Our software using sshd were sometimes failing in tests, because the way they publish key fingerprint was racy.

It is based on collective.recipe.shelloutput, which as we can see in the recipe code operates on __init__.

We are using collective.recipe.shelloutput to capture the output of ssh-keygen -lf $KEY and this must run after the file $KEY is generated ( it is generated by another plone.recipe.command version). We were trying to run the collective.recipe.shelloutput after the plone.recipe.command, but that was incorrect anyway, because collective.recipe.shelloutput reads the file at __init__ step, where plone.recipe.command creates the file at install step. As we could see in test suite, it was sometimes working, when slapos node instance ran only once, but it sometimes working, when slapos node instance ran more than once, for example because a promise failed and slapos node instance was retried.

Since collective.recipe.shelloutput does not take into account the exit code of the command but simply capture with "Error ..." whatever the command might output on stderr, we add another step checking that the captured output is not "Error ..." and if it is cause a buildout error so that slapos node instance is retried and then succeed.

What should happen now is:

1. collective.recipe.shelloutput reads the key fingerprint, the file is not present so it captures `"Error ..."``
2. a plone.recipe.command creates the key
3. another plone.recipe.command checks that the captured fingerprint is not "Error ..." it fails
4. buildout restarts
5. collective.recipe.shelloutput reads key fingerprint correctly.

Slaprunner has been heavily modified, because it was using a sshkeys_authority which was incompatible with this as it uses symlinks for keys. Since we don't know what is the purpose of sshkeys_authority, we rewrote that software to use simple commands instead of that "ssh keys authority".