0k-charms/rsync-backup-target/build/src/usr/local/sbin/ssh-update-keys

#!/bin/bash


##
## code
##

KEYS=/etc/rsync/keys
RSYNC_HOME=/var/lib/rsync

mkdir -p "$RSYNC_HOME/.ssh"

##
## New
##

touch "$RSYNC_HOME"/.ssh/authorized_keys.new

for f in "$KEYS"/backup/*.pub; do
    [ -e "$f" ] || continue
    content=$(cat "$f")
    ident="${f##*/}"
    ident="${ident%.pub}"
    if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then
        echo "bad: '$ident'" >&2
        continue
    fi
    echo "command=\"/usr/local/sbin/ssh-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"
done >> "$RSYNC_HOME"/.ssh/authorized_keys.new

for f in "$KEYS"/admin/*.pub; do
    [ -e "$f" ] || continue
    content=$(cat "$f")
    echo "command=\"/usr/local/sbin/ssh-admin-cmd-validate\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"
done >> "$RSYNC_HOME"/.ssh/authorized_keys.new

mv "$RSYNC_HOME"/.ssh/authorized_keys{,.old}
mv "$RSYNC_HOME"/.ssh/authorized_keys{.new,}

chown rsync:rsync -R "$RSYNC_HOME"/.ssh -R