#!/bin/sh

logger_opts="-p user.info -t ec2"

# rhels' version of logger_opts does not support long
# for of -s (--stderr), so use short form.
logger_opts="$logger_opts -s"

# Redirect stderr to stdout
exec 2>&1

fp_blist=",${1},"
key_blist=",${2},"
{
echo
echo "#############################################################"
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
for f in /etc/ssh/ssh_host_*key.pub; do
    [ -f "$f" ] || continue
    read ktype line < "$f"
    # skip the key if its type is in the blacklist
    [ "${fp_blist#*,$ktype,}" = "${fp_blist}" ] || continue
    ssh-keygen -l -f "$f"
done
echo "-----END SSH HOST KEY FINGERPRINTS-----"
echo "#############################################################"

} | logger $logger_opts

echo "-----BEGIN SSH HOST KEY KEYS-----"
for f in /etc/ssh/ssh_host_*key.pub; do
    [ -f "$f" ] || continue
    read ktype line < "$f"
    # skip the key if its type is in the blacklist
    [ "${key_blist#*,$ktype,}" = "${key_blist}" ] || continue
    cat $f
done
echo "-----END SSH HOST KEY KEYS-----"