#!/bin/sh
# $1 => host or IP
# $2 => target known hosts file

if [ -z "$2" ]; then
    echo "$0 <host/IP> <target known hosts>"
    exit 1
fi

touch $2

if [ ! -f /etc/ssh/ssh_known_hosts ]; then
    exit 1
fi

# If we already have the target IP/host in the target known hosts, just exit
if grep -q "^$1" $2; then
    exit 0
fi

# For each key type check if we have at least one host, if so, try matching
for keytype in ecdsa rsa dsa; do
    if ! grep -q "$keytype" /etc/ssh/ssh_known_hosts; then
        continue
    fi

    keyscan=$(ssh-keyscan -t $keytype $1 2> /dev/null | grep ssh- | head -1)
    if [ -n "$keyscan" ]; then
        fingerprint=$(echo $keyscan | sed 's/.*ssh-/ssh-/g')
        if grep -q "$fingerprint" /etc/ssh/ssh_known_hosts; then
            echo $keyscan >> $2
            break
        fi
    fi
done

exit 1