refactor ssh-pubkey to handle finding public key in multiple ways

master
Kebler Network System Administrator 2022-12-31 23:29:20 -08:00
parent 9197b1edd0
commit 64df1b08ec
3 changed files with 94 additions and 18 deletions

View File

@ -97,7 +97,6 @@ get_network_paths
if [[ $BASH_NETWORK_HOME_PATH ]]; then
# echo loading home $BASH_NETWORK_HOME_PATH
shell_process_directory $BASH_NETWORK_HOME_PATH
[[ $BASH_SHELL_LOADED ]] && load_shell_host_user_dev
fi
}
@ -137,7 +136,7 @@ networks_load () {
[[ $1 == "-h" ]] && { shift 1; load_home_network || return $?; }
[[ $1 == "-a" ]] && { shift 1; load_all_networks || return $?; }
[[ $1 ]] && load_a_network $@ || return 1
[[ $1 ]] && { load_a_network $@ || return 1; }
# echo loading ssh
loadssh
[[ $BASH_SHELL_LOADED ]] && load_shell_host_user_dev

View File

@ -1,11 +1,63 @@
#!/bin/bash
_extractpubkey () {
name=${2:-$(basename $1)}
ssh-keygen -y -f $1 | sed "s/$/ ${name}/"
}
getkeyname () {
if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
basename "$1" | rev | cut -f 2- -d '.' | rev
else
basename $1
fi
}
extractpubkey () {
[[ $1 ]] || return 1
[[ -f $1 ]] && _extractpubkey $1 && return 0
# echo try pubkeys dir
[[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$1 ]] && _extractpubkey $SSH_PUB_KEYS_DIR/$1 && return 0
# echo try home
[[ -f $HOME/.ssh/$1 ]] && _extractpubkey $HOME/.ssh/$1 && return 0
return 1
}
# need to use full filename including any .pub
catpubkey () {
[[ $1 ]] || return 1
local key; local pub
key=$1
if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
key=$(basename "$1" | rev | cut -f 2- -d '.' | rev)
pub=$1
else
pub="${1}.pub"
key=$(basename $1)
fi
# echo try agent $key
key=$(ssh-add -L | sed -n /$key/p)
[[ $key ]] && echo $key && return 0
# echo try $pub
[[ -f $pub ]] && cat $pub && return 0
# echo try $SSH_PUB_KEYS_DIR/$pub
[[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$pub ]] && cat $SSH_PUB_KEYS_DIR/$pub && return 0
# echo $HOME/.ssh/$pub
[[ -f $HOME/.ssh/$pub ]] && cat $HOME/.ssh/$pub && return 0
# echo try extract key from private key
extractpubkey $key
}
#example:
# initial xfer of pubkey with a password
# sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>
# TODO way to get public key
# try agent first with sed ssh-add -L | sed -n /sysadmin.kebler.net/p
# then in current directory, in SSH_PUB_DIR directory, in .ssh directory (or within)
# try pub file, then extract from private key
SSH_PUB_KEYS=${SSH_PUB_KEYS:-$HOME/.ssh}
export SSH_PUB_KEYS
module_load path
module_load ssh
@ -14,9 +66,9 @@ sshpubkey () {
# echo default pub key dir: $SSH_PUB_KEYS
local key=$SSH_PUB_KEYS/id_rsa.pub
local kname=id_rsa
local user
local opts;local dr="true";local rm; local ropts;local kname
local opts;local dr="true";local rm; local ropts
local vkey; local kuser; local host; local supass; local replace
local scmd; local _sudo; local list
@ -45,15 +97,8 @@ sshpubkey () {
rm=$OPTARG
;;
k)
kname=$OPTARG
if [[ $(isAbsPath $OPTARG) ]]; then
key=$OPTARG
else
key=${OPTARG}.pub
if [[ ! -f $key ]]; then key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub; fi
fi
if [[ ! -f $key ]]; then echo "no file $key"; return 4; fi
echo key $key found, continuing
kpath=$OPTARG
key=$(getkeyname $kpath)
;;
o)
opts=$OPTARG
@ -146,7 +191,9 @@ sshpubkey () {
return $?
fi
vkey=$(cat $key) # get actaul content of key file
vkey=$(catpubkey $kpath) # get actaul content of public key
[[ $? -gt 0 ]] && echo no valid public key for $key at $kpath found && return 4
## Alternate remote user?
if [[ $kuser ]]; then
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }

View File

@ -25,3 +25,33 @@ ssh_dir_permissions() {
sudo chmod 644 $HOME/.ssh/id_rsa.pub
sudo chmod 600 $HOME/.ssh/known_hosts
}
sshkeygen () {
local OPTION; local OPTARG; local OPTIND; local pem
local encode="-t ecdsa"; local pass
while getopts 'pr' OPTION; do
# echo $OPTION $OPTARG
case "$OPTION" in
p)
pem="-m PEM"
;;
r)
encode="-t rsa"
;;
*)
echo unknown sshkeygen option $OPTION
;;
esac
done
shift $((OPTIND - 1))
[[ ! $1 ]] && echo must supply a private key name && return 1
[[ $2 ]] && pass="-P $2" || echo warning, you creating an unencrypted key without a passphrase
ssh-keygen -f $1 -t ecdsa -b 521 -C $1 $pass $pem
}