summaryrefslogtreecommitdiffstats
path: root/openssh/bin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xopenssh/bin/ssh-ca40
-rwxr-xr-xopenssh/bin/ssh-keycheck176
2 files changed, 216 insertions, 0 deletions
diff --git a/openssh/bin/ssh-ca b/openssh/bin/ssh-ca
new file mode 100755
index 0000000..675a2cf
--- /dev/null
+++ b/openssh/bin/ssh-ca
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+HOST="$(cat /etc/hostname)"
+
+Init ()
+{
+ echo "Init: creating CA key..."
+
+ if [ -e "/etc/ssh-ca/keys/ssh-ca@${HOST}" ] || [ -e "/etc/ssh-ca/keys/ssh-ca@${HOST}.pub" ]
+ then
+ echo "/etc/ssh-ca/keys/ssh-ca@${HOST} key already exists"
+ exit 1
+ fi
+
+ mkdir -p /etc/ssh-ca/keys
+ ssh-keygen -f "/etc/ssh-ca/keys/ssh-ca@${HOST}" -t ed25519 -C ssh-ca@${HOST} -N ""
+}
+
+Sign ()
+{
+ FILE="${1}"
+
+}
+
+case "${1}" in
+ init)
+ Init
+ ;;
+
+ sign)
+ Sign
+ ;;
+
+ *)
+ echo "Usage: ${0} {init}"
+ exit 1
+ ;;
+esac
diff --git a/openssh/bin/ssh-keycheck b/openssh/bin/ssh-keycheck
new file mode 100755
index 0000000..737b8cd
--- /dev/null
+++ b/openssh/bin/ssh-keycheck
@@ -0,0 +1,176 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+PROJECT="open-infrastructure"
+SOFTWARE="service-tools"
+PROGRAM="ssh-keycheck"
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="bits:,filename:,help,type:,verbose,"
+ GETOPT_OPTIONS="b:,f:,h,t:,v,"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${PROGRAM} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${PROGRAM}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -b|--bits)
+ BITS="${2}"
+ shift 2
+ ;;
+
+ -f|--filename)
+ FILES="${2}"
+ shift 2
+ ;;
+
+ -h|--help)
+ HELP="true"
+ shift 1
+ ;;
+
+ -t|--type)
+ TYPES="${2}"
+ shift 2
+ ;;
+
+ -v|--verbose)
+ VERBOSE="true"
+ shift 1
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${PROGRAM}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: ${PROGRAM} -f KEY_FILE[,KEY_FILE] [-b BITS[,BITS]] [-t TYPE[,TYPE]]" >&2
+ echo
+ echo "See ${PROGRAM}(1) and ${SOFTWARE}(7) for more information."
+
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${FILES}" ] || [ -n "${HELP}" ]
+then
+ Usage
+fi
+
+EXIT="0"
+
+for FILE in ${FILES}
+do
+ if [ ! -e "${FILE}" ]
+ then
+ echo "'${FILE}': no such key file" >&2
+ exit 1
+ fi
+
+ # Run
+ SSH_KEYGEN="$(ssh-keygen -l -f "${FILE}" 2>&1 || true)"
+
+ KEY_TYPE="$(echo "${SSH_KEYGEN}" | awk '{ print $NF }' | sed -e 's|(||' -e 's|)||' | tr '[A-Z]' '[a-z]')"
+ KEY_BITS="$(echo "${SSH_KEYGEN}" | awk '{ print $1 }')"
+
+ case "${KEY_TYPE}" in
+ dsa|ecdsa|ecdsa-sk|ed25519|ed25519-sk|rsa)
+ ;;
+
+ *)
+ case "${VERBOSE}" in
+ true)
+ echo "'${FILE}': invalid key file" >&2
+ ;;
+ esac
+
+ KEY_TYPE="unknown"
+ EXIT="1"
+ ;;
+ esac
+
+ if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${TYPES}" ]
+ then
+ case "${KEY_TYPE}" in
+ $(echo ${TYPES} | sed -e 's|,| |g'))
+ ;;
+
+ *)
+ echo "'${FILE}': wrong type" >&2
+ EXIT="1"
+ ;;
+ esac
+ fi
+
+ if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${BITS}" ]
+ then
+ case "${KEY_BITS}" in
+ $(echo ${BITS} | sed -e 's|,| |g'))
+ ;;
+
+ *)
+ echo "'${FILE}': wrong bits" >&2
+ EXIT="1"
+ ;;
+ esac
+ fi
+
+ case "${EXIT}" in
+ 0)
+ case "${VERBOSE}" in
+ true)
+
+cat << EOF
+filename: ${FILE}
+bits: ${KEY_BITS}
+type: ${KEY_TYPE}
+EOF
+
+ ;;
+ esac
+ ;;
+
+ esac
+done
+
+exit "${EXIT}"