How do I check if a server is using an ECDSA fingerprint in SSH otherwise quit?

Question

How do I make my expect script check if a server is using an ECDSA key and if it is continue with the script otherwise if it's something like RSA quit immediately?

#!/usr/bin/expect

#Usage sshsudologin.expect <host> <ssh user> <ssh password>

set timeout 60

spawn ssh [lindex $argv 1]@[lindex $argv 0]

 expect "yes/no" {
     send "yes\r"
     expect "*?assword" { send "[lindex $argv 2]\r" }
    } "*?assword" { send "[lindex $argv 2]\r" }

 expect " " { send "sudo su -\r" }
 expect " " { send "commands\r" }
 expect " " { send "exit\r" }
 expect " " { send "exit\r" }
 interact

Wouldn't it be simplest to just configure the client to only support ECDSA keys on that particular connection prior to attempting to connect? — Donal Fellows, Apr 08 '15 at 21:29

score 0 · Answer 1 · edited Apr 13 '17 at 12:22

0

To elaborate on the Donal's comment, you seem to want to override the HostKeyAlgorithms client's configuration variable on the command line (or by other means) when connecting as described here. If you only specify ECDSA mechanisms, the connection will supposedly fail, if the server only will only offer you an RSA-, DSA- or FIPS-based key.

edited Apr 13 '17 at 12:22

Community

1
1

answered Apr 09 '15 at 13:36

kostix

51,517
14
93
176

How do I check if a server is using an ECDSA fingerprint in SSH otherwise quit?

1 Answers1