#!/bin/sh
#
# generate-ssh-keys.sh - this script will generate missing ssh keys
# specified in /etc/default/firewall.d/deploy-servers.list
#
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk>
# Copyright (c) 2008 Platon Group, http://platon.sk/
# Licensed under terms of GNU General Public License.
# All rights reserved.
#
# Changelog:
# 2008-01-17 - created
#
DEFAULT_FIREWALL_CONFIG="${DEFAULT_FIREWALL_CONFIG:=/etc/default/firewall}"
DEFAULT_FIREWALL_CONFIG_DIR="${DEFAULT_FIREWALL_CONFIG_DIR:=/etc/default/firewall.d}"
RC_FW_SCRIPT="/etc/init.d/firewall"
# automatically add parameter from cmdline to deploy-servers.list
for conn in $*; do
[ -d $HOME/.ssh/firewall.d/ ] || mkdir -p $HOME/.ssh/firewall.d/
# generate hash from connection string. little security obfuscation (ls -la ~/.ssh/firewall.d/)
hash=`dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum | awk '{ print $1; }'`
echo "$conn $HOME/.ssh/firewall.d/$hash" >> $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list
done
# always check if key files exists and generate&deploy them
while read conn keyfile
do
case "$conn" in
""|\#*)
continue
;;
esac
if [ -f $keyfile ] && [ -f $keyfile.pub ]; then
echo "Key $conn OK"
else
echo "Generating key $conn ($keyfile)"
ssh-keygen -f $keyfile
cat $keyfile.pub \
| ssh $conn -e none -F /dev/null \
bash -c "echo > /dev/null ; echo $RC_FW_SCRIPT \$SSH_CLIENT | awk '// { printf \"from=\\\"%s\\\",command=\\\"%s remote\\\",no-pty,no-port-forwarding \", \$2, \$1; } ' \
>> \$HOME/.ssh/authorized_keys; \
cat >> \$HOME/.ssh/authorized_keys;"
fi
done < $DEFAULT_FIREWALL_CONFIG_DIR/deploy-servers.list
# $Platon: scripts/shell/firewall/generate-ssh-keys.sh,v 1.2 2008-01-17 23:43:38 rajo Exp $
Platon Group <platon@platon.sk> http://platon.sk/
|