refactor ssh-pubkey to handle finding public key in multiple ways
parent
9197b1edd0
commit
64df1b08ec
|
|
@ -97,7 +97,6 @@ get_network_paths
|
|||
if [[ $BASH_NETWORK_HOME_PATH ]]; then
|
||||
# echo loading home $BASH_NETWORK_HOME_PATH
|
||||
shell_process_directory $BASH_NETWORK_HOME_PATH
|
||||
[[ $BASH_SHELL_LOADED ]] && load_shell_host_user_dev
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -133,11 +132,11 @@ clear_networks () {
|
|||
|
||||
networks_load () {
|
||||
|
||||
# echo load_networks called $@
|
||||
# echo load_networks called $@
|
||||
|
||||
[[ $1 == "-h" ]] && { shift 1; load_home_network || return $?; }
|
||||
[[ $1 == "-a" ]] && { shift 1; load_all_networks || return $?; }
|
||||
[[ $1 ]] && load_a_network $@ || return 1
|
||||
[[ $1 ]] && { load_a_network $@ || return 1; }
|
||||
# echo loading ssh
|
||||
loadssh
|
||||
[[ $BASH_SHELL_LOADED ]] && load_shell_host_user_dev
|
||||
|
|
|
|||
|
|
@ -1,11 +1,63 @@
|
|||
#!/bin/bash
|
||||
|
||||
_extractpubkey () {
|
||||
name=${2:-$(basename $1)}
|
||||
ssh-keygen -y -f $1 | sed "s/$/ ${name}/"
|
||||
}
|
||||
|
||||
getkeyname () {
|
||||
if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
|
||||
basename "$1" | rev | cut -f 2- -d '.' | rev
|
||||
else
|
||||
basename $1
|
||||
fi
|
||||
}
|
||||
|
||||
extractpubkey () {
|
||||
[[ $1 ]] || return 1
|
||||
[[ -f $1 ]] && _extractpubkey $1 && return 0
|
||||
# echo try pubkeys dir
|
||||
[[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$1 ]] && _extractpubkey $SSH_PUB_KEYS_DIR/$1 && return 0
|
||||
# echo try home
|
||||
[[ -f $HOME/.ssh/$1 ]] && _extractpubkey $HOME/.ssh/$1 && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
# need to use full filename including any .pub
|
||||
catpubkey () {
|
||||
[[ $1 ]] || return 1
|
||||
local key; local pub
|
||||
key=$1
|
||||
if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
|
||||
key=$(basename "$1" | rev | cut -f 2- -d '.' | rev)
|
||||
pub=$1
|
||||
else
|
||||
pub="${1}.pub"
|
||||
key=$(basename $1)
|
||||
fi
|
||||
# echo try agent $key
|
||||
key=$(ssh-add -L | sed -n /$key/p)
|
||||
[[ $key ]] && echo $key && return 0
|
||||
# echo try $pub
|
||||
[[ -f $pub ]] && cat $pub && return 0
|
||||
# echo try $SSH_PUB_KEYS_DIR/$pub
|
||||
[[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$pub ]] && cat $SSH_PUB_KEYS_DIR/$pub && return 0
|
||||
# echo $HOME/.ssh/$pub
|
||||
[[ -f $HOME/.ssh/$pub ]] && cat $HOME/.ssh/$pub && return 0
|
||||
# echo try extract key from private key
|
||||
extractpubkey $key
|
||||
}
|
||||
|
||||
|
||||
#example:
|
||||
# initial xfer of pubkey with a password
|
||||
# sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>
|
||||
|
||||
# TODO way to get public key
|
||||
# try agent first with sed ssh-add -L | sed -n /sysadmin.kebler.net/p
|
||||
# then in current directory, in SSH_PUB_DIR directory, in .ssh directory (or within)
|
||||
# try pub file, then extract from private key
|
||||
|
||||
SSH_PUB_KEYS=${SSH_PUB_KEYS:-$HOME/.ssh}
|
||||
export SSH_PUB_KEYS
|
||||
module_load path
|
||||
module_load ssh
|
||||
|
|
@ -14,9 +66,9 @@ sshpubkey () {
|
|||
|
||||
# echo default pub key dir: $SSH_PUB_KEYS
|
||||
|
||||
local key=$SSH_PUB_KEYS/id_rsa.pub
|
||||
local kname=id_rsa
|
||||
local user
|
||||
local opts;local dr="true";local rm; local ropts;local kname
|
||||
local opts;local dr="true";local rm; local ropts
|
||||
local vkey; local kuser; local host; local supass; local replace
|
||||
local scmd; local _sudo; local list
|
||||
|
||||
|
|
@ -45,16 +97,9 @@ sshpubkey () {
|
|||
rm=$OPTARG
|
||||
;;
|
||||
k)
|
||||
kname=$OPTARG
|
||||
if [[ $(isAbsPath $OPTARG) ]]; then
|
||||
key=$OPTARG
|
||||
else
|
||||
key=${OPTARG}.pub
|
||||
if [[ ! -f $key ]]; then key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub; fi
|
||||
fi
|
||||
if [[ ! -f $key ]]; then echo "no file $key"; return 4; fi
|
||||
echo key $key found, continuing
|
||||
;;
|
||||
kpath=$OPTARG
|
||||
key=$(getkeyname $kpath)
|
||||
;;
|
||||
o)
|
||||
opts=$OPTARG
|
||||
;;
|
||||
|
|
@ -146,7 +191,9 @@ sshpubkey () {
|
|||
return $?
|
||||
fi
|
||||
|
||||
vkey=$(cat $key) # get actaul content of key file
|
||||
vkey=$(catpubkey $kpath) # get actaul content of public key
|
||||
[[ $? -gt 0 ]] && echo no valid public key for $key at $kpath found && return 4
|
||||
|
||||
## Alternate remote user?
|
||||
if [[ $kuser ]]; then
|
||||
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
|
||||
|
|
|
|||
|
|
@ -24,4 +24,34 @@ ssh_dir_permissions() {
|
|||
sudo chmod 400 $HOME/.ssh/id_rsa
|
||||
sudo chmod 644 $HOME/.ssh/id_rsa.pub
|
||||
sudo chmod 600 $HOME/.ssh/known_hosts
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
sshkeygen () {
|
||||
local OPTION; local OPTARG; local OPTIND; local pem
|
||||
local encode="-t ecdsa"; local pass
|
||||
while getopts 'pr' OPTION; do
|
||||
# echo $OPTION $OPTARG
|
||||
case "$OPTION" in
|
||||
|
||||
p)
|
||||
pem="-m PEM"
|
||||
;;
|
||||
r)
|
||||
encode="-t rsa"
|
||||
;;
|
||||
*)
|
||||
echo unknown sshkeygen option $OPTION
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $((OPTIND - 1))
|
||||
|
||||
[[ ! $1 ]] && echo must supply a private key name && return 1
|
||||
[[ $2 ]] && pass="-P $2" || echo warning, you creating an unencrypted key without a passphrase
|
||||
|
||||
ssh-keygen -f $1 -t ecdsa -b 521 -C $1 $pass $pem
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue