#!/bin/bash #example: # initial xfer of pubkey with a password # sshpubkey host -- SSH_PUB_KEYS=${SSH_PUB_KEYS:-$HOME/.ssh} export SSH_PUB_KEYS module_load path module_load ssh sshpubkey () { # echo default pub key dir: $SSH_PUB_KEYS local key=$SSH_PUB_KEYS/id_rsa.pub local user local opts;local dr="true";local rm; local ropts;local kname local vkey; local kuser; local host; local supass; local replace local scmd; local _sudo; local list local OPTION local OPTARG local OPTIND while getopts 'u:a:r:ek:o:s:l' OPTION; do # echo OPTION $OPTION ARG $OPTARG case "$OPTION" in a) # to put the key at another user on remote. will require sudo on remote kuser=$OPTARG ;; u) # user if not explicit from host user=$OPTARG ;; s) supass=$OPTARG ;; l) list=true ;; r) # remove key, must be "comment identifier in public key" rm=$OPTARG ;; k) kname=$OPTARG if [[ $(isAbsPath $OPTARG) ]]; then key=$OPTARG else key=${OPTARG}.pub if [[ ! -f $key ]]; then key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub; fi fi if [[ ! -f $key ]]; then echo "no file $key"; return 4; fi echo key $key found, continuing ;; o) opts=$OPTARG ;; e) dr="" ;; *) echo unknown option -$OPTARG # opts="$opts ${@:$OPTIND:1}" # # ((OPTIND+=1)) # #echo remaining ${@:$OPTIND} return 1 ;; esac done shift $((OPTIND - 1)) host=$1 if [[ ! $host ]]; then echo "no host supplied, aborting" echo "usage: sshpubkey host -- " return 2 fi shift 1 if [[ ! $* =~ "--" ]]; then ropts=$* else ropts=$(sed 's/$.*$--.*/\1/' <<< "$*") opts=$(sed 's/.*--$.*$/\1/' <<< "$*") fi # echo KEY $key # echo HOST $host # echo ROPTS $ropts # echo OPTS $opts # TODO add run remote function to ssh and this won't be required module_load array declare -a ret scmd="ssh -r ${ropts} ${host}" # echo "$cmd" String::split ret "$($scmd)" , host=${ret[0]}; opts+=${ret[1]}; local sshpass=${ret[2]} # echo "$host;$opts;$sshpass" scmd="$sshpass $(which ssh) $opts $host" if [[ ! $user ]]; then if [[ $host =~ "@" ]]; then user=$(sed 's/$.*$@.*/\1/' <<< "$host") else user=$(ssh_config_get -u $host) [[ ! $user ]] && user=${DEFAULT_USER:-ubuntu} fi fi rfcmd () ( local fn fn=$1 shift 1 echo "bash -c '$(declare -f $fn); $fn $*'" ) run () ( # echo "$scmd" "$_sudo" # echo "$(rfcmd "$*")" $scmd "$_sudo" "$(rfcmd "$*")" ) # echo remote user: $user if [[ $kuser ]]; then _sudo="echo '${supass}' | sudo -u ${kuser} --stdin" fi if [[ $list ]]; then run list_keys return $? fi if [[ $rm ]]; then ############# REMOVE PUBLIC KEY ################# # todo allow removeall without access to public key echo ">>>>> removing public key: \"$rm\" from ${kuser:-$user}" [[ ! $dr ]] && replace=" -i" run rm_key $replace $rm return $? fi vkey=$(cat $key) # get actaul content of key file ## Alternate remote user? if [[ $kuser ]]; then [[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; } fi if [[ $key ]] ; then ############## ADD PUBLIC KEY ######################## echo ">>>>>> sending key $key to remote user ${kuser:-$user}" echo run command run cpy_key $vkey return $? fi } function cpy_key () { vkey=$* if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then echo key $key already in authorized_keys for remote user $USER else echo -e "\nInstalling key for $USER" echo -e "\n############ appending key to -s$HOME/.ssh/authorized_keys ############" cat $HOME/.ssh/authorized_keys echo "###########################" # echo "#################### adding ####################" # echo $vkey # echo "#################################################" if [[ ! -f $HOME/.ssh/authorized_keys ]]; then mkdir $HOME/.ssh >/dev/null 2>&1 touch $HOME/.ssh/authorized_keys >/dev/null 2>&1 chmod 600 $HOME/.ssh/authorized_keys >/dev/null 2>&1 ls -la $HOME/.ssh/authorized_keys fi echo "$vkey" >> $HOME/.ssh/authorized_keys ls -la $HOME/.ssh/authorized_keys echo "******** updated authorized_keys for $USER *******************" cat $HOME/.ssh/authorized_keys echo "******************************************************" fi } function rm_key () { local kname; local replace; local found [[ $1 = "-i" ]] && { replace=$1; shift 1; } kname=$* echo "" if [[ ! -f $HOME/.ssh/authorized_keys ]]; then echo no $HOME/authorized_keys file nothing to remove else # found=$(sed "\,$kname$,p" $HOME/.ssh/authorized_keys) found=$(cat $HOME/.ssh/authorized_keys | grep "${kname}$") if [[ $found ]]; then echo key found in authorized_keys, removing... echo "$found" if [[ $replace ]]; then echo "********updated authorized_keys file for $USER *******************" sed $replace "\,$kname$,d" $HOME/.ssh/authorized_keys cat $HOME/.ssh/authorized_keys echo "******************************************************" else echo "--- this is a dry run by default ---" echo "--- if you are SURE this is the key you want removed" echo "--- run again with -e to actaully remove this key ---" echo "!!! REMOVING THE WRONG KEY MAY RESULT IN LOOSING ACCESS TO THE MACHINE !!!" fi else echo no key $kname found in the authorized_keys, nothing to remove fi fi } function list_keys () { echo "********authorized_keys file for user: $USER at host: $HOSTNAME *******************" cat $HOME/.ssh/authorized_keys echo "******************************************************" }