fix: disable host reachable check in sshfs
feat: add ssh_config_get function to allow getting configuration settings feat: added list keys to sshpubkey feat: allow key removable from comment string (don't need access to public key) fix: ssh - key option does not append .pub fix: remove ssh session file and add readme to recommend putting that in host repomaster
parent
0b5e3be561
commit
762b1c3709
|
@ -1,2 +0,0 @@
|
||||||
# set ssh agent socket for each session if it exists
|
|
||||||
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
|
|
|
@ -37,7 +37,7 @@ function ssh_config() {
|
||||||
cnt=${#DIRS[@]}
|
cnt=${#DIRS[@]}
|
||||||
for ((i = 0; i < cnt; i++)); do
|
for ((i = 0; i < cnt; i++)); do
|
||||||
# echo $i of $cnt
|
# echo $i of $cnt
|
||||||
# looks in ssh/config subdirectory of each DIRS is not passed
|
# looks in ssh/config subdirectory of each DIRS if not passed
|
||||||
DIR="${DIRS[i]}$([[ ! $PDIRS ]] && echo /ssh/config)"
|
DIR="${DIRS[i]}$([[ ! $PDIRS ]] && echo /ssh/config)"
|
||||||
# echo ----- trying $DIR
|
# echo ----- trying $DIR
|
||||||
[ -d $DIR ] && CDIRS[j]=$DIR
|
[ -d $DIR ] && CDIRS[j]=$DIR
|
||||||
|
@ -72,5 +72,66 @@ module_load file
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
# append any tradtional home config
|
# append any tradtional home config
|
||||||
build_file "$HOME/.ssh/config" $SSH_CONFIG
|
[[ -f "$HOME/.ssh/config" ]] && build_file "$HOME/.ssh/config" $SSH_CONFIG
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
ssh_config_get () {
|
||||||
|
|
||||||
|
local ssh;
|
||||||
|
local cfg;
|
||||||
|
local prop;
|
||||||
|
local all;
|
||||||
|
|
||||||
|
if [[ $SSH_CONFIG ]]; then
|
||||||
|
[[ ! -f "$SSH_CONFIG" ]] && ssh_config "$SSH_CONFIG"
|
||||||
|
cfg="-F $SSH_CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ssh="$(which ssh) $cfg -G"
|
||||||
|
# echo ssh cmd: "$ssh"
|
||||||
|
|
||||||
|
local OPTION; local OPTARG; local OPTIND
|
||||||
|
while getopts 'uhpai' OPTION; do
|
||||||
|
# echo processing: option:$OPTION argument:$OPTARG index:$OPTIND remaining:${@:$OPTIND}
|
||||||
|
case "$OPTION" in
|
||||||
|
u)
|
||||||
|
prop=user
|
||||||
|
;;
|
||||||
|
h)
|
||||||
|
prop=hostname
|
||||||
|
;;
|
||||||
|
i)
|
||||||
|
prop=identityfile
|
||||||
|
;;
|
||||||
|
p)
|
||||||
|
prop=port
|
||||||
|
;;
|
||||||
|
a)
|
||||||
|
all=true
|
||||||
|
;;
|
||||||
|
*) echo unknown run option -$OPTARG
|
||||||
|
return 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
shift $((OPTIND - 1))
|
||||||
|
|
||||||
|
[[ ! $1 ]] && { echo must pass a config host; return 1; }
|
||||||
|
|
||||||
|
[[ ! $(cat "$SSH_CONFIG" | grep "[Hh]ost $1") ]] && return 2
|
||||||
|
|
||||||
|
props=$($ssh $1)
|
||||||
|
[[ $all ]] && { echo "$props"; return 0; }
|
||||||
|
[[ $prop ]] && { echo "$props" | grep -m1 -oP "(?<=$prop ).*"; return 0; }
|
||||||
|
[[ $2 ]] && { echo "$props" | grep $2; return 0; }
|
||||||
|
|
||||||
|
echo host $1
|
||||||
|
echo user $(echo "$props" | grep -m1 -oP "(?<=user ).*")
|
||||||
|
echo hostname $(echo "$props" | grep -m1 -oP "(?<=hostname ).*")
|
||||||
|
echo port $(echo "$props" | grep -m1 -oP "(?<=port ).*")
|
||||||
|
echo identityfile $(echo "$props" | grep -m1 -oP "(?<=identityfile ).*")
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,18 +12,18 @@ module_load ssh
|
||||||
|
|
||||||
sshpubkey () {
|
sshpubkey () {
|
||||||
|
|
||||||
echo pub key dir: $SSH_PUB_KEYS
|
# echo default pub key dir: $SSH_PUB_KEYS
|
||||||
|
|
||||||
local key=$SSH_PUB_KEYS/id_rsa.pub
|
local key=$SSH_PUB_KEYS/id_rsa.pub
|
||||||
local user=${DEFAULT_USER:-ubuntu}
|
local user
|
||||||
local opts;local dr="true";local rm; local ropts;local kname
|
local opts;local dr="true";local rm; local ropts;local kname
|
||||||
local vkey; local kuser; local host; local supass; local replace
|
local vkey; local kuser; local host; local supass; local replace
|
||||||
local scmd; local _sudo
|
local scmd; local _sudo; local list
|
||||||
|
|
||||||
local OPTION
|
local OPTION
|
||||||
local OPTARG
|
local OPTARG
|
||||||
local OPTIND
|
local OPTIND
|
||||||
while getopts 'u:a:rek:o:s:' OPTION; do
|
while getopts 'u:a:r:ek:o:s:l' OPTION; do
|
||||||
# echo OPTION $OPTION ARG $OPTARG
|
# echo OPTION $OPTION ARG $OPTARG
|
||||||
case "$OPTION" in
|
case "$OPTION" in
|
||||||
a)
|
a)
|
||||||
|
@ -37,13 +37,23 @@ sshpubkey () {
|
||||||
s)
|
s)
|
||||||
supass=$OPTARG
|
supass=$OPTARG
|
||||||
;;
|
;;
|
||||||
|
l)
|
||||||
|
list=true
|
||||||
|
;;
|
||||||
r)
|
r)
|
||||||
# remove key
|
# remove key, must be "comment identifier in public key"
|
||||||
rm=true
|
rm=$OPTARG
|
||||||
;;
|
;;
|
||||||
k)
|
k)
|
||||||
kname=$OPTARG
|
kname=$OPTARG
|
||||||
[[ $(isAbsPath $OPTARG) ]] && key=$OPTARG || key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub
|
if [[ $(isAbsPath $OPTARG) ]]; then
|
||||||
|
key=$OPTARG
|
||||||
|
else
|
||||||
|
key=${OPTARG}.pub
|
||||||
|
if [[ ! -f $key ]]; then key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub; fi
|
||||||
|
fi
|
||||||
|
if [[ ! -f $key ]]; then echo "no file $key"; return 4; fi
|
||||||
|
echo key $key found, continuing
|
||||||
;;
|
;;
|
||||||
o)
|
o)
|
||||||
opts=$OPTARG
|
opts=$OPTARG
|
||||||
|
@ -94,17 +104,13 @@ sshpubkey () {
|
||||||
scmd="$sshpass $(which ssh) $opts $host"
|
scmd="$sshpass $(which ssh) $opts $host"
|
||||||
|
|
||||||
|
|
||||||
[[ $host =~ "@" ]] && user=$(sed 's/\(.*\)@.*/\1/' <<< "$host")
|
if [[ ! $user ]]; then
|
||||||
echo remote user: $user
|
if [[ $host =~ "@" ]]; then
|
||||||
|
user=$(sed 's/\(.*\)@.*/\1/' <<< "$host")
|
||||||
vkey=$(cat $key) # get actaul content of key file
|
else
|
||||||
## Alternate remote user?
|
user=$(ssh_config_get -u $host)
|
||||||
if [[ $kuser ]]; then
|
[[ ! $user ]] && user=${DEFAULT_USER:-ubuntu}
|
||||||
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $kuser ]]; then
|
|
||||||
_sudo="echo '${supass}' | sudo -u ${kuser} --stdin"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rfcmd () (
|
rfcmd () (
|
||||||
|
@ -120,17 +126,40 @@ sshpubkey () {
|
||||||
$scmd "$_sudo" "$(rfcmd "$*")"
|
$scmd "$_sudo" "$(rfcmd "$*")"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# echo remote user: $user
|
||||||
|
|
||||||
|
if [[ $kuser ]]; then
|
||||||
|
_sudo="echo '${supass}' | sudo -u ${kuser} --stdin"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $list ]]; then
|
||||||
|
run list_keys
|
||||||
|
return $?
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ $rm ]]; then
|
if [[ $rm ]]; then
|
||||||
############# REMOVE PUBLIC KEY #################
|
############# REMOVE PUBLIC KEY #################
|
||||||
echo ">>>>> removing public key $kname from ${kuser:-user}"
|
# todo allow removeall without access to public key
|
||||||
[[ $dr ]] && echo dry run by default add -e to execute || replace=" -i"
|
echo ">>>>> removing public key: \"$rm\" from ${kuser:-$user}"
|
||||||
run rm_key $replace $vkey
|
[[ ! $dr ]] && replace=" -i"
|
||||||
else
|
run rm_key $replace $rm
|
||||||
|
return $?
|
||||||
|
fi
|
||||||
|
|
||||||
|
vkey=$(cat $key) # get actaul content of key file
|
||||||
|
## Alternate remote user?
|
||||||
|
if [[ $kuser ]]; then
|
||||||
|
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $key ]] ; then
|
||||||
############## ADD PUBLIC KEY ########################
|
############## ADD PUBLIC KEY ########################
|
||||||
echo ">>>>>> sending key $key to remote user ${kuser:-$user}"
|
echo ">>>>>> sending key $key to remote user ${kuser:-$user}"
|
||||||
echo run command
|
echo run command
|
||||||
run cpy_key $vkey
|
run cpy_key $vkey
|
||||||
|
return $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -166,27 +195,40 @@ function cpy_key () {
|
||||||
}
|
}
|
||||||
|
|
||||||
function rm_key () {
|
function rm_key () {
|
||||||
local vkey; local replace
|
local kname; local replace; local found
|
||||||
echo in rm_key
|
|
||||||
[[ $1 = "-i" ]] && { replace=$1; shift 1; }
|
[[ $1 = "-i" ]] && { replace=$1; shift 1; }
|
||||||
vkey=$*
|
kname=$*
|
||||||
|
echo ""
|
||||||
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
|
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
|
||||||
echo no $HOME/authorized_keys file nothing to remove
|
echo no $HOME/authorized_keys file nothing to remove
|
||||||
else
|
else
|
||||||
if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then
|
# found=$(sed "\,$kname$,p" $HOME/.ssh/authorized_keys)
|
||||||
|
found=$(cat $HOME/.ssh/authorized_keys | grep "${kname}$")
|
||||||
|
if [[ $found ]]; then
|
||||||
echo key found in authorized_keys, removing...
|
echo key found in authorized_keys, removing...
|
||||||
sed $replace "\,$vkey,d" $HOME/.ssh/authorized_keys
|
echo "$found"
|
||||||
if [[ $replace ]]; then
|
if [[ $replace ]]; then
|
||||||
echo "********updated authorized_keys file for $USER *******************"
|
echo "********updated authorized_keys file for $USER *******************"
|
||||||
|
sed $replace "\,$kname$,d" $HOME/.ssh/authorized_keys
|
||||||
cat $HOME/.ssh/authorized_keys
|
cat $HOME/.ssh/authorized_keys
|
||||||
echo "******************************************************"
|
echo "******************************************************"
|
||||||
|
else
|
||||||
|
echo "--- this is a dry run by default ---"
|
||||||
|
echo "--- if you are SURE this is the key you want removed"
|
||||||
|
echo "--- run again with -e to actaully remove this key ---"
|
||||||
|
echo "!!! REMOVING THE WRONG KEY MAY RESULT IN LOOSING ACCESS TO THE MACHINE !!!"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo no key $key found in the authorized_keys, nothing to remove
|
echo no key $kname found in the authorized_keys, nothing to remove
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function list_keys () {
|
||||||
|
echo "********authorized_keys file for user: $USER at host: $HOSTNAME *******************"
|
||||||
|
cat $HOME/.ssh/authorized_keys
|
||||||
|
echo "******************************************************"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
# > host=${ret[0]}; opts=${ret[1]};sshpass=${ret[2]}
|
# > host=${ret[0]}; opts=${ret[1]};sshpass=${ret[2]}
|
||||||
|
|
||||||
module_load net-utils
|
module_load net-utils
|
||||||
|
module_load ssh-config
|
||||||
|
|
||||||
ssh() {
|
ssh() {
|
||||||
|
|
||||||
|
@ -48,7 +49,7 @@ ssh() {
|
||||||
user=$OPTARG
|
user=$OPTARG
|
||||||
;;
|
;;
|
||||||
k)
|
k)
|
||||||
[[ $(isAbsPath $OPTARG) ]] && key=$OPTARG || key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub
|
[[ $(isAbsPath $OPTARG) ]] && key=$OPTARG || key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG
|
||||||
opts+=" -o IdentitiesOnly=yes -o IdentityFile=$key"
|
opts+=" -o IdentitiesOnly=yes -o IdentityFile=$key"
|
||||||
;;
|
;;
|
||||||
o)
|
o)
|
||||||
|
|
|
@ -71,8 +71,8 @@ function smount() {
|
||||||
# return
|
# return
|
||||||
opts+=" -o ssh_command=$(remove_end_spaces "'$sshpass /usr/bin/ssh $sshopts'")"
|
opts+=" -o ssh_command=$(remove_end_spaces "'$sshpass /usr/bin/ssh $sshopts'")"
|
||||||
|
|
||||||
[[ ! $(host_reachable $host $(parse_option $sshopts -p)) ]] \
|
# [[ ! $(host_reachable $host $(parse_option $sshopts -p)) ]] \
|
||||||
&& echo host $host not reachable, aborting mount && return 1
|
# && echo host $host not reachable, aborting mount && return 1
|
||||||
|
|
||||||
if [[ $(mounted $MNT) ]]; then
|
if [[ $(mounted $MNT) ]]; then
|
||||||
echo "some remote already mounted at $MNT. Umount with: $ umount $MNT"
|
echo "some remote already mounted at $MNT. Umount with: $ umount $MNT"
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
if [[ $- == *i* ]]; then
|
if [[ $- == *i* ]]; then
|
||||||
echo ssh interactive session
|
# anything here will be executed, changing to a directory
|
||||||
|
# note anything to stdout here may make rsync and other network commands fail
|
||||||
|
#cd /opt
|
||||||
fi
|
fi
|
|
@ -1 +1,2 @@
|
||||||
*anything in /session will be sourced if this is a remote ssh login session*
|
*anything in /session will be sourced if this is a remote ssh login session*
|
||||||
|
you may edit this in place but it's recommended to create an ssh folder in the host name repo instead
|
||||||
|
|
Loading…
Reference in New Issue