shell-network/modules/ssh-pubkey.mod

235 lines
6.1 KiB
Bash

#!/bin/bash
#example:
# initial xfer of pubkey with a password
# sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>
SSH_PUB_KEYS=${SSH_PUB_KEYS:-$HOME/.ssh}
export SSH_PUB_KEYS
module_load path
module_load ssh
sshpubkey () {
# echo default pub key dir: $SSH_PUB_KEYS
local key=$SSH_PUB_KEYS/id_rsa.pub
local user
local opts;local dr="true";local rm; local ropts;local kname
local vkey; local kuser; local host; local supass; local replace
local scmd; local _sudo; local list
local OPTION
local OPTARG
local OPTIND
while getopts 'u:a:r:ek:o:s:l' OPTION; do
# echo OPTION $OPTION ARG $OPTARG
case "$OPTION" in
a)
# to put the key at another user on remote. will require sudo on remote
kuser=$OPTARG
;;
u)
# user if not explicit from host
user=$OPTARG
;;
s)
supass=$OPTARG
;;
l)
list=true
;;
r)
# remove key, must be "comment identifier in public key"
rm=$OPTARG
;;
k)
kname=$OPTARG
if [[ $(isAbsPath $OPTARG) ]]; then
key=$OPTARG
else
key=${OPTARG}.pub
if [[ ! -f $key ]]; then key=${SSH_PUB_KEYS:-$HOME/.ssh}/$OPTARG.pub; fi
fi
if [[ ! -f $key ]]; then echo "no file $key"; return 4; fi
echo key $key found, continuing
;;
o)
opts=$OPTARG
;;
e)
dr=""
;;
*)
echo unknown option -$OPTARG
# opts="$opts ${@:$OPTIND:1}"
# # ((OPTIND+=1))
# #echo remaining ${@:$OPTIND}
return 1
;;
esac
done
shift $((OPTIND - 1))
host=$1
if [[ ! $host ]]; then
echo "no host supplied, aborting"
echo "usage: sshpubkey <pubkey opts> host <ssh run options> -- <more ssh options>"
return 2
fi
shift 1
if [[ ! $* =~ "--" ]]; then
ropts=$*
else
ropts=$(sed 's/\(.*\)--.*/\1/' <<< "$*")
opts=$(sed 's/.*--\(.*\)/\1/' <<< "$*")
fi
# echo KEY $key
# echo HOST $host
# echo ROPTS $ropts
# echo OPTS $opts
# TODO add run remote function to ssh and this won't be required
module_load array
declare -a ret
scmd="ssh -r ${ropts} ${host}"
# echo "$cmd"
String::split ret "$($scmd)" ,
host=${ret[0]}; opts+=${ret[1]}; local sshpass=${ret[2]}
# echo "$host;$opts;$sshpass"
scmd="$sshpass $(which ssh) $opts $host"
if [[ ! $user ]]; then
if [[ $host =~ "@" ]]; then
user=$(sed 's/\(.*\)@.*/\1/' <<< "$host")
else
user=$(ssh_config_get -u $host)
[[ ! $user ]] && user=${DEFAULT_USER:-ubuntu}
fi
fi
rfcmd () (
local fn
fn=$1
shift 1
echo "bash -c '$(declare -f $fn); $fn $*'"
)
run () (
# echo "$scmd" "$_sudo"
# echo "$(rfcmd "$*")"
$scmd "$_sudo" "$(rfcmd "$*")"
)
# echo remote user: $user
if [[ $kuser ]]; then
_sudo="echo '${supass}' | sudo -u ${kuser} --stdin"
fi
if [[ $list ]]; then
run list_keys
return $?
fi
if [[ $rm ]]; then
############# REMOVE PUBLIC KEY #################
# todo allow removeall without access to public key
echo ">>>>> removing public key: \"$rm\" from ${kuser:-$user}"
[[ ! $dr ]] && replace=" -i"
run rm_key $replace $rm
return $?
fi
vkey=$(cat $key) # get actaul content of key file
## Alternate remote user?
if [[ $kuser ]]; then
[[ ! $supass ]] && { echo remote user, $user, password must be supplied for sudo. use -s;return 7; }
fi
if [[ $key ]] ; then
############## ADD PUBLIC KEY ########################
echo ">>>>>> sending key $key to remote user ${kuser:-$user}"
echo run command
run cpy_key $vkey
return $?
fi
}
function cpy_key () {
vkey=$*
if [[ $(cat $HOME/.ssh/authorized_keys | grep "$vkey") ]]; then
echo key $key already in authorized_keys for remote user $USER
else
echo -e "\nInstalling key for $USER"
echo -e "\n############ appending key to -s$HOME/.ssh/authorized_keys ############"
cat $HOME/.ssh/authorized_keys
echo "###########################"
# echo "#################### adding ####################"
# echo $vkey
# echo "#################################################"
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
mkdir $HOME/.ssh >/dev/null 2>&1
touch $HOME/.ssh/authorized_keys >/dev/null 2>&1
chmod 600 $HOME/.ssh/authorized_keys >/dev/null 2>&1
ls -la $HOME/.ssh/authorized_keys
fi
echo "$vkey" >> $HOME/.ssh/authorized_keys
ls -la $HOME/.ssh/authorized_keys
echo "******** updated authorized_keys for $USER *******************"
cat $HOME/.ssh/authorized_keys
echo "******************************************************"
fi
}
function rm_key () {
local kname; local replace; local found
[[ $1 = "-i" ]] && { replace=$1; shift 1; }
kname=$*
echo ""
if [[ ! -f $HOME/.ssh/authorized_keys ]]; then
echo no $HOME/authorized_keys file nothing to remove
else
# found=$(sed "\,$kname$,p" $HOME/.ssh/authorized_keys)
found=$(cat $HOME/.ssh/authorized_keys | grep "${kname}$")
if [[ $found ]]; then
echo key found in authorized_keys, removing...
echo "$found"
if [[ $replace ]]; then
echo "********updated authorized_keys file for $USER *******************"
sed $replace "\,$kname$,d" $HOME/.ssh/authorized_keys
cat $HOME/.ssh/authorized_keys
echo "******************************************************"
else
echo "--- this is a dry run by default ---"
echo "--- if you are SURE this is the key you want removed"
echo "--- run again with -e to actaully remove this key ---"
echo "!!! REMOVING THE WRONG KEY MAY RESULT IN LOOSING ACCESS TO THE MACHINE !!!"
fi
else
echo no key $kname found in the authorized_keys, nothing to remove
fi
fi
}
function list_keys () {
echo "********authorized_keys file for user: $USER at host: $HOSTNAME *******************"
cat $HOME/.ssh/authorized_keys
echo "******************************************************"
}