193 lines
5.0 KiB
Bash
193 lines
5.0 KiB
Bash
#!/bin/bash
|
|
|
|
#example:
|
|
# initial xfer of pubkey with a password
|
|
# sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>
|
|
|
|
|
|
SSH_PUB_KEYS=${SSH_PUB_KEYS:-$HOME/.ssh}
|
|
export SSH_PUB_KEYS
|
|
module_load path
|
|
module_load ssh
|
|
|
|
sshpubkey () {
|
|
|
|
echo pub key dir: $SSH_PUB_KEYS
|
|
|
|
local key=$SSH_PUB_KEYS/id_rsa.pub
|
|
local user=${DEFAULT_USER:-ubuntu}
|
|
local opts;local dr="true";local rm; local ropts;local kname
|
|
local vkey; local kuser; local host; local supass; local replace
|
|
local scmd; local _sudo
|
|
|
|
local OPTION
|
|
local OPTARG
|
|
local OPTIND
|
|
while getopts 'u:a:rek:o:s:' OPTION; do
|
|
# echo OPTION $OPTION ARG $OPTARG
|
|
case "$OPTION" in
|
|
a)
|
|
# to put the key at another user on remote. will require sudo on remote
|
|
kuser=$OPTARG
|
|
;;
|
|
u)
|
|
# user if not explicit from host
|
|
user=$OPTARG
|
|
;;
|
|
s)
|
|
supass=$OPTARG
|
|
;;
|
|
r)
|
|
# remove key
|
|
rm=true
|
|
;;
|
|
k)
|
|
kname=$OPTARG
|
|
[[ $(isAbsPath $OPTARG) ]] && key=$OPTARG || key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub
|
|
;;
|
|
o)
|
|
opts=$OPTARG
|
|
;;
|
|
e)
|
|
dr=""
|
|
;;
|
|
*)
|
|
echo unknown option -$OPTARG
|
|
# opts="$opts ${@:$OPTIND:1}"
|
|
# # ((OPTIND+=1))
|
|
# #echo remaining ${@:$OPTIND}
|
|
return 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
shift $((OPTIND - 1))
|
|
|
|
host=$1
|
|
if [[ ! $host ]]; then
|
|
echo "no host supplied, aborting"
|
|
echo "usage: sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>"
|
|
return 2
|
|
fi
|
|
|
|
shift 1
|
|
if [[ ! $* =~ "--" ]]; then
|
|
ropts=$*
|
|
else
|
|
ropts=$(sed 's/\(.*\)--.*/\1/' <<< "$*")
|
|
opts=$(sed 's/.*--\(.*\)/\1/' <<< "$*")
|
|
fi
|
|
|
|
# echo KEY $key
|
|
# echo HOST $host
|
|
# echo ROPTS $ropts
|
|
# echo OPTS $opts
|
|
|
|
# TODO add run remote function to ssh and this won't be required
|
|
module_load array
|
|
declare -a ret
|
|
scmd="ssh -r ${ropts} ${host}"
|
|
# echo "$cmd"
|
|
String::split ret "$($scmd)" ,
|
|
host=${ret[0]}; opts+=${ret[1]}; local sshpass=${ret[2]}
|
|
# echo "$host;$opts;$sshpass"
|
|
scmd="$sshpass $(which ssh) $opts $host"
|
|
|
|
|
|
[[ $host =~ "@" ]] && user=$(sed 's/\(.*\)@.*/\1/' <<< "$host")
|
|
echo remote user: $user
|
|
|
|
vkey=$(cat $key) # get actaul content of key file
|
|
## Alternate remote user?
|
|
if [[ $kuser ]]; then
|
|
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
|
|
fi
|
|
|
|
if [[ $kuser ]]; then
|
|
_sudo="echo '${supass}' | sudo -u ${kuser} --stdin"
|
|
fi
|
|
|
|
rfcmd () (
|
|
local fn
|
|
fn=$1
|
|
shift 1
|
|
echo "bash -c '$(declare -f $fn); $fn $*'"
|
|
)
|
|
|
|
run () (
|
|
# echo "$scmd" "$_sudo"
|
|
# echo "$(rfcmd "$*")"
|
|
$scmd "$_sudo" "$(rfcmd "$*")"
|
|
)
|
|
|
|
if [[ $rm ]]; then
|
|
############# REMOVE PUBLIC KEY #################
|
|
echo ">>>>> removing public key $kname from ${kuser:-user}"
|
|
[[ $dr ]] && echo dry run by default add -e to execute || replace=" -i"
|
|
run rm_key $replace $vkey
|
|
else
|
|
############## ADD PUBLIC KEY ########################
|
|
echo ">>>>>> sending key $key to remote user ${kuser:-$user}"
|
|
echo run command
|
|
run cpy_key $vkey
|
|
fi
|
|
}
|
|
|
|
|
|
function cpy_key () {
|
|
|
|
vkey=$*
|
|
if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then
|
|
echo key $key already in authorized_keys for remote user $USER
|
|
else
|
|
echo -e "\nInstalling key for $USER"
|
|
echo -e "\n############ appending key to -s$HOME/.ssh/authorized_keys ############"
|
|
cat $HOME/.ssh/authorized_keys
|
|
echo "###########################"
|
|
# echo "#################### adding ####################"
|
|
# echo $vkey
|
|
# echo "#################################################"
|
|
|
|
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
|
|
mkdir $HOME/.ssh >/dev/null 2>&1
|
|
touch $HOME/.ssh/authorized_keys >/dev/null 2>&1
|
|
chmod 600 $HOME/.ssh/authorized_keys >/dev/null 2>&1
|
|
ls -la $HOME/.ssh/authorized_keys
|
|
fi
|
|
|
|
echo "$vkey" >> $HOME/.ssh/authorized_keys
|
|
ls -la $HOME/.ssh/authorized_keys
|
|
echo "******** updated authorized_keys for $USER *******************"
|
|
cat $HOME/.ssh/authorized_keys
|
|
echo "******************************************************"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
function rm_key () {
|
|
local vkey; local replace
|
|
echo in rm_key
|
|
[[ $1 = "-i" ]] && { replace=$1; shift 1; }
|
|
vkey=$*
|
|
|
|
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
|
|
echo no $HOME/authorized_keys file nothing to remove
|
|
else
|
|
if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then
|
|
echo key found in authorized_keys, removing...
|
|
sed $replace "\,$vkey,d" $HOME/.ssh/authorized_keys
|
|
if [[ $replace ]]; then
|
|
echo "********updated authorized_keys file for $USER *******************"
|
|
cat $HOME/.ssh/authorized_keys
|
|
echo "******************************************************"
|
|
fi
|
|
else
|
|
echo no key $key found in the authorized_keys, nothing to remove
|
|
fi
|
|
fi
|
|
|
|
}
|
|
|
|
|