#!/usr/bin/ksh # # SCRIPT: keyit # AUTHOR: Randy Michael # DATE: 7/31/2007 # REV: 1.0 # PLATFORM: Not platform dependent # REQUIREMENTS: OpenSSH # # PURPOSE: This script is used to set up # encryption keypairs between two hosts. # # set -x # Uncomment to debug this script # # set -n # Uncomment to check script syntax # # without any execution. Do not # # forget to add the comment back, # # or the script will never execute. # # USAGE: keyit remote_host username # ####################################### # DEFINE FILES AND VARIABLES HERE ####################################### RHOST=$1 THIS_USER=$2 THIS_SCRIPT=$(basename $0) THIS_HOST=$(hostname) ####################################### # DEFINE FUNCTIONS HERE ####################################### usage () { echo "\nUSAGE: $THIS_SCRIPT \ remote_host username\n" } ####################################### success_message () { KTYPE=$1 echo "\nSUCCESS: $KTYPE key pairs configured for $THIS_USER on $RHOST" echo "\n$THIS_USER should no longer require an SSH password on $RHOST" echo "when logging in directly, however, using the ssh commands:\n" echo "\tssh -l $THIS_USER $RHOST\nAND\n\tssh ${THIS_USER}@${RHOST}" echo "\nWHILE LOGGED IN LOCALLY AS ANOTHER USER will still not work" echo "without a valid user password\n" } ####################################### failure_message () { echo "\nERROR: Setting up the $KEYTYPE key pairs failed" echo "Ensure that OpenSSH is installed and running" echo "on both hosts. Then ensure that the user has" echo "a .ssh directory in their \$HOME directory." echo "See the man page on ssh and ssh-keygen" echo "for more details and manual setup\n" } ####################################### keyit_dsa () { # Append the local public key to the same user's # authorized_users file cat ~${THIS_USER}/.ssh/id_dsa.pub | ssh ${THIS_USER}@$RHOST \ "cat >> ~${THIS_USER}/.ssh/authorized_keys" if (( $? == 0 )) then success_message dsa else failure_message fi } ####################################### keyit_rsa () { # Append the local public key to the same user's # authorized_users file cat ~${THIS_USER}/.ssh/id_rsa.pub | ssh ${THIS_USER}@$RHOST \ "cat >> ~${THIS_USER}/.ssh/authorized_keys" if (( $? == 0 )) then success_message rsa else failure_message fi } ####################################### # BEGINNING OF MAIN ####################################### # Ensure the user $THIS_USER exists on the local system if ! $(/usr/bin/id $THIS_USER >/dev/null 2>&1) then echo "\nERROR: $THIS_USER is not a valid user on $THIS_HOST\n" usage exit 1 fi # Ensure ssh is installed locally if [[ ! -x /usr/bin/ssh && ! -x /usr/local/bin/ssh ]] then echo "\nERROR: SSH does not appear to be installed on this machine" echo "This script requires SSH...Exiting...\n" usage exit 2 fi # Check for proper usage if ! [ $2 ] then usage exit 1 fi # Ping the remote host 1 ping if ! $(ping -c1 $RHOST >/dev/null 2>&1) then echo "\nERROR: $RHOST is not pingable...Exiting...\n" exit 2 fi # Set up the key pairs for the configured key(s) SET=0 if [ -s ~$THIS_USER/.ssh/id_dsa.pub ] then keyit_dsa SET=1 fi if [ -s ~$THIS_USER/.ssh/id_rsa.pub ] then keyit_rsa SET=2 fi if (( SET == 0 )) then echo "\nERROR: SSH public key is not set for $THIS_USER..." echo "\nTo Configure Run: ssh-keygen -t type" echo "Where type is rsa or dsa encryption\n" echo "Would you like to set up the keys now? (y/n): \c" read REPLY case $REPLY in y|Y) if $(id $THIS_USER >/dev/null 2>&1) then echo "\nEncryption Type: (dsa or rsa?): \c" read KEYTYPE case "$KEYTYPE" in +([d|Ds|Sa|A])) KEYTYPE=dsa ;; +([r|Rs|Sa|A])) KEYTYPE=rsa ;; *) echo "\nERROR: Invalid entry...Exiting..." exit 1 ;; esac echo "\nAccept the defaults and do not enter a passphrase...\n" su - $THIS_USER "-c ssh-keygen -t $KEYTYPE" if (( $? == 0 )) then echo "\nSuccess, keying $THIS_USER on $RHOST\n" keyit_${KEYTYPE} $KEYTYPE fi else echo "\nERROR: $THIS_USER username does not exist\n" fi ;; *) # Do nothing : # A colon, :, is a "no-op" ;; esac fi ######################################### # END OF KEYIT SCRIPT #########################################