#!/bin/sh

#
# generate-ssh-keys.sh - this script will generate missing ssh keys
#                        specified in /etc/default/firewall.d/deploy-servers.list
#
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk>
# Copyright (c) 2008 Platon Group, http://platon.sk/
# Licensed under terms of GNU General Public License.
# All rights reserved.
#
# Changelog:
# 2008-01-17 - created
#

DEFAULT_FIREWALL_CONFIG="${DEFAULT_FIREWALL_CONFIG:=/etc/default/firewall}"
DEFAULT_FIREWALL_CONFIG_DIR="${DEFAULT_FIREWALL_CONFIG_DIR:=/etc/default/firewall.d}"
RC_FW_SCRIPT="/etc/init.d/firewall"

# automatically add parameter from cmdline to deploy-servers.list
for conn in $*; do
	[ -d $HOME/.ssh/firewall.d/ ] || mkdir -p $HOME/.ssh/firewall.d/
	# generate hash from connection string. little security obfuscation (ls -la ~/.ssh/firewall.d/)
	hash=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | awk '{ print $1; }'`
	echo "$conn $HOME/.ssh/firewall.d/$hash" >> $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list
done

# always check if key files exists and generate&deploy them
while read conn keyfile
do
	case "$conn" in
		""|\#*)
		continue
		;;
	esac
	if [ -f $keyfile ] && [ -f $keyfile.pub ]; then
		echo "Key $conn OK"
	else
		echo "Generating key $conn ($keyfile)"
		ssh-keygen -f $keyfile
		cat $keyfile.pub \
			| ssh $conn -e none -F /dev/null \
			bash -c "echo > /dev/null ;  echo $RC_FW_SCRIPT \$SSH_CLIENT | awk '// { printf \"from=\\\"%s\\\",command=\\\"%s block\\\",no-pty,no-port-forwarding \", \$2, \$1; } ' \
			    >> \$HOME/.ssh/authorized_keys; \
			cat >> \$HOME/.ssh/authorized_keys;"
	fi
done < $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list

# $Platon: scripts/shell/firewall/generate-ssh-keys.sh,v 1.1 2008-01-17 22:00:13 rajo Exp $