-
Notifications
You must be signed in to change notification settings - Fork 0
/
keytemp
executable file
·149 lines (128 loc) · 4.57 KB
/
keytemp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/usr/bin/env bash
# keytemp V0.0.1 -- Add Temporary SSH Public Key to user account.
# Copyright (C) 2017 Mark Coccimiglio <mcoccimiglio@rice.edu>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# This file is used to push an admin's Public SSH Key to a user's account
# to enable diagnostic login as the user. It also schedules an 'at' job to
# remove the admin key after 1 hour.
# Required packages for this script:
# BASH, PERL, AT
export DEBUG=0
export _VERSION='0.9.0'
export _authorized_keys='/root/.ssh/authorized_keys'
export _userAuthFile='./DumpFile.txt'
if (($DEBUG))
then
export _authorized_keys='./authorized_keys'
echo; echo
echo "<DEBUG HEADER>"
echo "\$0 : $0"
echo "\$1 : $1"
echo "\$2 : $2"
echo "\$3 : $3"
echo
echo "\$_VERSION : $_VERSION"
echo "\$_authorized_keys : $_authorized_keys"
echo "</DEBUG Header>"; echo
fi
function die
{
local message=$1
[ -z "$message" ] && message="Died"
echo "$message at ${BASH_SOURCE[1]}:${FUNCNAME[1]} line ${BASH_LINENO[0]}." >&2
exit 1
}
function usage
{
echo "keytemp: Temporarily add SSHKEY to a user's account."
echo "Usage: keytemp <set|unset|showkey> <username> <keyID>"
exit 1
}
export _action=$1
export _userName=$2
export _keyID=$3
### First level Sanity checks.
##
# unset is dependent on perl being installed.
which perl > /dev/null || die "perl missing. Please install perl"
which sed > /dev/null || die "sed missing. Please install sed"
if [ $1 == 'showkey' ]
then
egrep -v '^#|^$' $_authorized_keys | cut -d' ' -f3
exit 1
fi
# Test for proper usage.
if [ $# -lt 3 ]; then usage ; fi
test $_userName || usage
test $_action || usage
test $_keyID || usage
# We may NOT keytemp "root"
test $_userName == 'root' && die "Cannot keytemp root"
test $_userName == '0' && die "Cannot keytemp root"
# We must be "root" in order to run!!!
(($DEBUG)) || if [ $USER != 'root' ]; then die "Must be root to use this program." ; fi
# system must acknowledge user is valid and has accessible home directory.
getent passwd $_userName > /dev/null || die "User $_userName not valid."
export _homeDir=$(getent passwd ${_userName} | cut -d: -f6)
(($DEBUG)) || export _userAuthFile="${_homeDir}/.ssh/authorized_keys"
test $_homeDir || die "User \$HOME is set to NULL"
test -d $_homeDir || die "User $_userName home directory does not exist."
# Test keyID is present in source (/root/.ssh/authorized_keys)
test -s $_authorized_keys || die "${_authorized_keys} not found or ZERO Length"
(($DEBUG)) && echo "${_keyID}\$" "${_authorized_keys}"
egrep -q " ${_keyID}\$" "${_authorized_keys}" || die "keyID not found in $_authorized_keys"
#
##
### /First level Sanity checks.
### MAIN Body of work
##
#
#------------------------------------------------------------
case "$_action" in
set)
(($DEBUG)) && echo "set:: $_action : $_userName : $_keyID"
# Another Sanity Check
test -d "$_homeDir/.ssh" || { \
mkdir "${_homeDir}/.ssh" && \
chmod 700 ${_homeDir}/.ssh && \
touch ${_userAuthFile} && \
chown -R ${_userName}. ${_homeDir}/.ssh
}
# Add SSH Key to user authorized_keys file.
egrep "^.* ${_keyID}\$" "${_authorized_keys}" >> ${_userAuthFile}
# Add AT Job to remove key from user authorized_keys file.
(($DEBUG)) || echo "$0 unset ${_userName} ${_keyID}" | at now+1hour
(($DEBUG)) && echo "$0 unset ${_userName} ${_keyID}" | at now+2minutes
exit 0
;;
#------------------------------------------------------------
unset)
_keyID=$( sed 's/@/./g' <<< "${_keyID}" )
(($DEBUG)) && echo "unset:: $_action : $_userName : $_keyID"
perl -i -pe "s/^ssh.* ${_keyID}\n\$//" ${_userAuthFile}
exit 0
;;
#------------------------------------------------------------
*)
(($DEBUG)) && echo "::keytemp: unknown command: $_action \nfor: $_person \nkeyID: $_keyID\n\n"
echo "Unknown Command: $_action"
usage
exit 1
;;
esac
#------------------------------------------------------------
#
##
### /MAIN Body of work.