From b84033c6415172ef8b1fd1309ba6b582ed370cb2 Mon Sep 17 00:00:00 2001 From: Andreas Gnau Date: Thu, 8 Jul 2021 12:46:56 +0200 Subject: [PATCH] iop: ssh_(install_key): Unify scripts and rework Unify the iop-subcommands install_key and ssh_install_key to one script. In addition: * Support new key types such as ssh-ed25519 which is supported by Dropbear nowadays. Also add unsupported ones to make them work automatically in the future. * For the install_key command, do not re-add keys already added * Read keys loaded into SSH Agent as well, which is useful when working with agent forwarding on a remote host or in a Docker container. * For the ssh_install_key command also add keys added manually to the build dir. --- iop/scripts/install_key.sh | 50 ++++++++++++++++++++++++++++++---- iop/scripts/ssh_install_key.sh | 17 ------------ 2 files changed, 44 insertions(+), 23 deletions(-) delete mode 100755 iop/scripts/ssh_install_key.sh diff --git a/iop/scripts/install_key.sh b/iop/scripts/install_key.sh index f75f5abc8..7fddca8cd 100755 --- a/iop/scripts/install_key.sh +++ b/iop/scripts/install_key.sh @@ -1,12 +1,29 @@ # this is a developer helper script to install the public ssh key in the created image +DROPBEAR_AUTHORIZED_KEYS_FILE=/etc/dropbear/authorized_keys + +function get_ssh_public_keys { + ( + shopt -s nullglob + # home directory, not all of those are supported by dropbear, + # but let's include them now already to decrease future maintenance + cat /dev/null ~/.ssh/{id_rsa,id_dsa,id_ecdsa,id_ecdsa_sk,id_ed25519,id_ed25519_sk,id_xmss}.pub 2> /dev/null + # keys added manually or automatically to the build dir + cat "files${DROPBEAR_AUTHORIZED_KEYS_FILE}" 2>/dev/null + # keys in the agent (useful when using SSH agent forwarding) + ssh-add -L 2> /dev/null + ) | sort | uniq +} + function install_key { - - mkdir -p files/etc/dropbear - test -e ~/.ssh/id_dsa.pub && cat ~/.ssh/id_dsa.pub >>files/etc/dropbear/authorized_keys - test -e ~/.ssh/id_rsa.pub && cat ~/.ssh/id_rsa.pub >>files/etc/dropbear/authorized_keys - chmod 0644 files/etc/dropbear/authorized_keys - + local build_dir_dropbear_authorized_keys_file="files${DROPBEAR_AUTHORIZED_KEYS_FILE}" + mkdir -p "$(dirname "$build_dir_dropbear_authorized_keys_file")" + get_ssh_public_keys > "$build_dir_dropbear_authorized_keys_file" + chmod 0644 "$build_dir_dropbear_authorized_keys_file" + echo "Keys in "$build_dir_dropbear_authorized_keys_file" are now:" + cat "$build_dir_dropbear_authorized_keys_file" + echo + echo "Disabling login on serial console..." echo "::sysinit:/etc/init.d/rcS S boot" >files/etc/inittab echo "::shutdown:/etc/init.d/rcS K shutdown" >>files/etc/inittab echo "console::askconsolelate:/bin/cttyhack /bin/ash --login" >>files/etc/inittab @@ -14,4 +31,25 @@ function install_key { echo Done } +function ssh_install_key_help() { + echo Usage: $0 ssh_install_key HOSTNAME + echo + echo "Installs SSH public keys to a device's authorized_keys file" +} + + +# this is a developer helper script to install the public ssh key on host running dropbear +function ssh_install_key { + if [ $# -ne 1 ] || [ "$1" == '--help' ]; then + ssh_install_key_help + [ $# -eq 1 ]; return + fi + host="$1" + local keys="$(get_ssh_public_keys)" + echo "Adding the following keys to $DROPBEAR_AUTHORIZED_KEYS_FILE on $host:" + echo "$keys" + ssh root@$host "echo '$keys' >> '$DROPBEAR_AUTHORIZED_KEYS_FILE'" && echo ok +} + +register_command "ssh_install_key" "Install the users public ssh key on host running dropbear" register_command "install_key" "Install the user's public ssh key in the created image" diff --git a/iop/scripts/ssh_install_key.sh b/iop/scripts/ssh_install_key.sh deleted file mode 100755 index 9e40a5d1d..000000000 --- a/iop/scripts/ssh_install_key.sh +++ /dev/null @@ -1,17 +0,0 @@ -# this is a developer helper script to install the public ssh key on host running dropbear - -function ssh_install_key { - if [ -e ~/.ssh/id_rsa.pub ]; then - echo "Adding public RSA key to $1" - KEY=`cat ~/.ssh/id_rsa.pub` - elif [ -e ~/.ssh/id_dsa.pub ]; then - echo "Adding public DSA key to $1" - KEY=`cat ~/.ssh/id_dsa.pub` - else - echo "No public key found" - exit 1 - fi - ssh root@$1 "echo '$KEY' >> /etc/dropbear/authorized_keys" && echo ok -} - -register_command "ssh_install_key" "Install the users public ssh key on host running dropbear"