Connection problems
Erich Eckner
mandos at eckner.net
Fri May 3 10:16:24 CEST 2024
Hi,
I finally got around setting up my first mandos server-client pair. So
far, I have a server running on raspian and a client running on arch linux
in the same network. For debug-purposes, I'm starting the server regularly
via systemd and running /usr/lib/mandos/plugin-runner manually on the
client.
Interestingly, this only works "somewhat":
* The server reports the client as up and running (so the checker works).
* The plugin-runner command hangs, and never returns (so it does not
successfully connect to the server), but:
* If I restart the server (`systemctl restart mandos`), the
(still-running) plugin-runner gets its passphrase and succeeds (and also
the server correctly logs, that it handed out the secret).
Question: What am I doing wrong / where should I start debugging? Or is
this intended behaviour, and the server will not hand out secrets to a
still-running client?
I tried a bit further and intentionally broke the checker via `mandos-ctl
-c /usr/bin/false $client`, but the plugin-runner still does not return
the password. Restarting the plugin-runner didn't help afterwards, either.
More setup details: The config section in /etc/mandos/clients.conf on the
server was copied from the output of `mandos-keygen -p` on the client,
only the host name was adapted to match my dns settings. For your
convenience, I attached all the config files (mandos.conf and clients.conf
from the server and plugin-runner.conf from the client), but they're
really just the defaults plus the mentioned addition of the
command-output. (I know, that the clients.conf should be kept confidential
- I will rotate the secret, once I got it to work properly) To make
plugin-runner find all its files on the client, I had to manually copy
them into /conf/conf.d/mandos - I assume, mkinitcpio usually does this,
but I'm currently trying this outside the initramdisk in the fully-booted
client.
regards,
Erich
-------------- next part --------------
# This file must have exactly one section named "DEFAULT".
[DEFAULT]
# These are the default values for the server, uncomment and change
# them if needed.
# If "interface" is set, the server will only listen to a specific
# network interface.
;interface =
# If "address" is set, the server will only listen to a specific
# address. This must currently be an IPv6 address; an IPv4 address
# can be specified using the "::FFFF:192.0.2.3" syntax. Also, if this
# is a link-local address, an interface should be set above.
;address =
# If "port" is set, the server to bind to that port. By default, the
# server will listen to an arbitrary port.
;port =
# If "debug" is true, the server will run in the foreground and print
# a lot of debugging information.
;debug = False
# GnuTLS priority for the TLS handshake. See gnutls_priority_init(3).
;priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
# Zeroconf service name. You need to change this if you for some
# reason want to run more than one server on the same *host*.
# If there are name collisions on the same *network*, the server will
# rename itself to "Mandos #2", etc.
;servicename = Mandos
# Whether to provide a D-Bus system bus interface or not
;use_dbus = True
# Whether to use IPv6. (Changing this is NOT recommended.)
;use_ipv6 = True
# Whether to restore saved state on startup
;restore = True
# The directory where state is saved
;statedir = /var/lib/mandos
# Whether to run in the foreground
;foreground = False
# File descriptor number to use for network socket
;socket =
# Whether to use ZeroConf; if false, requires port or socket
;zeroconf = True
-------------- next part --------------
## This is the configuration file for plugin-runner(8mandos). This
## file should be installed as "/etc/mandos/plugin-runner.conf", and
## will be copied to "/conf/conf.d/mandos/plugin-runner.conf" in the
## initrd.img file.
##
## After editing this file, the initrd image file must be updated for
## the changes to take effect!
## Example:
--options-for=mandos-client:--debug
-------------- next part --------------
# Default settings for all clients. These values are the default
# values, so uncomment and change them if you want different ones.
[DEFAULT]
# How long until a client is disabled and not be allowed to get the
# data this server holds.
;timeout = PT5M
# How often to run the checker to confirm that a client is still up.
# Note: a new checker will not be started if an old one is still
# running. The server will wait for a checker to complete until the
# above "timeout" occurs, at which time the client will be disabled,
# and any running checker killed.
;interval = PT2M
# Extended timeout is an added timeout that is given once after a
# password has been sent sucessfully to a client. This allows for
# additional delays caused by file system checks and quota checks.
;extended_timeout = PT15M
# What command to run as "the checker".
;checker = fping -q -- %%(host)s
# Whether to approve a client by default after the approval delay.
;approved_by_default = True
# How long to wait for approval.
;approval_delay = PT0S
# How long one approval will last.
;approval_duration = PT1S
# Whether this client is enabled by default
;enabled = True
;####
;# Example client
;[foo]
;
;# TLS public key ID
;key_id = f33fcbed11ed5e03073f6a55b86ffe92af0e24c045fb6e3b40547b3dc0c030ed
;
;# OpenPGP key fingerprint
;fingerprint = 7788 2722 5BA7 DE53 9C5A 7CFA 59CF F7CD BD9A 5920
;
;# This is base64-encoded binary data. It will be decoded and sent to
;# the client matching the above fingerprint. This should, of course,
;# be OpenPGP encrypted data, decryptable only by the client.
;secret =
; hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234
; REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N
; Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz
; 3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI
; Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW
; QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo
; t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ
; 3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz
; dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq
; WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs
; zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/
; vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW
; 5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm
; 4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
; QlnHIvPzEArRQLo=
;
;# Host name; used only by the checker, not used by the server itself.
;host = foo.example.org
;####
;####
;# Another example client, named "bar".
;[bar]
;# The key ID is not space or case sensitive
;key_id = F33FCBED11ED5E03073F6A55B86FFE92 AF0E24C045FB6E3B40547B3DC0C030ED
;
;# The fingerprint is not space or case sensitive
;fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27
;
;# If "secret" is not specified, a file can be read for the data.
;secfile = /etc/keys/mandos/bar-secret.bin
;
;# An IP address for host is also fine, if the checker accepts it.
;host = 192.0.2.3
;
;# Parameters from the [DEFAULT] section can be overridden per client.
;interval = PT1M
;
;# This client requires manual approval before it receives its secret.
;approved_by_default = False
;# Require approval within 30 seconds.
;approval_delay = PT30S
;####
[pizza]
host = pizza.ddns.eckner.net
key_id = 4bdb5c383f5b635f873a6be14f2e5719120d25fd4396db26f32960c0dc4c7826
fingerprint = 008421E79FED8D8BF0BF5667615D2DA6A35672FB
secret =
hQIMA+Vbp9zmrnXxAQ//dkGueD9ShrELRYaroI+Fnnbf/yak0jng8+lxsUrjpbCh
ljNySUS/K9bLex4JLUjzjxkJxUz1698jN9IatrXFE/a78kDwq05ISHOUlwU7LnAi
D1UXDJB/WdPYWZVI9aVx27g80m9NSmTVI9cCV/Z5XDQMXFp7f1H2OnbE8kZ9vc2T
MFIjjuMQe1opOHBnGUQ8dwlVlOM3zsASYrI9dkBX9Tcv8adPkmE/bYnx0LNvblbp
0CQxAc0cASFinzO8fLNr0BZ5H4NYBKLJJ5u/Dbwx409BpTRphXPbOFRlNX5hYCPu
zhzYBdmPo3VSA7Fa9d75WK/pPwAH/S5OIwHBmnG/TxsDnmgKboadyGKvaDCPFXr0
ym9Od/fR1TH5qfZE9k7iDMKr0FL5Sq1Vg2Xy892GfGHVF2XvGYAEJXF0NmHS3GQk
aGSoDg91xSblgmuWeRwJIuUna86zzf571oaPmMaAAuxNGy53enZ8TgOH2x5T/0aP
vinCEvwxrwW6vQvj0p3CMEgdsret0BU59Zm0y59u3PxEovNLdl+FhDWnpDJKD3fV
cT+76v6R/oKsrG8Vg15P7FjgLNcwFGg2CFdqHcS5Y6woYz6XWiEL2vG3GS7a3zyH
o/r/REYnqPOlFTDLF3osNNnN7y2QtT5cSqPvqFHkU8wWRhco0Bu6ij87jt8YUkPU
6gEJAhB/d2J0gWKkGSuQAHquF5PXGne/AfibVlVUZMya2Ooz+iw8UJLNiUGMRAuW
bte91ZNZnFjiahnUJaDL5yIV2jsFuEz8msLaqKaWAEGMVp1szDfVpKrtiHOL77Ei
MlDjhXQBTnChw3dUfYgDIPUPrBFJ3GJZV0YfEVD2fHWip2YdU805+NvA8T8Tc/pR
noxxRE8lm7yDREfbaiZ0B4drgBVAkbn2dqnXbKfuy8LPocKnOTQwKPS2LM3T3NH1
U+7XGxPAOy313vtIO77C3pR3DyCZUH58OVKzT1Ty3WHxMC7Xz1vx4IoWA7QeIkfO
BGyomtE6aUCgC+hLBeH507G+2EqgplrE7z6wbvs+qEAB6fW8sQOhJVN8SN+afVxO
u8nfg7x/9/YpLHNzYc6xx4jPmA8khnEXEtdKFxfrFBsUfsGlW3Jp7gHUBECjm+eX
UPIyZa2bABr4VMwAvuQFu9pRkBbI/5N+l1xx1c9+V/Poeuzk2KoABL9KfZm27sen
WDU/28mKIRiO+hnJHiAyAbw+uCR2CKVMIpWttG/Waz7bWH1ulniPjPOEtmqK6PYq
KaT2+80vro7gTyuRjszzO5XFoAEdZ4DGboUtanetiyo4seO9yxC5oeMDGj0Cp9ae
2Dkw2wbL9d2JXaeu9HngUr3Xy2st1YtCs7giNHMLEETrVRMh+Qlf0qsbmJj6OYRK
gj9173MQexFWDMF8SrYsM41KabbEzC07fX+kMoyfHwNwQZyj0/M+zsz3LH/1HlV8
oQFO43wZhCWwKd5ea9CJtbJhYqLCbaxDsMXlACvpIPaR9Pyri8xsQTl4yqAdQf3m
mH+2iW8XChfRTBuUM7KqdyqDaTPLH75mkUmsO1XDtGIcSAY1F69B/mWjiPQZ23Kl
P0aim6mKTyC7WyYoeK0Xo1PLAc/lkFOeITupvAupjYsEUDpptHDKFvx3Y+v0ihSQ
vGF8AHCNyiBvgpjWKkTi5RlyoD+nooGOsurPrt/yLG6IaHkVzm/tKF7C+HVszzfg
xbPxy3zMBxpMIPD+7+nK88wzcSHmwl6NgaV4HiNLd2IB/olzIWw4jCs4fGcSDGjV
0OPjTWM8XOTV7akXfv91Xp260Gr2H4u6eAXJ3mdPndbwoNjSt6be958jW09AJ40w
x81XVO8yujUtn9dxsp5BiJ+cB6yNdOj2jbzHhazxdZDw6cxTuOR34Gh4rTlNvwsj
tXoYyA0ty79SEHX70OmIHe+x6FUIwLhRrEabDrMs4pV3YAFs4qCyjkkK9iqdBAib
09nY5c0B4gELVWHKRVsRQZ7uMCD1y11FEuhkCrb7GErd34ZsWfkeCZCAabU5sJAK
BmnLkwgWYjYLNcRKn6iqpLXqCxSLJv+toYvQ/L/CKwwtiJFjl2607aKaHajVETd8
kWJBS+yXM3dDBPjLHzjUWjnU6xQkXVRfhY1WqxA6211LLzPiBXZ0fz0mRsTost+j
zPegJKEkR7wjTGj/MnuaPBJl7sMUBRh0veLFF/M2LHVJ3kRGKXoSR73XK+3hWq64
unGbk4HU2BfelW0l32zppQavzH/NMDypq4j2kUWLtKomwCEjeJZKsXA/OcymT8TC
mHXGgcf9N5/d0LktwR1Q2jA+NTNswBAGckTTcIqNmY7/yVwypmL0+UXVyxAIzyXc
A4fEeNQx7ANTicM+yi/IoM31xBL5pmiyrIWfSVm4auLuHRClQXyvppDKzYLfJTxM
lAdheifJ0SlC68/ECmSnX6Iycjs8Mjbf3UT2nZYM7ZpcmBS5BUYc6S8jPG5zdtBk
9qREkkQR8g9w05yk5BEGXCMiK5DxtzbQf+dre2d1EuRkg66ffEjmwZvf13zlRaDw
0SZVAe+sC6d6Nrf5dDW9hOJ0hrLvbCJvH6UGIbJXmXX/nK4BxFSS7dVFwzN6twuq
sI6Fef7hFf4fzU66RUidUq4A6SzoS1dlAXegO8EDG4NDZhbP/4tB3k/a6e9Jesr+
rRlEe13lWsnHMZxuPcIqjEQ8PS5Ze7V100t/O7mOtoMdD44rl93weiVaYmYj1axD
NCRtJSEyB4QLDcjK4I8rnlF6mkwyvlolvpkP7FSyKJk3srswRTMuqNwSyBU+dtns
54IR3LcW2raYeKxmOygrhZ/k+v3y4l9XvHdvOKs3TMYx04hegYlqoCDf7hE9Zhsr
7za12Ws3pyRL/b4VDh45g/QDHbOlTxxzVPi9RgtYQrPmtvS9ElsVrTnOyVaHaCDx
9IHzG12ACrbWrVvToRwp8d85ais9hHEtBojKSyDaovFjBQFsonUWlV67mlHnc++e
1pKnPmKQ5XGGsVv8uaS/pHrUSTOCiTXAgiFS5eyaTbM2AUi0BUfS53fsXP9n0XpF
yPCYEdpPBau/G3ac1/HE+1u/ItX8DiDT8L7fNug3J+IVvRK5gCXlVXeyEb5SY0yV
qVCqWl3U7VmiiIRKxMwu8qkDHvNdXBIFubSSj8ZOv+yp15jhL2uaSDvr+NFOdxBw
yFM3Vpwmn1XLPRSIFm8FDdYEPbxarhZ8CDDEFcSLYAqH5uzU6P4gDLgFUB7rtZsu
qSsPuHXJ6FwrfaLTnple0Qq2uAYPLpIUTLTYy30etzkKENPMCRVJNtGYXzuZJYJy
2gAQVAFVN/mYXT8y4sgsheMj7iK6u4W8vMz+lyz1kDhTWlltlTkUIkpPJmgKT4kJ
GBX0WjjNf3Z+urK9j7BmRZPXpmecn0/6K7KDvti12JpzB+uzjN47r1NF8yhht9Ok
f4BAAe6BH6oEcNr1OdzzVr19R0oTRSLHhxvScPsTbs6Ja5kG77qFp2O6j7S5dNtk
9kZdxbf2fjj3NFLNw2mC3pa4CK3CMnHT34G1H4otvzeHOVE4jV9qyo06odfoIeTp
U+V+AjRPdBqPwRNyBtybozZEb/fKYZ17Ur/cGYcAXSgpUezykMdsfYL2NhnWMR/T
qvm8Vd/o2DznjeZpGXE3jMdqp8spgAd/049sJP7oHspwdLF7MeuKh83j/LnUVdoR
iC4FXhQsIfY9o7Ez2/wdzqK3hyy9taPV9joEclr1CZ4XmKwCKZeuW0ZcBooqxbJR
z5M0UOCK0XIBEsP2KJD+FhtrVqludCoXSoKt3hVM+v1He+7G4GsbO2u79RUrca3P
HOkKVNGIpD6+QO9FYKAkw7ER+1tyY7wadAd3T0wst4FeYPcLTAZmfcTxXs3TyJzp
N0xGzNqfFdUU2PPD+dU8cyC6ileqixC8CWItkkC5Kej8GKIhSsDjhZL/P8ecrVqN
Vs1afTvV5H/W+PKsTfdEXsjAgS7AENHDdP/1sCcqN9cKboixbWOYb1K2asRKqJa7
4x1GSiWTVJJIpUSy84gIlNzgdl/hKhbPAyKXWIEZb/Owr2g+WPOvQhLRqHDg3wZg
uHi0PrHQcS7cB/oQBc8oelhCaYUg0BRABR4ktivhlXXybmxvT1CN5F+pFaBv2Vqd
AEDGLQYZqKAXnMce9EeC/3RL4gfCqJbfhlBU3IkmcY+57lL0/qVrpzz5vV33ScQM
bmyJO8nr3zkFH5QF6KkoC+oE+Yrt1N4hYxCypHjQ59mUf6GoLQJ8uMWKbck6im7G
srZfTwZ4xfIjp6NdKVw3PnkSDKnhj9xWGfw0E9o5UfmFdo3ykuUfaFN6hIWL/kWd
Z7APJsFVrDkr+HyaOQ3Bznf1j6AnydO8UkCmDMPrSkQjkQOLzV+LbOR2j0EBmsX9
H8VyYNDoIkJl/pH0LUa4Yf5OS/cWOh1+BhJCoYcQlvsF38r3JysRBXeFBFYHf4ax
DAAXGmtFu+7kA2Jnjy/KJlwPLp0AeXl3lTEVUWQLY4WsWPxO8mxVC4uVxdvwDQ1e
tyRrRuvu6vgtYUez29bw9Z9khk6i//7XAiN19XKnvhS3szUlc6JDIBW1L1bRbBAM
xkVXTscywOKUgMwcHrSPaD0rjIXHt6iT3qc71M6lJVEDVyIcpU2hH+rmBivai78A
5odRWLN4nhZVGMg0vfrc4rdbJLYPGmpczgkio3kx/TaGbGOx0PXISIpT9hElbfBa
nc1wKg1tEE008id44UMbZOv1Lax2+qtJNyTzxz5083LyzQyvCpfAofhp9+1z0tO/
x2ZcWtpxX+uATxF9nV28UCG5LErAHJa6KfN3qAjCdgH3HEeywD12+tlA7QeuVlhN
iE+yxVLCGA0M5a7HNUeUFaV8Nd9Aun34zFuZdgDnJRzUxCEFGrP72SaV61QOuGTT
AmV5NFUcke91gJd3a29l/s3utQBEC2KiOAjCwyj5td75aPbLhOrz0g+opLat9oiv
6pbcpoooRTlU9Qss3asLgmunSurc1RohRu0Pir2P9ctQJgMCfN3GZvOjmrlBahSL
5pXlMaoLR+A4kKie+x3so3V+bIn6XSfdc1AFBqhsjYXsCtJqMINY6T7+T/+jJKk3
9G3WkWvghkPd+tcKgZFX0tQHsGGLewI0gcAZzd7b2skRR2J5Cl1kvuL0e2Y2+kKt
qaDzTGOnbvd91IH2LpGyBUuL47EBg5Avs9dUJ8NkQ61v2MeBfOVrWemUR1d0T1Wr
/CNdblzazPtSC4eCERjww6Fbs1BBewAPNNZuVTCmySZn7DFzQJLFH9MGiVYAYEEf
Rc59nEDG8bITFBcb5e4418TDUBv8Nd0tD10Ni5XPNRnIljODmDzHHS6euyZ28R2R
k9nb6M9kgAdGx75rwSzeLn1+9MlcpN2YKp6+e2MOKCGhVT8U21hB15RSKDMMkEmD
gFBadDdsGDhNSvm2LdBOlUgNByvdENT7yl3I1y3SD68FyjrvpCGPUpK/bho8fZG2
7w6S62gF/ZrGNBeVzj4cqaLpnIbjXQz7PtqOSo8c3zG5ShhlX+ylLLibBW+P5EMH
QMIde664lmn4ZsFnAe5CwsRvLnioByqgBqZX0cNmqxaWLR22d499jUfDj25II0PF
Krll2ZnBKfHxubEXOkxoW3j5VUJyJhkCTAECv/lM1yGfwFlvXUo4NSUgICXQAHQi
a0FbbVfwEvNawVBpvCVmJnJasIXNuJHvManMh+wjtZqUnMRmYDP2Q+NSrf/K4bho
iYXhJM5V3npeJptXGoEzUxxK312QH1a3FG4mxCkHqW+LsNbFuGyhrVEXfLDKA7Xm
+HC00WEg/oZygDjR2g8XSq0Vv1wLrpLMDuENtJEu3i+BtIX/dqKYyqag3Hbe+XfG
bVbYtuX6tXaU7h+Funq5ONzCHKNiUazHTW0aWRDuCh8Y/nV6qX72pD6DJq6amFxc
8ogCHBflvAnx//t+gGuqoo0zlrAcW1/0tYp3mV4cc/kS03X+Bn5Yxlpa7NKBRwpl
lfvVwdOtVUSsmZJkr2TQrGg/rl+S/5Gc7sXQFgZWvkxYMqSZdMRhhhhidjgx/Dzi
RTcqiPIE/uuwWQ3B5H350e0EK0Lb4G9eirkeaydR1pL7k5mTk8RHi7PqfYlJbn2N
AoJP2dmhMtrbCTkq0E8BDcXzzOnuDF/rUM591pU5D5rDpIcmXbiCcYxz6VU5ABWz
9PdWtPT94ikc+nAnDpD3hdYyTWtXheVorpE5ewSXZc7bTFidhGJCKNWX9BUNkP5G
pQMbXWMf07EKKI2j5TLs2gFe14LubFbWgZtEH3rI+jhahOMaO9B1tYzUuZTcuKwZ
kQUHmnb7PGEZu9o2sei67m8UBnfMzauFuTfMgTuOn+Wmu7FDrqa1kQEWWstCDOH1
FNwkkYhuZzPALO3+up1nBwIoFoJDMFCGSv0n2Lc5DHtLHwO6qk+swWtiWwnjxkE5
Kp0BU89HdLW3kwb9liYYaALmyNXi9JfWpD8JjQLbjLE8R2JMmbY0/ATc5YGR58X1
sM4aKuC9+kdYW9ERpsVI26iOqyf2fNkLuwADBcv8D3aSwqq+iSLj4g6iscxaPNOJ
mnZ+crgCIAucHC9dUA9Kt0emSJ/6gY3cJUmdf8fHd8gUiSi07UANAB03NFNoV9jt
5ajjufzoKq1xBWE4ah6MODlj6RSYMZ3HcXj+aaW7WCfb4zKSBQB+T89Ccb5g3jE8
FK0X0c+wqALMfhxsTS1VzSBMqrDlTjmHvUY8105bWKlpUn6ZNZoJiGFlNTrhxfWr
lTaG/IO8V6V0JTrAjB2aP5GyZ1gIJrMkFyBHOLvhB3xexj1rGjw51Gmdxw8tJLnB
MubIRJCOzcmW/h1EfuaV6Ixou5UC1+JABruyEoKF5mRv2eKYMCoijEFDPAIgcfRR
0mC71KPG4t/N0bPxYbsT1tq+BIqjgE/DlAoph3V0tJT2amxaM8ehEVRn8TPaLjC9
Knj0VoQK4pdGrL/E9+0U8Y+E0W1yDSjFx5WwAaSk7FctvQJoW0OM28cigF5VP936
DLoNCUk=
checker = ssh-keyscan -t ecdsa-sha2-nistp256 %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"
ssh_fingerprint = ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI06bz7MmDAOI7h7e5X7Dw2SpgkMBNmJI5ptO26HHyPzp1uBBJXbi+sT+4fpBAq00lEUiyOscBSEnrHst9PH1cQ=
More information about the Mandos-Dev
mailing list