT=$2 ; shift 2 ;;
        -h|--help)   usage ; exit 0 ;; 
        -p|--port)   PORT="$2" ; shift 2 ;;
        -u|--update) UPDATE=1 ; shift 1 ;;
        --) shift ; break ;;
        *) echo "Internal error!" ; exit 1 ;;
    esac
done

# If any hosts were specified, export their ssh keys to a file
if [ $# -gt 0 ]; then
    if [ "$EXPORT" = "-" ]; then
        EXPORT="/dev/stdout"
    else
        EXPORT="${EXPORT:-/etc/ltsp/ssh_known_hosts.auto}"
    fi
    # We want the stderr of ssh-keyscan, but not its annoying "server info"
    ssh-keyscan -t dsa,rsa,ecdsa ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |
        grep -v ^# >&2
else
    UPDATE=1
fi

# UPDATE is either set with -u or automatically when no hostnames are passed
if [ -n "$UPDATE" ]; then
    if [ -z "$CHROOTS" ]; then
        BASE=${BASE:-"/opt/ltsp"}
        CHROOTS=$(find "$BASE/" -mindepth 1 -maxdepth 1 -type d ! -name images)
    fi
    for chroot in $CHROOTS; do
        test -x "$chroot/bin/true" || continue
        mkdir -p "$chroot/etc/ssh"
        # Do the work once; next times, use cp
        if [ -z "$firstfile" ]; then
            firstfile="$chroot/etc/ssh/ssh_known_hosts"
            echo '# ssh keys for LTSP' > "$firstfile"
            for key in $(find /etc/ssh/ -type f -name 'ssh_host_*_key.pub'); do
                sed 's/^/server /' "$key" >> "$firstfile"
            done
            for file in $(find /etc/ltsp/ -type f -name 'ssh_known_hosts.*') ; do
                cat "$file" >> "$firstfile"
            done
        else
            cp "$firstfile" "$chroot/etc/ssh/ssh_known_hosts"
        fi
    done
    if [ -z "$firstfile" ]; then
        die "No LTSP chroots found, please run ltsp-build-client"
    fi
fi