Subversion Repositories ALCASAR

Rev

Details | Last modification | View Log

Rev Author Line No. Line
3294 rexy 1 
#!/bin/bash
2 
 
3 
########################
4 
## SSH key management ##
5 
########################
6 
# The script is designed to setup manage allowed SSH keys on local replication user
7 
 
8 
# Constants
9 
readonly REPL_USER="replication"
10 
readonly REPL_SSH_AUTHORIZED_KEYS_FILE="/home/$REPL_USER/.ssh/authorized_keys"
11 
 
12 
# Variables
13 
mode=""
14 
regex=""
15 
file=""
16 
 
17 
# Check script args
18 
# $@: script args
19 
check_args() {
20 
	# Parse args
21 
	args="$(getopt --longoptions "add,delete,regex:,file:,list,show-pubkey,help" --options "a,d,r:,f:,l,h" -- "$@")"
22 
 
23 
	# Reset script args list
24 
	eval set -- "$args"
25 
 
26 
	# Print help
27 
	if [ "$#" -eq 1 ]
28 
	then
29 
		usage
30 
		return 4
31 
	fi
32 
 
33 
	# Loop over all args
34 
	while true
35 
	do
36 
		case "$1" in
37 
			--add | -a)
38 
				mode="add"
39 
				;;
40 
			--delete | -d)
41 
				mode="delete"
42 
				;;
43 
			--regex | -r)
44 
				regex="$2"
45 
				shift
46 
				;;
47 
			--file | -f)
48 
				file="$2"
49 
				if [ ! -f "$file" ]
50 
				then
51 
					echo "error: $file doesn't exist"
52 
					return 2
53 
				fi
54 
				shift
55 
				;;
56 
			--list | -l)
57 
				mode="list"
58 
				;;
59 
			--show-pubkey)
60 
				mode="show-pubkey"
61 
				;;
62 
			--help | -h)
63 
				usage
64 
				return 3
65 
				;;
66 
			--)
67 
				# End of args
68 
				break
69 
				;;
70 
			*)
71 
				echo "error: unknown $1" >&2
72 
				return 1
73 
				break
74 
				;;
75 
		esac
76 
		shift
77 
	done
78 
 
79 
	# All fields must be filled
80 
	case "$mode" in
81 
		add)
82 
			# Needed args to be passed
83 
			if [ -z "$file" ]
84 
			then
85 
				echo "error: file argument is missing" >&2
86 
				return 2
87 
			fi
88 
			;;
89 
		delete)
90 
			# Needed args to be passed
91 
			if [ -z "$regex" ]
92 
			then
93 
				echo "error: key hostregex is missing" >&2
94 
				return 2
95 
			fi
96 
			;;
97 
		*)
98 
			;;
99 
	esac
100 
}
101 
 
102 
# Print help message
103 
usage() {
104 
	echo "usage: $0 ACTION ARGUMENT"
105 
	echo
106 
	echo "	--help, -h"
107 
	echo "		print this help message"
108 
	echo
109 
	echo "ACTION"
110 
	echo "	--add, -a"
111 
	echo "		add a new key"
112 
	echo "	--delete, -d"
113 
	echo "		delete an authorized key"
114 
	echo "	--list, -l"
115 
	echo "		display authorized keys"
116 
	echo
117 
	echo "ARGUMENT"
118 
	echo "	--file=FILE, -f FILE"
119 
	echo "		pubkey file"
120 
	echo "	--regex=REGEX, -r REGEX"
121 
	echo "		regular expression to match"
122 
	echo
123 
	echo "EXAMPLES"
124 
	echo "	$0 --add --file=/tmp/new_id_rsa.pub"
125 
	echo "	$0 --delete --regex=root@remote.local"
126 
}
127 
 
128 
# Main
129 
check_args "$@" || exit
130 
 
131 
# Manage key
132 
case "$mode" in
133 
	add)
134 
		echo "Adding new key to authorized keys list..."
135 
		/usr/bin/cat "$file" >> "$REPL_SSH_AUTHORIZED_KEYS_FILE"
136 
		;;
137 
	delete)
138 
		echo "Deleting key from '$regex'..."
139 
		/usr/bin/sed -i "/$regex/d" "$REPL_SSH_AUTHORIZED_KEYS_FILE"
140 
		;;
141 
	list)
142 
		/usr/bin/cat "$REPL_SSH_AUTHORIZED_KEYS_FILE"
143 
		;;
144 
	show-pubkey)
145 
		/usr/bin/cat /root/.ssh/id_*.pub
146 
		;;
147 
	*)
148 
		echo "error: unknown mode" >&2
149 
		return 1
150 
		;;
151 
esac