diff options
| author | Nullspoon <nullspoon@iohq.net> | 2014-10-16 17:02:43 -0600 |
|---|---|---|
| committer | Nullspoon <nullspoon@iohq.net> | 2014-10-16 17:02:43 -0600 |
| commit | 8c02fb5ae66cde2c62da953f986b943e99748aff (patch) | |
| tree | 26083ce9a945121f5b70976b160e7667c64d6154 | |
| parent | 17e980e4d9585fa0cda82bac4088ef2066c2f393 (diff) | |
| download | keymanage-8c02fb5ae66cde2c62da953f986b943e99748aff.tar.gz keymanage-8c02fb5ae66cde2c62da953f986b943e99748aff.tar.xz | |
What was I thinking back then.
| -rwxr-xr-x | keymanage | 388 |
1 files changed, 200 insertions, 188 deletions
@@ -24,6 +24,7 @@ action='' id='' user='' + # # Backups by a specific ssh key to <date_modified>.<key_name> # @@ -33,30 +34,31 @@ user='' # @return string The filename of the key backup # function backup_keys { - local ssh_base=$1 - local key=$2 - moved=0; - date="" - priv_ls=$(ls -l --time-style='+%Y%m%d%H%M%S' ${ssh_base}/${key}) - date=$(echo "${priv_ls}" | tr -s ' ' | cut -d ' ' -f 6); - # Rename the old key - if [[ -e "${ssh_base}/${key}" ]]; then - mv ${ssh_base}/${key} ${ssh_base}/${date}.${key} - moved=1; - fi - # Rename the old public key - if [[ -e "${ssh_base}/${key}.pub" ]]; then - mv ${ssh_base}/${key}.pub ${ssh_base}/${date}.${key}.pub - moved=1; - fi - if [[ ${moved} == 0 ]]; then - echo '' - else - chmod 700 ${ssh_base}/* - echo "${ssh_base}/${date}.${key}" - fi + local ssh_base=$1 + local key=$2 + moved=0; + date="" + priv_ls=$(ls -l --time-style='+%Y%m%d%H%M%S' ${ssh_base}/${key}) + date=$(echo "${priv_ls}" | tr -s ' ' | cut -d ' ' -f 6); + # Rename the old key + if [[ -e "${ssh_base}/${key}" ]]; then + mv ${ssh_base}/${key} ${ssh_base}/${date}.${key} + moved=1; + fi + # Rename the old public key + if [[ -e "${ssh_base}/${key}.pub" ]]; then + mv ${ssh_base}/${key}.pub ${ssh_base}/${date}.${key}.pub + moved=1; + fi + if [[ ${moved} == 0 ]]; then + echo '' + else + chmod 700 ${ssh_base}/* + echo "${ssh_base}/${date}.${key}" + fi } + # # Pushes specific public key to remote user's authorized_keys # @@ -66,32 +68,33 @@ function backup_keys { # @param new_key string The key, public or private, to be pushed # function push_key { - local conn=$1 - local old_key=$2 - local new_key=$3 - if [[ ${#new_key} -lt '4' ]]; then - echo "Key to be pushed is not a public key." - exit - fi - - ispub=$(key_is_public ${new_key}) - if [[ ${ispub} == 0 ]]; then - # Append .pub because a public key wasn't specified - new_key="${new_key}.pub" - fi - - local cmd="if [[ ! -d ~/.ssh/ ]]; then mkdir ~/.ssh/; fi" - cmd="${cmd} && echo '$(cat ${new_key})' >> ~/.ssh/authorized_keys" - - # Unset our identity file if it doesn't exist - local id_file="-i ${old_key}" - if [[ ${old_key} == '' ]]; then - id_file='' - fi - contents=$(cat ${new_key}) - ssh -q ${id_file} ${conn} "${cmd}" + local conn=$1 + local old_key=$2 + local new_key=$3 + if [[ ${#new_key} -lt '4' ]]; then + echo "Key to be pushed is not a public key." + exit + fi + + ispub=$(key_is_public ${new_key}) + if [[ ${ispub} == 0 ]]; then + # Append .pub because a public key wasn't specified + new_key="${new_key}.pub" + fi + + local cmd="if [[ ! -d ~/.ssh/ ]]; then mkdir ~/.ssh/; fi" + cmd="${cmd} && echo '$(cat ${new_key})' >> ~/.ssh/authorized_keys" + + # Unset our identity file if it doesn't exist + local id_file="-i ${old_key}" + if [[ ${old_key} == '' ]]; then + id_file='' + fi + contents=$(cat ${new_key}) + ssh -q ${id_file} ${conn} "${cmd}" } + # # Removes the specified public key from a remote user's authorized_keys file # @@ -100,30 +103,31 @@ function push_key { # @param key string The key to use for authentication which is to be removed # function remove_remote_key { - local conn=$1 - local key=$2 - pub_key='' - priv_key='' - ispub=$(key_is_public ${key}) - if [[ ${ispub} == 0 ]]; then - priv_key="${key}" - pub_key="${key}.pub" - else - priv_key="${key:0:-4}" - pub_key="${key}" - fi - contents=$(cat "${pub_key}") - local cmd="if [[ ! -d ~/.ssh/ ]]; then mkdir ~/.ssh/; fi" - cmd="${cmd} && cat ~/.ssh/authorized_keys | grep -v '${contents}' " - cmd="${cmd} > ~/.ssh/auth_keys" - cmd="${cmd} && mv ~/.ssh/auth_keys ~/.ssh/authorized_keys" - if [[ ${id} != '' ]]; then - ssh -q -i ${id} ${conn} "${cmd}" - else - ssh -q ${conn} "${cmd}" - fi + local conn=$1 + local key=$2 + pub_key='' + priv_key='' + ispub=$(key_is_public ${key}) + if [[ ${ispub} == 0 ]]; then + priv_key="${key}" + pub_key="${key}.pub" + else + priv_key="${key:0:-4}" + pub_key="${key}" + fi + contents=$(cat "${pub_key}") + local cmd="if [[ ! -d ~/.ssh/ ]]; then mkdir ~/.ssh/; fi" + cmd="${cmd} && cat ~/.ssh/authorized_keys | grep -v '${contents}' " + cmd="${cmd} > ~/.ssh/auth_keys" + cmd="${cmd} && mv ~/.ssh/auth_keys ~/.ssh/authorized_keys" + if [[ ${id} != '' ]]; then + ssh -q -i ${id} ${conn} "${cmd}" + else + ssh -q ${conn} "${cmd}" + fi } + # # Determines if the specified key is public (or not which would be private). # @@ -132,18 +136,19 @@ function remove_remote_key { # @return int Whether or not the key is public # function key_is_public { - key=$1 - if [[ ${#key} -lt '4' ]]; then - echo 0; - fi - # Check the extension - ext=${key:$((${#key}-4)):${#key}} - if [[ ${ext} == '.pub' ]]; then - echo 1; - fi - echo 0 + key=$1 + if [[ ${#key} -lt '4' ]]; then + echo 0; + fi + # Check the extension + ext=${key:$((${#key}-4)):${#key}} + if [[ ${ext} == '.pub' ]]; then + echo 1; + fi + echo 0 } + # # Generates a new ssh key of the length 4096 # @@ -151,11 +156,12 @@ function key_is_public { # @param bits int Number of bits in the new key (eg: 2048, 4096, 8192, etc.) # function gen_key { - local filepath=$1 - local bits=$2 - ssh-keygen -b ${bits} -f "${filepath}" -N '' + local filepath=$1 + local bits=$2 + ssh-keygen -b ${bits} -f "${filepath}" -N '' } + # # Prints the help text # @@ -179,50 +185,52 @@ of ssh keys on a llist of servers for the current or specified user. " } + function parse_args { - argv=(${@}) - # Parse the arguments - for(( i=0; i<${#argv[*]}; i++ )); do - if [[ ${argv[$i]} == '-h' || ${argv[$i]} == '--help' ]]; then - echo "$(get_help)" - exit - elif [[ ${argv[$i]} == '-m' || ${argv[$i]} == '--manifest' ]]; then - manifest=${argv[$i+1]} - i=$(( ${i} + 1 )) - elif [[ ${argv[$i]} == '-k' || ${argv[$i]} == '--key' ]]; then - key=${argv[$i+1]} - i=$(( ${i} + 1 )) - elif [[ ${argv[$i]} == '-i' || ${argv[$i]} == '--id' ]]; then - id=${argv[$i+1]} - i=$(( ${i} + 1 )) - elif [[ ${argv[$i]} == '-u' || ${argv[$i]} == '--user' ]]; then - user=${argv[$i+1]} - i=$(( ${i} + 1 )) - else - action=${argv[$i]} - fi - done - - # Enforce some business rules - echo - exit=0; - if [[ ${action} == '' ]]; then - echo "Please specify an action."; - echo " Available actions: push, remove, update." - echo - exit=1; - fi - if [[ ${manifest} == '' ]]; then - echo "Please specify a manifest file." - echo " Example: keymanage.sh action [-m|--manifest] ./systems.txt" - echo - exit=1; - fi - if [[ ${exit} == 1 ]]; then - exit - fi + argv=(${@}) + # Parse the arguments + for(( i=0; i<${#argv[*]}; i++ )); do + if [[ ${argv[$i]} == '-h' || ${argv[$i]} == '--help' ]]; then + echo "$(get_help)" + exit + elif [[ ${argv[$i]} == '-m' || ${argv[$i]} == '--manifest' ]]; then + manifest=${argv[$i+1]} + i=$(( ${i} + 1 )) + elif [[ ${argv[$i]} == '-k' || ${argv[$i]} == '--key' ]]; then + key=${argv[$i+1]} + i=$(( ${i} + 1 )) + elif [[ ${argv[$i]} == '-i' || ${argv[$i]} == '--id' ]]; then + id=${argv[$i+1]} + i=$(( ${i} + 1 )) + elif [[ ${argv[$i]} == '-u' || ${argv[$i]} == '--user' ]]; then + user=${argv[$i+1]} + i=$(( ${i} + 1 )) + else + action=${argv[$i]} + fi + done + + # Enforce some business rules + echo + exit=0; + if [[ ${action} == '' ]]; then + echo "Please specify an action."; + echo " Available actions: push, remove, update." + echo + exit=1; + fi + if [[ ${manifest} == '' ]]; then + echo "Please specify a manifest file." + echo " Example: keymanage.sh action [-m|--manifest] ./systems.txt" + echo + exit=1; + fi + if [[ ${exit} == 1 ]]; then + exit + fi } + # # Determines the path to the parent directory containing a file. # @@ -231,96 +239,100 @@ function parse_args { # @return string Path to the file's parent directory # function get_file_path { - filepath=$1 - filename=$(basename ${filepath}) - echo ${filepath} | sed "s/\(.*\)${filename}/\1/" + filepath=$1 + filename=$(basename ${filepath}) + echo ${filepath} | sed "s/\(.*\)${filename}/\1/" } + # # Push main function. One param because the rest are global # function key_push { - argv=( ${@} ) - if [[ ${id} == '' ]]; then - echo "No identity file specified (-i). This will likely be painful." - fi - for (( i=0; i<${#argv[*]}; i++ )); do - dest=${argv[$i]} - if [[ ${id} == '' ]]; then - push_key "${dest}" '' ${key} - else - push_key "${dest}" ${id} ${key} - fi - echo "Key ${key} added for ${dest}." - done + argv=( ${@} ) + if [[ ${id} == '' ]]; then + echo "No identity file specified (-i). This will likely be painful." + fi + for (( i=0; i<${#argv[*]}; i++ )); do + dest=${argv[$i]} + if [[ ${id} == '' ]]; then + push_key "${dest}" '' ${key} + else + push_key "${dest}" ${id} ${key} + fi + echo "Key ${key} added for ${dest}." + done } + # # Update main function. One param because the rest are global # function key_update { - argv=( ${@} ) - ssh_base=$(get_file_path ${key}) - filename=$(basename ${key}) - # Backup our old key - backup_key="$(backup_keys ${ssh_base} ${filename})" - - # Let's get to work on that new key - gen_key "${key}" 4096 - - for (( i=0; i<${#argv[*]}; i++ )); do - dest=${argv[$i]} - if [[ ${backup_key} == '' ]]; then - echo "No current key exists." - echo "Skipping backup and removal from remote." - # Push the new key - push_key "${dest}" '' ${key} - else - # Push the new key - push_key "${dest}" ${backup_key} ${key} - # Clean up the old key from our remote - remove_remote_key "${dest}" "${backup_key}" - fi - echo "Key ${key} updated for ${dest}." - done + argv=( ${@} ) + ssh_base=$(get_file_path ${key}) + filename=$(basename ${key}) + # Backup our old key + backup_key="$(backup_keys ${ssh_base} ${filename})" + + # Let's get to work on that new key + gen_key "${key}" 4096 + + for (( i=0; i<${#argv[*]}; i++ )); do + dest=${argv[$i]} + if [[ ${backup_key} == '' ]]; then + echo "No current key exists." + echo "Skipping backup and removal from remote." + # Push the new key + push_key "${dest}" '' ${key} + else + # Push the new key + push_key "${dest}" ${backup_key} ${key} + # Clean up the old key from our remote + remove_remote_key "${dest}" "${backup_key}" + fi + echo "Key ${key} updated for ${dest}." + done } + # # Remove main function. One param because the rest are global # function key_remove { - argv=( ${@} ) - for (( i=0; i<${#argv[*]}; i++ )); do - dest=${argv[$i]} - remove_remote_key "${dest}" "${key}" - echo "Key ${key} removed from ${dest}." - done + argv=( ${@} ) + for (( i=0; i<${#argv[*]}; i++ )); do + dest=${argv[$i]} + remove_remote_key "${dest}" "${key}" + echo "Key ${key} removed from ${dest}." + done } + # # The main function # function main { - # Parse our script args - # Believe me, this is a lot better than the alternatives - parse_args ${@} - - destinations=( $(cat ${manifest}) ) - # Key required - if [[ ${key} == '' ]]; then - echo -n "Please specify a key (-k) to ${action}." - echo - exit - fi - - # Let's start doing stuff - if [[ ${action} == 'push' ]]; then - key_push ${destinations[*]} - elif [[ ${action} == 'update' ]]; then - key_update ${destinations[*]} - elif [[ ${action} == 'remove' ]]; then - key_remove ${destinations[*]} - fi + # Parse our script args + # Believe me, this is a lot better than the alternatives + parse_args ${@} + + destinations=( $(cat ${manifest}) ) + # Key required + if [[ ${key} == '' ]]; then + echo -n "Please specify a key (-k) to ${action}." + echo + exit + fi + + # Let's start doing stuff + if [[ ${action} == 'push' ]]; then + key_push ${destinations[*]} + elif [[ ${action} == 'update' ]]; then + key_update ${destinations[*]} + elif [[ ${action} == 'remove' ]]; then + key_remove ${destinations[*]} + fi } main ${@} |