#!/bin/bash RSYNC_KEY_PATH=/etc/rsync/keys ANSI_ESC=$'\e[' NORMAL="${ANSI_ESC}0m" GRAY="${ANSI_ESC}1;30m" RED="${ANSI_ESC}1;31m" GREEN="${ANSI_ESC}1;32m" YELLOW="${ANSI_ESC}1;33m" BLUE="${ANSI_ESC}1;34m" PINK="${ANSI_ESC}1;35m" CYAN="${ANSI_ESC}1;36m" WHITE="${ANSI_ESC}1;37m" DARKGRAY="${ANSI_ESC}0;30m" DARKRED="${ANSI_ESC}0;31m" DARKGREEN="${ANSI_ESC}0;32m" DARKYELLOW="${ANSI_ESC}0;33m" DARKBLUE="${ANSI_ESC}0;34m" DARKPINK="${ANSI_ESC}0;35m" DARKCYAN="${ANSI_ESC}0;36m" DARKWHITE="${ANSI_ESC}0;37m" ssh-key-ls() { local label="$1" f content for f in "${RSYNC_KEY_PATH}"/backup/"$label"/*.pub; do [ -e "$f" ] || continue ident=${f##*/} ident=${ident%.pub} content=$(cat "$f") key=${content#* } key=${key% *} printf "${DARKGRAY}..${NORMAL}%24s ${DARKCYAN}%s${NORMAL}\n" "${key: -24}" "$ident" done } ssh-key-rm() { local label="$1" ident="$2" delete delete="${RSYNC_KEY_PATH}/backup/$label/$ident.pub" if ! [ -e "$delete" ]; then echo "Error: key '$ident' not found." >&2 return 1 fi rm "$delete" /usr/local/sbin/ssh-update-keys } ssh-key-add() { local label="$1" type="$2" key="$3" email="$4" [ "$type" == "ssh-rsa" ] || { echo "Error: expecting ssh-rsa key type" >&2 return 1 } ## ident are unique by construction (they are struct keys) ## but keys need to be also unique declare -A keys mkdir -p "${RSYNC_KEY_PATH}/backup/$label" content="$type $key $email" ident="${email##*@}" target="${RSYNC_KEY_PATH}/backup/$label/$ident.pub" if [ -e "$target" ]; then old_content=$(cat "$target") if [ "$content" == "$old_content" ]; then echo "Provided key already present for '$ident'." >&2 return 0 fi echo "Replacing key for '$ident'." >&2 elif [ -e "${RSYNC_KEY_PATH}/backup/"*"/$ident.pub" ]; then echo "ident '$ident' is already reserved, please pick another one." >&2 return 1 fi echo "$content" > "$target" /usr/local/sbin/ssh-update-keys } case "$1" in "add") shift ssh-key-add "$@" ;; "rm") shift ssh-key-rm "$@" ;; "ls") shift ssh-key-ls "$@" ;; *) echo "Unknown command '$1'." ;; esac