/usr/bin/lsh-upgrade is in lsh-utils 2.1-8.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | #! /bin/sh
# A script for upgrading files under .lsh for lsh-2.0
# FIXME: Fix private keys as well, at least unencrypted keys like the
# server host key.
werror () {
echo "$1" >&2
}
die () {
werror "$1"
exit 1
}
if [ $# -ne 0 ] ; then
werror "Updates older lsh files to work with lsh-2.0"
werror ""
werror "Usage: lsh-upgrade"
exit 1
fi
: ${SEXP_CONV:=sexp-conv}
cd "$HOME/.lsh" || die "No .lsh directory, so nothing to do."
if [ -s host-acls ] ; then
werror "~/.lsh/host-acls already exists, so I won't touch that."
else
if [ -s known_hosts ] ; then
werror "Converting known_hosts to host-acls"
# These are the changes we must make:
#
# * The subject of an acl must be enclosed in a subject-expression
#
# * Numbers are signed, so the most significant bit of all our
# numbers must be 0. So we add a leading zero octet to numbers
# that need it.
"$SEXP_CONV" -s hex <known_hosts \
| sed -e 's,(entry ,(entry (subject ,' \
-e 's,(tag ,)(tag ,' \
-e 's,(\(.\) #\([89a-fA-F]\),(\1 #00\2,' \
| "$SEXP_CONV" >host-acls
fi
fi
if [ -d authorized_keys_sha1 ]; then
# Upgrade authorized keys
werror "Upgrading any authorized keys"
for p in authorized_keys_sha1/*; do
# Upgrade the current key and store it temporary
"$SEXP_CONV" -s hex < "$p" | \
sed -e 's,(\(.\) #\([89a-fA-F]\),(\1 #00\2,' > tmp_upgraded_auth_key && \
lsh-authorize tmp_upgraded_auth_key
done
rm tmp_upgraded_auth_key
fi
|