forked from 0k/0k-charms
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 lines
1.8 KiB
76 lines
1.8 KiB
#!/bin/bash
|
|
|
|
RSYNC_KEY_PATH=/etc/rsync/keys
|
|
RECOVER_KEY_PATH=${RSYNC_KEY_PATH}/recover
|
|
|
|
|
|
ANSI_ESC=$'\e['
|
|
|
|
NORMAL="${ANSI_ESC}0m"
|
|
|
|
GRAY="${ANSI_ESC}1;30m"
|
|
RED="${ANSI_ESC}1;31m"
|
|
GREEN="${ANSI_ESC}1;32m"
|
|
YELLOW="${ANSI_ESC}1;33m"
|
|
BLUE="${ANSI_ESC}1;34m"
|
|
PINK="${ANSI_ESC}1;35m"
|
|
CYAN="${ANSI_ESC}1;36m"
|
|
WHITE="${ANSI_ESC}1;37m"
|
|
|
|
DARKGRAY="${ANSI_ESC}0;30m"
|
|
DARKRED="${ANSI_ESC}0;31m"
|
|
DARKGREEN="${ANSI_ESC}0;32m"
|
|
DARKYELLOW="${ANSI_ESC}0;33m"
|
|
DARKBLUE="${ANSI_ESC}0;34m"
|
|
DARKPINK="${ANSI_ESC}0;35m"
|
|
DARKCYAN="${ANSI_ESC}0;36m"
|
|
DARKWHITE="${ANSI_ESC}0;37m"
|
|
|
|
|
|
ssh:mk-private-key() {
|
|
local comment="$1"
|
|
(
|
|
tmpdir=$(mktemp -d)
|
|
chmod go-rwx "$tmpdir"
|
|
ssh-keygen -t rsa -N "" -f "$tmpdir/rsync_rsa" -C "$service_name@$host" >/dev/null
|
|
cat "$tmpdir/rsync_rsa"
|
|
rm -rf "$tmpdir"
|
|
)
|
|
}
|
|
|
|
|
|
md5() {
|
|
local md5
|
|
md5=$(cat | md5sum)
|
|
echo "${md5%% *}"
|
|
}
|
|
|
|
|
|
request-recovery-key() {
|
|
local label="$1" ident="$2" key public_key
|
|
|
|
## Admin should have claimed the ident with at least one backup key
|
|
if [ -n "$label" ] && ! [ -e "${RSYNC_KEY_PATH}/backup/$label/$ident.pub" ]; then
|
|
echo "Error: Current admin '$label' has no ident '$ident' claimed." >&2
|
|
return 1
|
|
fi
|
|
|
|
## Find new label
|
|
while true; do
|
|
key=$(ssh:mk-private-key "recover@$ident")
|
|
md5=$(printf "%s" "$key" | md5)
|
|
[ -e "${RECOVER_KEY_PATH}/$md5" ] || break
|
|
done
|
|
|
|
mkdir -p "${RECOVER_KEY_PATH}"
|
|
public_key=$(ssh-keygen -y -f <(printf "%s\n" "$key"))
|
|
printf "%s %s\n" "$public_key" "recover@$ident" > "${RECOVER_KEY_PATH}/$md5.pub"
|
|
touch "${RECOVER_KEY_PATH}/$md5"
|
|
chmod go-rwx "${RECOVER_KEY_PATH}/$md5"
|
|
printf "%s\n" "$key" | tee -a "${RECOVER_KEY_PATH}/$md5"
|
|
|
|
/usr/local/sbin/ssh-update-keys
|
|
}
|
|
|
|
|
|
request-recovery-key "$@"
|