forked from 0k/0k-charms
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
108 lines
2.3 KiB
108 lines
2.3 KiB
#!/bin/bash
|
|
|
|
RSYNC_KEY_PATH=/etc/rsync/keys
|
|
|
|
|
|
ANSI_ESC=$'\e['
|
|
|
|
NORMAL="${ANSI_ESC}0m"
|
|
|
|
GRAY="${ANSI_ESC}1;30m"
|
|
RED="${ANSI_ESC}1;31m"
|
|
GREEN="${ANSI_ESC}1;32m"
|
|
YELLOW="${ANSI_ESC}1;33m"
|
|
BLUE="${ANSI_ESC}1;34m"
|
|
PINK="${ANSI_ESC}1;35m"
|
|
CYAN="${ANSI_ESC}1;36m"
|
|
WHITE="${ANSI_ESC}1;37m"
|
|
|
|
DARKGRAY="${ANSI_ESC}0;30m"
|
|
DARKRED="${ANSI_ESC}0;31m"
|
|
DARKGREEN="${ANSI_ESC}0;32m"
|
|
DARKYELLOW="${ANSI_ESC}0;33m"
|
|
DARKBLUE="${ANSI_ESC}0;34m"
|
|
DARKPINK="${ANSI_ESC}0;35m"
|
|
DARKCYAN="${ANSI_ESC}0;36m"
|
|
DARKWHITE="${ANSI_ESC}0;37m"
|
|
|
|
|
|
ssh-key-ls() {
|
|
local label="$1" f content
|
|
for f in "${RSYNC_KEY_PATH}"/backup/"$label"/*.pub; do
|
|
[ -e "$f" ] || continue
|
|
ident=${f##*/}
|
|
ident=${ident%.pub}
|
|
content=$(cat "$f")
|
|
key=${content#* }
|
|
key=${key% *}
|
|
printf "${DARKGRAY}..${NORMAL}%24s ${DARKCYAN}%s${NORMAL}\n" "${key: -24}" "$ident"
|
|
done
|
|
}
|
|
|
|
|
|
ssh-key-rm() {
|
|
local label="$1" ident="$2" delete
|
|
|
|
delete="${RSYNC_KEY_PATH}/backup/$label/$ident.pub"
|
|
if ! [ -e "$delete" ]; then
|
|
echo "Error: key '$ident' not found." >&2
|
|
return 1
|
|
fi
|
|
rm "$delete"
|
|
|
|
/usr/local/sbin/ssh-update-keys
|
|
}
|
|
|
|
|
|
ssh-key-add() {
|
|
local label="$1" type="$2" key="$3" email="$4"
|
|
|
|
[ "$type" == "ssh-rsa" ] || {
|
|
echo "Error: expecting ssh-rsa key type" >&2
|
|
return 1
|
|
}
|
|
|
|
## ident are unique by construction (they are struct keys)
|
|
## but keys need to be also unique
|
|
declare -A keys
|
|
mkdir -p "${RSYNC_KEY_PATH}/backup/$label"
|
|
content="$type $key $email"
|
|
ident="${email##*@}"
|
|
target="${RSYNC_KEY_PATH}/backup/$label/$ident.pub"
|
|
if [ -e "$target" ]; then
|
|
old_content=$(cat "$target")
|
|
if [ "$content" == "$old_content" ]; then
|
|
echo "Provided key already present for '$ident'." >&2
|
|
return 0
|
|
fi
|
|
echo "Replacing key for '$ident'." >&2
|
|
elif [ -e "${RSYNC_KEY_PATH}/backup/"*"/$ident.pub" ]; then
|
|
echo "ident '$ident' is already reserved, please pick another one." >&2
|
|
return 1
|
|
fi
|
|
echo "$content" > "$target"
|
|
|
|
/usr/local/sbin/ssh-update-keys
|
|
}
|
|
|
|
|
|
|
|
|
|
case "$1" in
|
|
"add")
|
|
shift
|
|
ssh-key-add "$@"
|
|
;;
|
|
"rm")
|
|
shift
|
|
ssh-key-rm "$@"
|
|
;;
|
|
"ls")
|
|
shift
|
|
ssh-key-ls "$@"
|
|
;;
|
|
*)
|
|
echo "Unknown command '$1'."
|
|
;;
|
|
esac
|
|
|