Platon Technologies
not logged in Login Registration
EnglishSlovak
open source software development celebrating 10 years of open source development! Saturday, August 15, 2020

File: [Platon] / scripts / shell / firewall / generate-ssh-keys.sh (download)

Revision 1.3, Sat Feb 11 18:59:55 2012 UTC (8 years, 6 months ago) by rajo


Changes since 1.2: +2 -2 lines

Implemented remote update function.
deploy-block is not backward compatible, update to latest version.

#!/bin/sh

#
# generate-ssh-keys.sh - this script will generate missing ssh keys
#                        specified in /etc/default/firewall.d/deploy-servers.list
#
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk>
# Copyright (c) 2008 Platon Group, http://platon.sk/
# Licensed under terms of GNU General Public License.
# All rights reserved.
#
# Changelog:
# 2008-01-17 - created
#

DEFAULT_FIREWALL_CONFIG="${DEFAULT_FIREWALL_CONFIG:=/etc/default/firewall}"
DEFAULT_FIREWALL_CONFIG_DIR="${DEFAULT_FIREWALL_CONFIG_DIR:=/etc/default/firewall.d}"
RC_FW_SCRIPT="/etc/init.d/firewall"

# automatically add parameter from cmdline to deploy-servers.list
for conn in $*; do
    [ -d $HOME/.ssh/firewall.d/ ] || mkdir -p $HOME/.ssh/firewall.d/
    # generate hash from connection string. little security obfuscation (ls -la ~/.ssh/firewall.d/)
    hash=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | awk '{ print $1; }'`
    echo "$conn $HOME/.ssh/firewall.d/$hash" >> $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list
done

# always check if key files exists and generate&deploy them
while read conn keyfile
do
    case "$conn" in
        ""|\#*)
        continue
        ;;
    esac
    if [ -f $keyfile ] && [ -f $keyfile.pub ]; then
        echo "Key $conn OK"
    else
        echo "Generating key $conn ($keyfile)"
        ssh-keygen -f $keyfile
        cat $keyfile.pub \
            | ssh $conn -e none -F /dev/null \
            bash -c "echo > /dev/null ;  echo $RC_FW_SCRIPT \$SSH_CLIENT | awk '// { printf \"from=\\\"%s\\\",command=\\\"%s remote\\\",no-pty,no-port-forwarding \", \$2, \$1; } ' \
                >> \$HOME/.ssh/authorized_keys; \
            cat >> \$HOME/.ssh/authorized_keys;"
    fi
done < $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list

# $Platon: scripts/shell/firewall/generate-ssh-keys.sh,v 1.2 2008-01-17 23:43:38 rajo Exp $


Platon Group <platon@platon.org> http://platon.org/
Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top