You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#!/bin/bash
RSYNC_KEY_PATH=/etc/rsync/keysRECOVER_KEY_PATH=${RSYNC_KEY_PATH}/recover
ANSI_ESC=$'\e['
NORMAL="${ANSI_ESC}0m"
GRAY="${ANSI_ESC}1;30m"RED="${ANSI_ESC}1;31m"GREEN="${ANSI_ESC}1;32m"YELLOW="${ANSI_ESC}1;33m"BLUE="${ANSI_ESC}1;34m"PINK="${ANSI_ESC}1;35m"CYAN="${ANSI_ESC}1;36m"WHITE="${ANSI_ESC}1;37m"
DARKGRAY="${ANSI_ESC}0;30m"DARKRED="${ANSI_ESC}0;31m"DARKGREEN="${ANSI_ESC}0;32m"DARKYELLOW="${ANSI_ESC}0;33m"DARKBLUE="${ANSI_ESC}0;34m"DARKPINK="${ANSI_ESC}0;35m"DARKCYAN="${ANSI_ESC}0;36m"DARKWHITE="${ANSI_ESC}0;37m"
ssh:mk-private-key() { local comment="$1" ( tmpdir=$(mktemp -d) chmod go-rwx "$tmpdir" ssh-keygen -t rsa -N "" -f "$tmpdir/rsync_rsa" -C "$service_name@$host" >/dev/null cat "$tmpdir/rsync_rsa" rm -rf "$tmpdir" )}
md5() { local md5 md5=$(cat | md5sum) echo "${md5%% *}"}
request-recovery-key() { local label="$1" ident="$2" key public_key
## Admin should have claimed the ident with at least one backup key if [ -n "$label" ] && ! [ -e "${RSYNC_KEY_PATH}/backup/$label/$ident.pub" ]; then echo "Error: Current admin '$label' has no ident '$ident' claimed." >&2 return 1 fi
## Find new label while true; do key=$(ssh:mk-private-key "recover@$ident") md5=$(printf "%s" "$key" | md5) [ -e "${RECOVER_KEY_PATH}/$md5" ] || break done
mkdir -p "${RECOVER_KEY_PATH}" public_key=$(ssh-keygen -y -f <(printf "%s\n" "$key")) printf "%s %s\n" "$public_key" "recover@$ident" > "${RECOVER_KEY_PATH}/$md5.pub" touch "${RECOVER_KEY_PATH}/$md5" chmod go-rwx "${RECOVER_KEY_PATH}/$md5" printf "%s\n" "$key" | tee -a "${RECOVER_KEY_PATH}/$md5"
/usr/local/sbin/ssh-update-keys}
request-recovery-key "$@"
|
