Skip to content
This repository has been archived by the owner on Nov 8, 2021. It is now read-only.

SaveUserName must be Unsave in authorized_keys_command #27

Closed
michaelwittig opened this issue Mar 27, 2017 · 1 comment
Closed

SaveUserName must be Unsave in authorized_keys_command #27

michaelwittig opened this issue Mar 27, 2017 · 1 comment

Comments

@michaelwittig
Copy link
Contributor

Instead of

SaveUserName="$1"
SaveUserName=${SaveUserName//"+"/".plus."}
SaveUserName=${SaveUserName//"="/".equal."}
SaveUserName=${SaveUserName//","/".comma."}
SaveUserName=${SaveUserName//"@"/".at."}

the username must be changed in the opposite direction:

UnsaveUserName="$1"
UnsaveUserName=${SaveUserName//".plus."/"+"}
UnsaveUserName=${SaveUserName//".equal."/"="}
UnsaveUserName=${SaveUserName//".comma."/","}
UnsaveUserName=${SaveUserName//".at."/"@"}

(reported via email
@mvanbaak
Copy link
Contributor

Good one ;-)

@michaelwittig michaelwittig mentioned this issue Mar 28, 2017
Closed
@mvanbaak mvanbaak mentioned this issue Mar 29, 2017
Merged
michaelwittig pushed a commit that referenced this issue Mar 30, 2017
@mvanbaak @michaelwittig
When checking the ssh key, make sure we transform the "save" username…
17749fb 
… back to the original IAM "unsave" username. Fixes upstream issue #27 (#29)
michaelwittig pushed a commit that referenced this issue Apr 4, 2017
@mvanbaak @michaelwittig
Merge of my AssumeRole branch, and some other forks (#24)
5831d02 
* If defined, use IAM AssumeRole to fetch users and ssh keys from another AWS account

* Untested: Fold the ability to use IAM AssumeRole in the showcase CF template

* Import only specified IAM groups

While trying to implement this feature looking at the many forks,
I decided to mix the various implementations into something for
ourselves.

Split up the script in functions
Created some meaningfull global variables

* Change variable name so its the same as in the import_users.sh. Use read -r

* Restore ability to import all users by leaving IAM_AUTHORIZED_GROUPS empty

* Restore ability to specify an IAM group that should be added to sudo

* Add assumerole to install.sh

* Document how to setup cross account access

* Use same markdown style as the README.md

* Default to import all IAM users and update install.sh to explain how to limit the IAM groups to import

* Make the LOCAL_GROUPS optional and document in install.sh

* Handle iam users with a dash in the name

* Remove users no longer in the IAM groups we give access to the instance

* Handle the situation where a user is in more then one IAM group we want to sync

* use full path to usermod binary

* some more absolute paths to binaries that are normally not in the $PATH of cron

* And use absolute path to groupadd as well since cron could not find it

* fix typo

* Allow usernames with a dash. Thanks for spotting this one @malytic

* When checking the ssh key, make sure we transform the "save" username back to the original IAM "unsave" username. Fixes upstream issue #27
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelwittig @mvanbaak