From 7eb6d23e8336cab96e69f8cc10bec57ccfe05927 Mon Sep 17 00:00:00 2001
From: Birger Schacht <birger@rantanplan.org>
Date: Thu, 7 Nov 2019 15:12:56 +0100
Subject: [PATCH] ssh: Add the error of ssh-keyscan to the verification view

This commit takes the stderr of `ssh-keyscan` (in case of a returncode thats not
zero) and stores it as as string in the form object. The view then displays the
information as preformatted text in a warning class.

Signed-off-by: Birger Schacht <birger@rantanplan.org>
[sunil: Cosmetic: variable name change for consistent naming]
[sunil: <pre> can't be inside <p>, keep it out]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 plinth/modules/backups/forms.py                          | 9 +++++----
 plinth/modules/backups/templates/verify_ssh_hostkey.html | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/plinth/modules/backups/forms.py b/plinth/modules/backups/forms.py
index 0ee35be3c..23697bf14 100644
--- a/plinth/modules/backups/forms.py
+++ b/plinth/modules/backups/forms.py
@@ -233,8 +233,8 @@ class VerifySshHostkeyForm(forms.Form):
         """Initialize the form with selectable apps."""
         hostname = kwargs.pop('hostname')
         super().__init__(*args, **kwargs)
-        self.fields['ssh_public_key'].choices = self._get_all_public_keys(
-            hostname)
+        (self.fields['ssh_public_key'].choices,
+         self.keyscan_error) = self._get_all_public_keys(hostname)
 
     @staticmethod
     def _get_all_public_keys(hostname):
@@ -242,11 +242,12 @@ class VerifySshHostkeyForm(forms.Form):
         # Fetch public keys of ssh remote
         keyscan = subprocess.run(['ssh-keyscan', hostname],
                                  stdout=subprocess.PIPE,
-                                 stderr=subprocess.DEVNULL)
+                                 stderr=subprocess.PIPE)
         keys = keyscan.stdout.decode().splitlines()
+        error_message = keyscan.stderr.decode() if keyscan.returncode else None
         # Generate user-friendly fingerprints of public keys
         keygen = subprocess.run(['ssh-keygen', '-l', '-f', '-'],
                                 input=keyscan.stdout, stdout=subprocess.PIPE)
         fingerprints = keygen.stdout.decode().splitlines()
 
-        return zip(keys, fingerprints)
+        return zip(keys, fingerprints), error_message
diff --git a/plinth/modules/backups/templates/verify_ssh_hostkey.html b/plinth/modules/backups/templates/verify_ssh_hostkey.html
index 5c549abb6..9625a5b5b 100644
--- a/plinth/modules/backups/templates/verify_ssh_hostkey.html
+++ b/plinth/modules/backups/templates/verify_ssh_hostkey.html
@@ -35,6 +35,9 @@
           is up and accepting connections.
         {% endblocktrans %}
       </p>
+      {% if form.keyscan_error %}
+        <pre class="alert alert-danger">{{ form.keyscan_error }}</pre>
+      {% endif %}
     {% else %}
       <p>
         The authenticity of SSH host {{ hostname }} could not be established. The host advertises the following SSH public keys. Please verify any one of them.