mandos-keygen: Show warning about old OpenSSH versions
When generating a config file snippet on the Mandos client system using mandos-keygen, and the default ssh-keyscan checker is used, and if the OpenSSH version is 9.8 or later, the "checker" command generated for the config file on the Mandos server will include the "-q" option for ssh-keyscan. This option did not exist on ssh-keyscan from OpenSSH older than version 9.8. Therefore, if the Mandos *server* is running an older version of OpenSSH, where ssh-keyscan does not support the "-q" option, this option must be removed from the generated "checker" setting. Since we cannot know if this is the case when running mandos-keygen on the Mandos client system, we print this information as a comment above the generated "checker" setting.
* mandos-keygen: Show warning if the new "-q" options was used with ssh-keyscan in the generated "checker" setting.
if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \
64
2>&1; then
65
chown _mandos:_mandos /var/lib/mandos
66
chmod u=rwx,go= /var/lib/mandos
67
fi
68
69
if dpkg --compare-versions "$2" eq "1.8.0-1" \
70
|| dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
71
if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then