#!/usr/local/bin/perl
# Find and report on all known hosts that cannot be reached
# via a passwordless ssh connection
use IO::Socket;
($hostname) = split(' ', `hostname`);
@userArr = split(/[\(-\)]/, `id`);
$user = $userArr[1];
$timeout = 5;
@priHosts = ('list', 'high', 'priority', 'hosts', 'here');
$supportingEmail = 'you@your_domain.com';
open (KNOWN_HOSTS, "$ENV{ 'HOME' }/.ssh/known_hosts");
while (<KNOWN_HOSTS>) {
chomp;
($host) = split(' ');
($host) = split(/,/) if ($host =~ /,/);
push(@lookup, $host);
}
close(KNOWN_HOSTS);
@lookup = sort(@lookup);
foreach $host (@lookup) {
$isUp = 1;
$sock = new IO::Socket::INET (
PeerAddr => $host,
Proto => 'tcp',
Timeout => $timeout
) || ($isUp = 0);
if ($isUp) {
$stat = `/usr/bin/ssh -x -p22 -C -cblowfish $host /dev/null/discoProc 2>&1`;
if ($stat !~ /discoProc/) {
print "USER $user CANNOT SSH TO KNOWN HOST $host!\t";
if ($stat =~ /Write failed: Broken pipe/) {
print "invalid SSH KEY/bad permissions. Talk to the sysadmin(s).\n";
}
elsif ($stat =~ /Host key verification failed/) {
print "invalid HOST KEY. Log in to $hostname, su to user $user and ssh manually to $host to clear this error.\n";
}
elsif (/no matching cipher found/) {
print "invalid CIPHER. This scipt uses blowfish, which is apparantly not going to happen.\n";
}
else {
print "USER $user CANNOT SSH TO KNOWN HOST $host!\nSSH CONNECTION LOG BELOW:\n\n$stat\n\n\n";
}
if (grep /$host/, @priHosts) {
print "SENDING A PANIC MAIL\n";
open (MAIL, "|/usr/bin/mailx -s 'IMPACTING SSH FAILURE' $supportingEmail");
print MAIL "user $user on $hostname can't SSH to $host\n";
close(MAIL);
}
}
}
else {
print "USER $user CAN'T SSH TO KNOWN HOST $host!\tSSH FROM HOST $hostname TO HOST $host TIMES OUT AFTER $timeout SECONDS!\n";
}
}
Advertisement
