shell-network/modules/ssh-pubkey.mod

#!/bin/bash

_extractpubkey () {
 name=${2:-$(basename $1)}
 ssh-keygen -y -f $1 | sed "s/$/ ${name}/" 
}

getkeyname () {
  if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
    basename "$1" | rev | cut -f 2- -d '.' | rev 
  else
   basename $1
  fi
}

extractpubkey () {
 [[ $1 ]] || return 1
 [[ -f $1 ]] && _extractpubkey $1 && return 0
#  echo try pubkeys dir
   [[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$1 ]] && _extractpubkey $SSH_PUB_KEYS_DIR/$1 && return 0
#  echo try home
 [[ -f $HOME/.ssh/$1 ]] && _extractpubkey $HOME/.ssh/$1 && return 0
 return 1
}

# need to use full filename including any .pub 
catpubkey () {
  [[ $1 ]] || return 1
  local key; local pub
  key=$1
  if [[ $(echo $1 | awk -F . '{print $NF}') == "pub" ]]; then
    key=$(basename "$1" | rev | cut -f 2- -d '.' | rev) 
    pub=$1
  else
    pub="${1}.pub"
    key=$(basename $1)
  fi
  # echo try agent $key
  key=$(ssh-add -L | sed -n /$key/p)
  [[ $key ]] && echo $key && return 0
  # echo try $pub
  [[ -f $pub ]] && cat $pub && return 0
  # echo try $SSH_PUB_KEYS_DIR/$pub
  [[ $SSH_PUB_KEYS_DIR ]] && [[ -f $SSH_PUB_KEYS_DIR/$pub ]] && cat $SSH_PUB_KEYS_DIR/$pub && return 0
  # echo $HOME/.ssh/$pub
  [[ -f $HOME/.ssh/$pub ]] &&  cat $HOME/.ssh/$pub && return 0
  # echo try extract key from private key
  extractpubkey $key
}


#example: 
# initial xfer of pubkey with a password
# sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>

# TODO way to get public key
# try agent first with sed ssh-add -L | sed -n /sysadmin.kebler.net/p
# then in current directory, in SSH_PUB_DIR directory, in .ssh directory (or within)
# try pub file, then extract from private key
    
export SSH_PUB_KEYS
module_load path
module_load ssh

sshpubkey () {

    # echo default pub key dir: $SSH_PUB_KEYS

    local kname=id_rsa
    local user
    local opts;local dr="true";local rm; local ropts
    local vkey; local kuser; local host; local supass; local replace
    local scmd; local _sudo; local list

    local OPTION
    local OPTARG
    local OPTIND
    while getopts 'u:a:r:ek:o:s:l' OPTION; do
      # echo OPTION $OPTION ARG $OPTARG
      case "$OPTION" in
      a)
        # to put the key at another user on remote.  will require sudo on remote
        kuser=$OPTARG
        ;;
      u)
        # user if not explicit from host
        user=$OPTARG
        ;;
      s)
       supass=$OPTARG  
      ;; 
      l)
       list=true  
      ;; 
      r)
        # remove key, must be "comment identifier in public key"
        rm=$OPTARG
        ;;  
      k)
        kpath=$OPTARG
        key=$(getkeyname $kpath)
       ;;
      o)
        opts=$OPTARG
        ;;  
      e)
       dr=""
        ;;
      *)
        echo unknown option -$OPTARG
        # opts="$opts ${@:$OPTIND:1}"
        # # ((OPTIND+=1))
        # #echo remaining ${@:$OPTIND}
        return 1
        ;;
      esac
    done

  shift $((OPTIND - 1))

  host=$1
  if [[ ! $host ]]; then
   echo "no host supplied, aborting"
   echo "usage: sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>"
   return 2
  fi 
 
  shift 1
  if [[ ! $* =~ "--" ]]; then 
        ropts=$* 
      else 
        ropts=$(sed 's/\(.*\)--.*/\1/' <<< "$*") 
        opts=$(sed 's/.*--\(.*\)/\1/' <<< "$*") 
    fi

  # echo KEY $key
  # echo HOST $host
  # echo ROPTS $ropts
  # echo OPTS  $opts

  # TODO add run remote function to ssh and this won't be required
  module_load array
  declare -a ret
  scmd="ssh -r ${ropts} ${host}"
  #  echo "$cmd"
  String::split ret "$($scmd)" ,
  host=${ret[0]}; opts+=${ret[1]}; local sshpass=${ret[2]}
  # echo "$host;$opts;$sshpass"
  scmd="$sshpass $(which ssh) $opts $host"

  
  if [[ ! $user ]]; then
  if [[ $host =~ "@" ]]; then 
    user=$(sed 's/\(.*\)@.*/\1/' <<< "$host") 
   else
    user=$(ssh_config_get -u $host)
    [[ ! $user ]] && user=${DEFAULT_USER:-ubuntu}
   fi 
  fi

   rfcmd () (
    local fn
    fn=$1
    shift 1
    echo "bash -c '$(declare -f $fn); $fn $*'"
  ) 

  run () (
  # echo "$scmd" "$_sudo" 
  # echo "$(rfcmd "$*")"
  $scmd "$_sudo" "$(rfcmd "$*")"
  )

  # echo remote user: $user

  if [[ $kuser ]]; then 
   _sudo="echo '${supass}' | sudo -u ${kuser} --stdin" 
  fi

  if [[ $list ]]; then
    run list_keys
    return $?
  fi 

  if [[ $rm ]]; then
   ############# REMOVE PUBLIC KEY #################
   # todo allow removeall without access to public key
    echo ">>>>> removing public key: \"$rm\" from ${kuser:-$user}"
    [[ ! $dr ]] && replace=" -i"
    run rm_key $replace $rm
    return $?
  fi 

  vkey=$(catpubkey $kpath) # get actaul content of public key
   [[ $? -gt 0 ]] && echo no valid public key for $key at $kpath found && return 4
  
  ## Alternate remote user?
  if [[ $kuser ]]; then 
    [[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
  fi

  if [[ $key ]] ; then
    ############## ADD PUBLIC KEY ########################
    echo ">>>>>> sending key $key to remote user ${kuser:-$user}"
    echo run command
    run cpy_key $vkey
    return $?
  fi

}  
  

function cpy_key () {

  vkey=$*
  if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then
    echo key $key already in authorized_keys for remote user $USER
    else  
      echo -e "\nInstalling key for $USER"
      echo -e "\n############ appending key to -s$HOME/.ssh/authorized_keys ############"
      cat $HOME/.ssh/authorized_keys 
      echo "###########################"
      # echo "#################### adding ####################"
      # echo $vkey
      # echo "#################################################"

      if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
      mkdir $HOME/.ssh >/dev/null 2>&1
      touch $HOME/.ssh/authorized_keys >/dev/null 2>&1 
      chmod 600 $HOME/.ssh/authorized_keys >/dev/null 2>&1
      ls -la $HOME/.ssh/authorized_keys
      fi

      echo "$vkey"  >> $HOME/.ssh/authorized_keys
      ls -la $HOME/.ssh/authorized_keys
      echo "******** updated authorized_keys for $USER *******************" 
      cat $HOME/.ssh/authorized_keys
      echo "******************************************************"

  fi

}

function rm_key () {
  local kname; local replace; local found
  [[ $1 = "-i" ]] && { replace=$1; shift 1; }
  kname=$*
  echo ""
  if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
    echo no $HOME/authorized_keys file nothing to remove
   else
      # found=$(sed "\,$kname$,p" $HOME/.ssh/authorized_keys)
      found=$(cat $HOME/.ssh/authorized_keys | grep "${kname}$")
      if [[ $found ]]; then
        echo key found in authorized_keys, removing...
        echo "$found"
        if [[ $replace ]]; then
          echo "********updated authorized_keys file for $USER *******************" 
          sed $replace "\,$kname$,d" $HOME/.ssh/authorized_keys
          cat $HOME/.ssh/authorized_keys
          echo "******************************************************"
        else 
         echo "--- this is a dry run by default ---"  
         echo "--- if  you are SURE this is the key you want removed"
         echo "--- run again with -e to actaully remove this key ---"
         echo "!!! REMOVING THE WRONG KEY MAY RESULT IN LOOSING ACCESS TO THE MACHINE !!!"
        fi
        else
          echo no key $kname found in the authorized_keys, nothing to remove
      fi
  fi

}

function list_keys () {
 echo "********authorized_keys file for user: $USER at host: $HOSTNAME *******************" 
 cat $HOME/.ssh/authorized_keys
 echo "******************************************************"
}