Commit b99f1eda authored by Darko Poljak's avatar Darko Poljak

Merge branch '__ssh_authorized_keys_remove_unknown' into 'master'

[__ssh_authorized_keys] add --remove-unknown parameter

See merge request !884
parents abac79d4 29c01802
Pipeline #1589 failed with stage
in 45 seconds
#!/bin/sh -e
file="$( . "$__type_explorer/file" )"
if [ -f "$file" ]
then
cat "$file"
fi
......@@ -60,6 +60,9 @@ nofile
Don't manage existence, ownership and permissions of the the authorized_keys
file.
remove-unknown
Remove undefined keys.
EXAMPLES
--------
......@@ -70,6 +73,12 @@ EXAMPLES
__ssh_authorized_keys root \
--key "$(cat ~/.ssh/id_rsa.pub)"
# same as above, but make sure your key is only key in
# root's authorized_keys file
__ssh_authorized_keys root \
--key "$(cat ~/.ssh/id_rsa.pub)" \
--remove-unknown
# allow key to login as user-name
__ssh_authorized_keys user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..."
......
......@@ -55,8 +55,12 @@ _cksum() {
echo "$1" | cksum | cut -d' ' -f 1
}
_type_and_key() {
echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
}
while read -r key; do
type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
type_and_key="$( _type_and_key "$key" )"
object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
set -- "$object_id"
set -- "$@" --file "$file"
......@@ -72,3 +76,24 @@ while read -r key; do
# Ensure __ssh_authorized_key does not read stdin
__ssh_authorized_key "$@" < /dev/null
done < "$__object/parameter/key"
if [ -f "$__object/parameter/remove-unknown" ] &&
[ -s "$__object/explorer/keys" ]
then
while read -r key
do
type_and_key="$( _type_and_key "$key" )"
if grep -Fq "$type_and_key" "$__object/parameter/key"
then
continue
fi
__ssh_authorized_key "remove-$( _cksum "$file$key" )" \
--file "$file" \
--key "$key" \
--state absent \
< /dev/null
done \
< "$__object/explorer/keys"
fi
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment