Automation of public/private key generation
Anton Burkhalter
anton.burkhalter at gmx.net
Fri Aug 9 19:27:47 EST 2002
Hi all,
I wrote a small script (developed and testet on Solaris 8), which
automates the generation and installation of the steps needed to put
keys in place. I you are interested to take it, feel free to do it.
--
*** Freundliche Gruesse **** Best regards ***
Anton Burkhalter
Dipl. El. Ing. HTL
Mobile:+41(0)78 844-0290
mailto:anton.burkhalter at gmx.net http://www.abu-online.com
--
If you are not the intended recipient of this email, you are not
authorized to make any use of it; please delete it and notify me
by return email. Thank you.
--
-------------- next part --------------
#!/bin/sh
# ******************************************************************************
# $Id: ssh-keymanager,v 1.1 2002/07/08 16:04:13 ccadmin Exp $
# Copyright (C) 2002 Anton Burkhalter, this is free software.
# ******************************************************************************
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# Author : Anton Burkhalter
#
# Description: Key Manager for OpenSSH
#
# Creation date : Sat Jul 6 17:57:52 MEST 2002
scriptID="\$Id: ssh-keymanager,v 1.1 2002/07/08 16:04:13 ccadmin Exp $" ;export scriptID
#
# Change history:
# $Log: ssh-keymanager,v $
# Revision 1.1 2002/07/08 16:04:13 ccadmin
# Initial revision
#
# ------------------------------------------------------------------------------
SAVEDIR=`pwd`
cd
MYHOMEDIR=`pwd`
MYHOSTNAME=`/bin/uname -n | cut -f1 -d .`
MYNAME=`basename $0`
TARGEThomedir=`pwd`
TARGEThostname=""
TARGETusername=${LOGNAME}
MYUSERNAME=${LOGNAME}
if [ -x /usr/xpg4/bin/cp ]; then
CP="/usr/xpg4/bin/cp -p"
else
CP="/usr/bin/cp"
fi
################################################################################
### functions ##################################################################
#
## ++
yes_or_no()
{
# Takes two arguments, a PROMPT and the default value (Y | N).
# Returns 0 if the user specified "Y", nonzero otherwise.
#
if [ ${#} -ne 2 ]; then
return 1
fi
if [ "${2}" = "Y" ]; then
DEFPMPT="([Y]/N):\c "
DEFVAL="Y"
else
DEFPMPT="(Y/[N]):\c "
DEFVAL="N"
fi
echo "${1} ${DEFPMPT} \c"
read ANS
: ${ANS:="${DEFVAL}"}
if [ "${ANS}" != "Y" -a "${ANS}" != "y" ]; then
return 1
fi
return 0
}
# -
## ++
do_info()
{
echo ""
echo "${scriptID}" | awk '{print "ssh-keymanager Version "$3" Release "$4}'
echo ""
echo "The basis of using ssh without typing your password is public key based"
echo "authentication. You need to generate a pair of public/private keys for"
echo "this. \"ssh-keymanager\" will help you to do that."
echo ""
echo " - It generates your public/private \"DSA\" keys using ssh-keygen. They"
echo " are encrypted on disk using DES, via your passphrase. The keys will"
echo " be saved in ~/.ssh as \"id_dsa\" and \"id_dsa.pub\"."
echo " Your public DSA key will get the name \"${USER}-id_dsa.pub\" which is"
echo " a copy of \"id_dsa.pub\"".
echo ""
echo " - The \"${USER}-id_dsa.pub\" will be added to \"~/.ssh/authorized_keys\""
echo " of the remote host you want to logon."
echo ""
}
# -
## ++
do_note()
{
echo ""
echo "NOTE:"
echo "It is possible to just press the enter key when prompted for a"
echo "passphrase, which will make a key with no passphrase. This is"
echo "a Bad Idea for an identity key, so don't do it. It is strongly"
echo "recommended using a passphrase !"
echo ""
echo "At the prompt \"Enter file in which to save the key...\", -> press the Return key."
echo "At the prompt \"Enter passphrase...\", -> enter your passphrase !"
echo ""
echo "It may take a while to generate the keys. Please wait..."
}
# -
## ++
get_target_hostname()
{
# globals in: MYUSERNAME
# out: TARGEThostname
if [ ${TARGEThostname:-Notset} = Notset ]; then
ANSWER="not_defined"
BADANSWER=${ANSWER}
else
ANSWER=${TARGEThostname}
fi
need_input="y"
while [ ${need_input} = "y" ]; do
echo ""
echo "Enter remote host name you want to logon:"
echo ""
echo "** Host name [${ANSWER}] : \c"
read ANS
: ${ANS:="${ANSWER}"}
if [ $ANS = ${BADANSWER} ];then
echo ""
else
TARGEThostname=${ANS}
echo ""
yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGEThostname}\"" Y
if [ ${?} -eq 0 ]; then
need_input="n"
echo ""
fi
ANSWER=${TARGEThostname}
fi
done
}
# -
## ++
get_target_username()
{
# globals in: MYUSERNAME, TARGEThostname
# out: TARGETusername
if [ ${TARGETusername:-Notset} = Notset ]; then
ANSWER="not_defined"
BADANSWER=${ANSWER}
else
ANSWER=${TARGETusername}
fi
need_input="y"
while [ ${need_input} = "y" ]; do
echo ""
echo "Enter the username on remote host \"${TARGEThostname}\""
echo ""
echo " Target username [${ANSWER}] : \c"
read ANS
: ${ANS:="${ANSWER}"}
if [ $ANS = ${BADANSWER} ];then
echo ""
else
TARGETusername=${ANS}
echo ""
yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGETusername}@${TARGEThostname}\"" Y
if [ ${?} -eq 0 ]; then
need_input="n"
echo ""
fi
ANSWER=${TARGETusername}
fi
done
}
# -
## ++
get_target_homedir()
{
# globals in: MYUSERNAME, TARGEThostname, TARGETusername
# out: TARGEThomedir
savedir=`pwd`
cd
if [ ${TARGETusername} = "root" ]; then
ANSWER="/"
else
ANSWER="/home/${TARGETusername}"
fi
need_input="y"
while [ ${need_input} = "y" ]; do
echo ""
echo "Enter the home directory of user \"${TARGETusername}\" on remote machine \"${TARGEThostname}\":"
echo ""
echo "** Home directory [${ANSWER}] : \c"
read ANS
: ${ANS:="${ANSWER}"}
TARGEThomedir=${ANS}
echo ""
yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGETusername}@${TARGEThostname}:${TARGEThomedir}/.ssh\"" Y
if [ ${?} -eq 0 ]; then
need_input="n"
echo ""
fi
ANSWER=${TARGEThomedir}
done
cd ${savedir}
unset savedir
}
# -
## ++
do_buildkeys()
{
# globals in: MYHOMEDIR, MYUSERNAME
/usr/bin/rm -f id_dsa*
do_note
ssh-keygen -b 1280 -t dsa
chmod 600 id_dsa.pub
${CP} id_dsa.pub ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub
chmod 600 ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub
echo ""
echo "A copy of our public key has been saved in"
echo "${MYHOMEDIR}/.ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub"
echo ""
}
# -
## ++
do_make_keys()
{
# globals in: MYHOMEDIR
if [ ! -d ${MYHOMEDIR}/.ssh ]; then
/usr/bin/rm -f ${MYHOMEDIR}/.ssh
mkdir ${MYHOMEDIR}/.ssh
fi
chmod 700 ${MYHOMEDIR}/.ssh
savedir=`pwd`
cd ${MYHOMEDIR}/.ssh
if [ -f id_dsa ] && [ -f id_dsa.pub ]; then
echo ""
echo "The following DSA keys already available:"
/usr/bin/ls -l | grep id_dsa | awk '{print " "$6" "$7" "$8" "$9}'
echo ""
yes_or_no "** do you need a new key pair " N
if [ ${?} -eq 0 ]; then
do_buildkeys
fi
else
do_buildkeys
fi
cd ${savedir}
unset savedir
}
# -
## ++
do_create_script()
{
# globals in: MYHOMEDIR, MYHOSTNAME, MYUSERNAME
/usr/bin/rm -f ${MYUSERNAME}_make_key
echo '#!/bin/sh' >> ${MYUSERNAME}_make_key
echo "# File: ${MYHOMEDIR}/${MYUSERNAME}_make_key" >> ${MYUSERNAME}_make_key
echo "# created by ssh-keymanager at: `date`" >> ${MYUSERNAME}_make_key
echo '#' >> ${MYUSERNAME}_make_key
echo 'PATH=/usr/bin;export PATH' >> ${MYUSERNAME}_make_key
echo "KEYNAME=\"${MYUSERNAME}@${MYHOSTNAME}\"" >> ${MYUSERNAME}_make_key
echo 'MYHOST=`/bin/uname -n | cut -f1 -d .`' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo 'cd' >> ${MYUSERNAME}_make_key
echo 'MYHOME=`pwd`' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo 'if [ ! -d ${MYHOME}/.ssh ]; then' >> ${MYUSERNAME}_make_key
echo ' /usr/bin/rm -f ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key
echo ' mkdir ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key
echo 'fi' >> ${MYUSERNAME}_make_key
echo 'chmod 700 ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo 'if [ ${MYHOME} -ne "/" ]; then' >> ${MYUSERNAME}_make_key
echo ' chmod 755 ${MYHOME}' >> ${MYUSERNAME}_make_key
echo 'fi' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo "if [ ! -f \${MYHOME}/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ]; then" >> ${MYUSERNAME}_make_key
echo ' echo ""' >> ${MYUSERNAME}_make_key
echo " echo \"Public key: \${MYHOME}/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub not found ...\"" >> ${MYUSERNAME}_make_key
echo ' echo ""' >> ${MYUSERNAME}_make_key
echo ' exit' >> ${MYUSERNAME}_make_key
echo 'fi' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo "/usr/bin/rm -f \${MYHOME}/.ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub" >> ${MYUSERNAME}_make_key
echo "mv ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub \${MYHOME}/.ssh" >> ${MYUSERNAME}_make_key
echo 'cd ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key
echo "chmod 600 ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub" >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo 'if [ -f authorized_keys ]; then' >> ${MYUSERNAME}_make_key
echo ' /usr/bin/rm -f authorized_keys.new' >> ${MYUSERNAME}_make_key
echo ' grep -v "${KEYNAME}" authorized_keys >authorized_keys.new' >> ${MYUSERNAME}_make_key
echo " cat ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub >> authorized_keys.new" >> ${MYUSERNAME}_make_key
echo ' /usr/bin/rm -f authorized_keys.bak' >> ${MYUSERNAME}_make_key
echo ' mv authorized_keys authorized_keys.bak' >> ${MYUSERNAME}_make_key
echo ' sort -u authorized_keys.new >authorized_keys' >> ${MYUSERNAME}_make_key
echo ' /usr/bin/rm -f authorized_keys.new' >> ${MYUSERNAME}_make_key
echo 'else' >> ${MYUSERNAME}_make_key
echo " cat ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub >> authorized_keys" >> ${MYUSERNAME}_make_key
echo 'fi' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo 'chmod 600 authorized_keys' >> ${MYUSERNAME}_make_key
echo 'cd' >> ${MYUSERNAME}_make_key
echo 'echo ""' >> ${MYUSERNAME}_make_key
echo "echo \"\${MYHOST}: ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub added to \${MYHOME}/.ssh/authorized_keys\"" >> ${MYUSERNAME}_make_key
echo 'echo ""' >> ${MYUSERNAME}_make_key
echo 'echo "done..."' >> ${MYUSERNAME}_make_key
echo '' >> ${MYUSERNAME}_make_key
echo "/usr/bin/rm -f ${MYUSERNAME}_make_key" >> ${MYUSERNAME}_make_key
chmod +x ${MYUSERNAME}_make_key
}
# -
## ++
do_transfer_files()
{
# globals in: MYUSERNAME, TARGEThomedir, TARGEThostname, TARGETusername
echo ""
echo "The public key ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub will be transfered to ${TARGEThostname}"
echo ""
if [ ${TARGETusername} = "root" ]; then
echo "scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:/"
scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:/
else
echo "scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:${TARGEThomedir}"
scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:${TARGEThomedir}
fi
echo ""
echo "The public key ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub will be added to:"
echo ""
echo " ${MYUSERNAME}@${TARGEThostname}:${TARGEThomedir}/.ssh/authorized_keys"
echo ""
echo "ssh ${TARGETusername}@${TARGEThostname} ${TARGEThomedir}/${MYUSERNAME}_make_key"
ssh ${TARGETusername}@${TARGEThostname} ${TARGEThomedir}/${MYUSERNAME}_make_key
/usr/bin/rm -f ${MYUSERNAME}_make_key
}
# -
## ++
do_hint()
{
echo ""
echo "********************************************************************************"
echo ""
echo "To login on remote machine without typing in your password do the following:"
echo ""
echo " You need to start the agent, tell it your passphrase, and hook up to"
echo " the agent whenever you need to connect to the remote machine."
echo ""
echo " Example: ssh-agent sh -c 'ssh-add && bash --login'"
echo " ssh ${TARGEThostname} -l ${TARGETusername}"
echo ""
echo "********************************************************************************"
echo ""
}
# -
################################################################################
### main starts here ##########################################################
#
do_info
get_target_hostname
get_target_username
get_target_homedir
do_make_keys
do_create_script
do_transfer_files
do_hint
cd ${SAVEDIR}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: anton.burkhalter.vcf
Type: text/x-vcard
Size: 193 bytes
Desc: Card for Anton Burkhalter
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020809/aab6b03f/attachment.vcf
More information about the openssh-unix-dev
mailing list