Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SSH authorization tool -OUD
10-19-2015, 10:14 AM (This post was last modified: 03-06-2018 11:02 AM by xwcwt.)
Post: #1
SSH authorization tool -OUD
overview:
When you need to run program as some user on remote host through SSH, you may want to add the certain ssh pub_key to the user's authorized_keys on remote host. cod://bin/sshauth.sh help add the public key to a number of hosts. Usually the program is installed in /thinker/bin

bin:rc//sshauth adds the public key to a single user's authorized_keys file on a single host. ./sshauth prints the usage info.

Usage:
Code:
./auth.sh pcf_file

the pcf_file format as below:
Code:
user:the username in remote host want to be ssh login without password
keypub:the public ssh key name, it assume under .ssh/ dir
ipcount:the count of the host/ip
ipX:the hostname/ip for the X one
portX:the port info for the X one, optional, default is 22

An example:
Code:
user: testuser
keypub: id_rsa.pub
ipcount: 2
ip1: 10.16.99.90
port1: 22
ip2: 10.16.99.91

Design:
Code:
read $user, $keypub, $ipcount, $ipX/$portX(X is 1,2..) from shell arguments

for i in range(1,$ipcount+1) {
    ssh -p $port{$i} $user@$ip{$i} "[[ ! -d ~/.ssh ]] && mkdir -p ~/.ssh && chmod 700 ~/.ssh; echo `cat $keypub` >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
}
----
20151019/gl: Slightly improve wording.
20160227/cwt: add concurrent version info.
20180305/cwt: add design info.
20180306/cwt: update design/usage info to latest one.
Quote this message in a reply
10-19-2015, 06:12 PM
Post: #2
RE: SSH authorization tool
We'd better move this to be with other SSH related stuff.
Find all posts by this user
Quote this message in a reply
02-27-2016, 11:13 AM
Post: #3
RE: SSH authorization tool
a concurrent version to add ssh keys locates bin:rc//authorize dir. there's a README file to indicate how to use.
Quote this message in a reply
03-28-2016, 12:07 PM
Post: #4
RE: SSH authorization tool
auth.sh should also 'chmod 600 .ssh/authorized_keys'.
Find all posts by this user
Quote this message in a reply
03-05-2018, 03:32 PM
Post: #5
RE: SSH authorization tool
the pseudo code of design as follow:

Code:
read $user, $keypub, $ips from shell arguments

while one $host read from $ips {
  if not meet EOF {
    concurrent to ssh $user@$host "[[ ! -d ~/.ssh ]] && mkdir -p ~/.ssh && chmod 700 ~/.ssh; echo `cat $keypub` >> ~/.ssh/authorized_keys"
  }
}
Find all posts by this user
Quote this message in a reply
03-05-2018, 03:36 PM (This post was last modified: 03-05-2018 03:41 PM by xwcwt.)
Post: #6
RE: SSH authorization tool
(03-05-2018 03:32 PM)xwcwt Wrote:  the pseudo code of design as follow:

Code:
read $user, $keypub, $ips from shell arguments

while one $host read from $ips {
  if not meet EOF {
     ssh $user@$host "[[ ! -d ~/.ssh ]] && mkdir -p ~/.ssh && chmod 700 ~/.ssh; echo `cat $keypub` >> ~/.ssh/authorized_keys"
  }
}

Driving example: http://tab.d-thinker.org/showthread.php?...http://tab.d-thinker.org/showthread.php?tid=3701&pid=6634 , the tool need support non-22 ssh port.

I suggest we use a PCF format file to control such vars, the PCF content can be:

Quote:user:the usename
keypub:the public key location
ips:the ips file location
port:the sshd port in remote host defined in ips


Quote:read $user, $keypub, $ips from shell arguments

Change to
Code:
PCF_file=$1
read $user, $keypub, $ips from $PCF_file by LearnPCF.

RR zma.
Find all posts by this user
Quote this message in a reply
03-05-2018, 05:27 PM
Post: #7
RE: SSH authorization tool
(03-05-2018 03:36 PM)xwcwt Wrote:  
Quote:ips:the ips file location
port:the sshd port in remote host defined in ips

Using PCF sounds good to me.

ips may be in the PCF too in a string separated by ','.

There may be multiple IPs. But there is one port.

I suggest using the resource locator format for ips and ports like:

ip1:port1,ip2:port2,ip3,ip4

Default port can be '22'.
Visit this user's website Find all posts by this user
Quote this message in a reply
03-05-2018, 05:51 PM
Post: #8
RE: SSH authorization tool
(03-05-2018 05:27 PM)zma Wrote:  
(03-05-2018 03:36 PM)xwcwt Wrote:  
Quote:ips:the ips file location
port:the sshd port in remote host defined in ips

Using PCF sounds good to me.

ips may be in the PCF too in a string separated by ','.

There may be multiple IPs. But there is one port.

I suggest using the resource locator format for ips and ports like:

ip1:port1,ip2:port2,ip3,ip4

Default port can be '22'.

My miss, yes, there's should be each port definition for each ip.

I guess LearnPCF does not support to parse ip1:port1,ip2:port2,ip3,ip4, in my test $ip1 will just be 'port1,ip2:port2,ip3,ip4'. What I thought is need to separate by ',' first then parse the key:value, @zma, or do you have other suggestion to do this easy?

Or how about the PCF file format for ips can be:

ipcount:5
ip1:xxx
port1:xxx
ip2:yyy
port2:yyyy
...
Find all posts by this user
Quote this message in a reply
03-05-2018, 06:20 PM
Post: #9
RE: SSH authorization tool
(03-05-2018 05:51 PM)xwcwt Wrote:  I guess LearnPCF does not support to parse ip1:port1,ip2:port2,ip3,ip4, in my test $ip1 will just be 'port1,ip2:port2,ip3,ip4'. What I thought is need to separate by ',' first then parse the key:value, @zma, or do you have other suggestion to do this easy?

Or how about the PCF file format for ips can be:

ipcount:5
ip1:xxx
port1:xxx
ip2:yyy
port2:yyyy
...

What I thought was like this

hostports: ip1:port1,ip2:port2,ip3,ip4

You suggested way looks good to me too. You can choose any one that looks good to you.
Visit this user's website Find all posts by this user
Quote this message in a reply
03-06-2018, 10:56 AM
Post: #10
RE: SSH authorization tool
(03-05-2018 06:20 PM)zma Wrote:  
(03-05-2018 05:51 PM)xwcwt Wrote:  I guess LearnPCF does not support to parse ip1:port1,ip2:port2,ip3,ip4, in my test $ip1 will just be 'port1,ip2:port2,ip3,ip4'. What I thought is need to separate by ',' first then parse the key:value, @zma, or do you have other suggestion to do this easy?

Or how about the PCF file format for ips can be:

ipcount:5
ip1:xxx
port1:xxx
ip2:yyy
port2:yyyy
...

What I thought was like this

hostports: ip1:port1,ip2:port2,ip3,ip4

You suggested way looks good to me too. You can choose any one that looks good to you.

I use the way I comment in above. committed in 3a19ba682311571a0b485fa7e2ae745e6884775a . updating the head-post.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: