diff options
Diffstat (limited to '')
-rwxr-xr-x | openssh/bin/ssh-ca | 40 | ||||
-rwxr-xr-x | openssh/bin/ssh-keycheck | 176 |
2 files changed, 216 insertions, 0 deletions
diff --git a/openssh/bin/ssh-ca b/openssh/bin/ssh-ca new file mode 100755 index 0000000..675a2cf --- /dev/null +++ b/openssh/bin/ssh-ca @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +HOST="$(cat /etc/hostname)" + +Init () +{ + echo "Init: creating CA key..." + + if [ -e "/etc/ssh-ca/keys/ssh-ca@${HOST}" ] || [ -e "/etc/ssh-ca/keys/ssh-ca@${HOST}.pub" ] + then + echo "/etc/ssh-ca/keys/ssh-ca@${HOST} key already exists" + exit 1 + fi + + mkdir -p /etc/ssh-ca/keys + ssh-keygen -f "/etc/ssh-ca/keys/ssh-ca@${HOST}" -t ed25519 -C ssh-ca@${HOST} -N "" +} + +Sign () +{ + FILE="${1}" + +} + +case "${1}" in + init) + Init + ;; + + sign) + Sign + ;; + + *) + echo "Usage: ${0} {init}" + exit 1 + ;; +esac diff --git a/openssh/bin/ssh-keycheck b/openssh/bin/ssh-keycheck new file mode 100755 index 0000000..737b8cd --- /dev/null +++ b/openssh/bin/ssh-keycheck @@ -0,0 +1,176 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="service-tools" +PROGRAM="ssh-keycheck" + +Parameters () +{ + GETOPT_LONGOPTIONS="bits:,filename:,help,type:,verbose," + GETOPT_OPTIONS="b:,f:,h,t:,v," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${PROGRAM} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${PROGRAM}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -b|--bits) + BITS="${2}" + shift 2 + ;; + + -f|--filename) + FILES="${2}" + shift 2 + ;; + + -h|--help) + HELP="true" + shift 1 + ;; + + -t|--type) + TYPES="${2}" + shift 2 + ;; + + -v|--verbose) + VERBOSE="true" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${PROGRAM}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} -f KEY_FILE[,KEY_FILE] [-b BITS[,BITS]] [-t TYPE[,TYPE]]" >&2 + echo + echo "See ${PROGRAM}(1) and ${SOFTWARE}(7) for more information." + + exit 1 +} + +Parameters "${@}" + +if [ -z "${FILES}" ] || [ -n "${HELP}" ] +then + Usage +fi + +EXIT="0" + +for FILE in ${FILES} +do + if [ ! -e "${FILE}" ] + then + echo "'${FILE}': no such key file" >&2 + exit 1 + fi + + # Run + SSH_KEYGEN="$(ssh-keygen -l -f "${FILE}" 2>&1 || true)" + + KEY_TYPE="$(echo "${SSH_KEYGEN}" | awk '{ print $NF }' | sed -e 's|(||' -e 's|)||' | tr '[A-Z]' '[a-z]')" + KEY_BITS="$(echo "${SSH_KEYGEN}" | awk '{ print $1 }')" + + case "${KEY_TYPE}" in + dsa|ecdsa|ecdsa-sk|ed25519|ed25519-sk|rsa) + ;; + + *) + case "${VERBOSE}" in + true) + echo "'${FILE}': invalid key file" >&2 + ;; + esac + + KEY_TYPE="unknown" + EXIT="1" + ;; + esac + + if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${TYPES}" ] + then + case "${KEY_TYPE}" in + $(echo ${TYPES} | sed -e 's|,| |g')) + ;; + + *) + echo "'${FILE}': wrong type" >&2 + EXIT="1" + ;; + esac + fi + + if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${BITS}" ] + then + case "${KEY_BITS}" in + $(echo ${BITS} | sed -e 's|,| |g')) + ;; + + *) + echo "'${FILE}': wrong bits" >&2 + EXIT="1" + ;; + esac + fi + + case "${EXIT}" in + 0) + case "${VERBOSE}" in + true) + +cat << EOF +filename: ${FILE} +bits: ${KEY_BITS} +type: ${KEY_TYPE} +EOF + + ;; + esac + ;; + + esac +done + +exit "${EXIT}" |