2020-09-21 12:39:58 +02:00
#!/bin/bash
2022-02-03 17:27:26 +01:00
FILELOGLEVEL=DEBUG
2022-10-11 14:50:18 +02:00
. $(dirname $0)/../logging
2020-10-08 06:19:47 +02:00
# loggerfactory
LANG=C
2020-09-22 13:18:45 +02:00
usage(){
cat << EOF
2022-10-11 14:50:18 +02:00
Usage: $(basename $0) [[-c]|[--create-only]]|[[-t]|[--token-only]]|[[-k]|[--key-only]]|[[-r]|[-f]|[--readd]|[--force]] [<ssh-identity>]
2020-09-22 13:18:45 +02:00
If started only with <ssh-identity>, the script looks up in configured identity-path \$SSH_IDENTITIES_DIR (${SSH_IDENTITIES_DIR}) if it can find a directory named after <ssh-identity>.
If no <ssh_identity> is given, the identity is set to \$SSH_DEFAULT_IDENTITY ($SSH_DEFAULT_IDENTITY) configured via Environment.
IF \$SSH_DEFAULT_IDENTITY is also not set, default is the SSH_DEFAULT_IDENTITY
The output is the name of the file, where ssh-agent infomations are hold to load it to current shell for further actions.
Use "$ eval \$(<outputfilenam>)", if you want to load the SSH_AUTH_SOCK and SSH_AGENT_PID in current shell or shorter "$ loadagent [<ssh_identity>]"
-c|--create-only Create or restart only the agent. Do not load any
key or token in it.
The Output is used for loading the agent in the current
shell. (loadagent <identity>)
-t|--token-only To add or renew only configured pkcs11-hardware-token
configured in ${SSH_IDENTITIES_DIR}/<ssh-identity>,
just use this.
-k|--key-only To add or renew only configured keys configured in
${SSH_IDENTITIES_DIR}/<ssh-identity>, just use this.
2020-09-22 20:35:47 +02:00
-r|-f|--readd-token|--force remove all in ${SSH_IDENTITIES_DIR}/<ssh-identity>
2020-09-22 13:18:45 +02:00
configured keys and tokens and readd them again.
Depends on -t an -k Option to select wheter only
keys or tokens only. If no -t and -k is given, all
keys and token are removed and readded again.
Just to be asked for password again, if you plugged off
hardware-token and plugged it in again.
2020-09-22 20:35:47 +02:00
--rm|--remove remove keys and token instead of adding them.
2020-09-22 13:18:45 +02:00
-h|--info Show this info
EOF
}
2021-12-02 12:05:53 +01:00
check_token(){
2023-07-06 19:30:28 +02:00
if [ -e ~/.ssh/ssh_from_remote_auth_sock ]
then
logdebug "~/.ssh/ssh_from_remote_auth_sock is link"
. ~/.ssh/p11m
local agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
cat << EOF > $agentfile
SSH_AUTH_SOCK=~/.ssh/ssh_from_remote_auth_sock; export SSH_AUTH_SOCK
PKCS11_MODULE=${P11M}; export PKCS11_MODULE
EOF
# echo $agentfile
loginfo "$(cat $agentfile)"
return 0
else
logdebug "~/.ssh/ssh_from_remote_auth_sock is broken"
return 1
fi
2021-12-02 12:05:53 +01:00
}
2023-07-06 19:30:28 +02:00
# loginfo "a P11M: ${P11M}"
# loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
#
# [ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
# loginfo "b P11M: ${P11M}"
# loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
# # it's the same as "token" in functions.sh
# # defined here also, to work also in environments, where functions.sh couldn't be sourced
# [ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
#
# loginfo "c P11M: ${P11M}"
# loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
# # If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# # So remember and unset DISPLAY, and set it at the end again, if it was set before
# [ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
# [ $DISPLAY ] && logtrace "unset DISPLAY: $DISPLAY"
# [ $DISPLAY ] && unset DISPLAY
#
# # Write public keys of all in agent stored keys to a temporary file
# local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
# logtrace "tmppubkey: $tmppubkey"
# logdebug "C"
# tmpIFS="${IFS}"
# IFS=$'\n'
# for tmppk in $(ssh-add -L)
# do
# printf "%s" "$tmppk" |tee "${tmppubkey}" || return $?
# #echo "${tmppk}" > $tmppubkey || return $?
# #ssh-add -L > $tmppubkey || return $?
# # Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
# loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
# logdebug "$(ssh-add -l )"
# done
# logdebug "$(rm "${tmppubkey}")"
# IFS=$tmpIFS
# unset tmpIFS
# [ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
# [ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
#
#}
2021-12-02 12:05:53 +01:00
2020-09-22 13:18:45 +02:00
createonly=false
2020-09-22 09:47:15 +02:00
tokenonly=false
2020-09-22 20:35:47 +02:00
readd=false
2020-09-22 13:18:45 +02:00
keyonly=false
2020-09-22 20:35:47 +02:00
remove=false
2020-09-22 09:47:15 +02:00
while :; do
case $1 in
2020-09-22 13:18:45 +02:00
-c|--create-only)
createonly=true
2020-09-22 09:47:15 +02:00
shift
;;
-t|--token-only)
tokenonly=true
shift
;;
2020-09-22 13:18:45 +02:00
-k|--key-only)
keyonly=true
2020-09-22 12:13:19 +02:00
shift
;;
2020-09-22 20:35:47 +02:00
-r|-f|--readd-token|--force)
readd=true
shift
;;
--rm|--remove)
remove=true
2020-09-22 13:18:45 +02:00
shift
;;
-h|--info)
usage
exit 0
;;
-*)
2023-03-07 18:13:01 +01:00
echo "Unknown urgument: »$1«" >&2
2020-09-22 13:18:45 +02:00
exit 1
;;
2020-09-22 09:47:15 +02:00
*)
2020-09-24 13:38:30 +02:00
#ssh_identity=${1-${SSH_DEFAULT_IDENTITY}}
ssh_identity=${1}
2020-09-22 09:47:15 +02:00
break
;;
esac
done
2022-10-11 14:50:18 +02:00
agent_start_or_restart () {
2020-09-21 12:39:58 +02:00
2023-02-18 21:20:18 +01:00
logtrace "agent_start_or_restart"
2022-03-24 14:30:01 +01:00
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# So remember and unset DISPLAY, and set it at the end again, if it was set before
[ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
[ $DISPLAY ] && logtrace "unset DISPLAY: $DISPLAY"
[ $DISPLAY ] && unset DISPLAY
2020-09-21 12:39:58 +02:00
local ssh_identity
local agentfile
local agentsocket
2020-09-22 12:13:19 +02:00
local ret
2020-09-21 12:39:58 +02:00
if [ -n "${1+x}" ]; then
2020-09-26 07:03:47 +02:00
ssh_identity="${1}"
2020-09-22 12:13:19 +02:00
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
2020-09-26 07:03:47 +02:00
loginfo "ssh-identität: ${ssh_identity}" >&2
2020-09-22 12:13:19 +02:00
if [ -d ${identitydir} ]; then
[ -e "${identitydir}/config" ] && . "${identitydir}/config"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
2020-10-01 08:04:15 +02:00
logtrace "agentfile for ${ssh_identity}: $agentfile"
logtrace "agentsocket for ${ssh_identity}: $agentsocket"
2020-09-22 20:35:47 +02:00
if (! $keyonly && ! $tokenonly ) && $remove ; then
2020-10-01 08:04:15 +02:00
logdebug "delete keys and tokens in this ssh-agent"
2022-10-11 14:50:18 +02:00
logdebug "$(ssh_runinagent $agentfile ssh-add -D 2>&1)"
2020-09-22 20:35:47 +02:00
createonly=true
2020-09-22 12:13:19 +02:00
else
2020-09-22 20:35:47 +02:00
if [ -e $agentfile ]; then
local msg
2020-09-24 10:35:56 +02:00
# TODO make in runinagent
2020-09-22 20:35:47 +02:00
msg="$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l 2>&1")"
local ret=$?
2020-10-01 08:04:15 +02:00
logtrace "Output from check for running: $msg"
2020-09-22 20:35:47 +02:00
case $ret in
0)
2020-10-01 06:58:55 +02:00
logdebug "agent is running"
2020-09-22 20:35:47 +02:00
;;
1)
2020-10-01 06:58:55 +02:00
logdebug "agent is running, but:"
2022-09-14 14:43:45 +02:00
logwarning "$msg"
2020-09-22 20:35:47 +02:00
;;
2)
2020-10-01 06:58:55 +02:00
logdebug "former agent is not running -> start it"
2020-10-01 08:04:15 +02:00
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
2020-09-22 20:35:47 +02:00
[ -e $agentsocket ] && { logdebug -n "remove socketfile: $( rm -v "$agentsocket" )"; }
2023-07-03 09:46:04 +02:00
[ -e $agentfile ] && { logdebug -n "remove agentfile: $( rm -v "$agentfile" )"; }
2020-10-01 06:58:55 +02:00
logtrace "$(ssh-agent -a $agentsocket ${SSH_AGENT_OPTIONS} > $agentfile )"
logdebug "agent started"
2020-09-22 20:35:47 +02:00
;;
esac
else
2020-10-01 06:58:55 +02:00
logdebug "agent did not exist -> create it"
2023-07-03 09:46:04 +02:00
logtrace "ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS \> $agentfile"
2020-10-01 06:58:55 +02:00
logtrace "$(ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile )"
logdebug "agent started"
2020-09-22 20:35:47 +02:00
fi
2020-09-22 12:13:19 +02:00
fi
2020-10-01 08:04:15 +02:00
#logdebug "ssh-agent for identity »$ssh_identity«: $agentfile"
2020-10-01 06:58:55 +02:00
$createonly && logtrace "current loaded keys after action:
2022-10-11 14:50:18 +02:00
$(ssh_runinagent $agentfile ssh-add -l)"
2023-07-03 09:46:04 +02:00
loginfo agentfile: $agentfile
printf "%s" "$agentfile"
2020-09-22 12:13:19 +02:00
ret=0
2020-09-21 16:47:59 +02:00
else
2022-09-14 14:43:45 +02:00
logwarning "ssh-identity »$ssh_identity« is not configured. Please create $identitydir and add keys"
2020-09-22 12:13:19 +02:00
ret=2
2020-09-21 12:39:58 +02:00
fi
else
2020-09-24 10:35:56 +02:00
if which gnome-keyring-daemon >/dev/null 2>&1; then
2020-10-01 06:58:55 +02:00
logdebug "no identity given -> gnome-keyrings ssh-agent"
2020-09-24 10:35:56 +02:00
agentfile="${SSH_AGENTS_DIR}/agent-gnome_session-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-gnome-session-$(hostname)"
gnome-keyring-daemon -s > $agentfile
2020-09-26 07:03:47 +02:00
logdebug "$(cat $agentfile)"
2020-09-24 13:38:30 +02:00
logdebug "ssh-agent for identity »$ssh_identity«: $agentfile"
2020-09-26 07:03:47 +02:00
# logdebug "currently loaded keys after action:
2022-10-11 14:50:18 +02:00
#$(ssh_runinagent $agentfile ssh-add -l)"
2023-06-29 15:02:14 +02:00
printf "%s" "$agentfile"
2020-09-24 10:35:56 +02:00
ret=0
else
2022-09-14 14:43:45 +02:00
logwarning "no identity given -> exit"
2020-09-24 10:35:56 +02:00
ret=1
fi
2020-09-21 12:39:58 +02:00
fi
2022-03-24 14:30:01 +01:00
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
2020-09-22 12:13:19 +02:00
return $ret
2020-09-21 12:39:58 +02:00
}
2022-10-11 14:50:18 +02:00
agent_load_identity_keys () {
2020-09-21 16:47:59 +02:00
2023-02-18 21:20:18 +01:00
logtrace "agent_load_identity_keys"
2022-03-24 14:55:37 +01:00
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# So remember and unset DISPLAY, and set it at the end again, if it was set before
[ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
[ $DISPLAY ] && logtrace "unset DISPLAY: $DISPLAY"
[ $DISPLAY ] && unset DISPLAY
2020-09-21 16:47:59 +02:00
local ssh_identity
local agentfile
local agentsocket
local fingerprints
declare -a fingerprints
2021-03-02 22:41:52 +01:00
local pubkeysonly
declare -a pubkeysonly
2020-09-21 16:47:59 +02:00
local fingerprint
local tokenfingerprint
if [ -n "${1+x}" ]; then
2020-09-26 07:03:47 +02:00
ssh_identity="${1}"
2020-09-21 18:47:37 +02:00
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
2020-09-22 12:13:19 +02:00
if [ -d ${identitydir} ]; then
[ -e "${identitydir}/config" ] && . "${identitydir}/config"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
2020-09-24 10:35:56 +02:00
logdebug "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
2020-09-26 11:33:33 +02:00
logtrace "agentfile: $agentfile"
logtrace "agentsocket: $agentsocket"
2020-09-24 10:35:56 +02:00
logtrace "identitydir: $identitydir"
2020-09-22 12:13:19 +02:00
2022-10-11 14:50:18 +02:00
fingerprints=( $(ssh_runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
2020-09-24 13:38:30 +02:00
logdebug "fingerprints from loaded keys before action:"
2022-10-21 17:09:07 +02:00
for f in ${fingerprints[@]};do
2020-09-24 13:05:26 +02:00
logdebug "$f"
done
2020-09-22 12:13:19 +02:00
if ! $tokenonly ; then
2021-03-02 22:41:52 +01:00
# load keys
2020-09-22 12:13:19 +02:00
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do
2020-09-24 10:35:56 +02:00
fingerprint=$(ssh-keygen -l -f $key|awk '{print $2}')
2020-09-22 12:13:19 +02:00
if [[ ${fingerprints[*]} =~ "$fingerprint" ]]; then
2020-09-26 11:33:33 +02:00
logdebug "key: $(basename $key) (with fp $fingerprint) is loaded"
2020-09-22 21:03:25 +02:00
if $readd || $remove ; then
2020-10-01 06:58:55 +02:00
$readd && logdebug "re-add key $key"
$remove && logdebug "remove key $key"
2022-10-11 14:50:18 +02:00
logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -d ${key} 2>&1)"
$remove || logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key} 2>&1)"
2020-09-22 13:18:45 +02:00
fi
2020-09-22 12:13:19 +02:00
else
2020-10-01 06:58:55 +02:00
logdebug "key: $key is not loaded -> load it"
2022-10-11 14:50:18 +02:00
#logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -d ${key} 2>&1)"
$remove || logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key} 2>&1)"
2020-09-22 12:13:19 +02:00
fi
done
fi
2020-09-22 13:18:45 +02:00
if ! $keyonly ; then
2021-03-02 22:41:52 +01:00
# load tokens
for pubkey in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep "pub$\|public$"|grep -v "cert.pub"); do
if $( ls ${pubkey%.pub} 1>/dev/null 2>&1);then
2023-07-03 09:46:04 +02:00
logdebug "pubkey with privkey: ${pubkey} | ${pubkey%.pub}"
2021-03-02 22:41:52 +01:00
else
2023-02-18 21:20:18 +01:00
logdebug "pubkey without privkey: $pubkey"
2021-03-02 22:41:52 +01:00
pubkeysonly+=($pubkey)
fi
2021-05-20 00:04:54 +02:00
if [ -e "${pubkey%.pub}-cert.pub" ]; then
2022-09-14 14:43:45 +02:00
#logwarning "${pubkey%.pub}-cert.pub: $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}'))"
#logwarning "now: $(date +%s -d NOW)"
2021-07-08 10:33:59 +02:00
cert_exp_date=$(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -gt $(date +%s -d NOW) ] \
[ $(date +%s -d $cert_exp_date) -gt $(date +%s -d NOW) ] \
2022-09-14 14:43:45 +02:00
|| logwarning "CERTIFICATE IS NOT VALID ANYMORE: ${pubkey%.pub}-cert.pub"
2021-07-08 10:33:59 +02:00
#[ $(date +%s -d $(ssh-keygen -L -f "${pubkey%.pub}-cert.pub"|awk '$1 == "Valid:"{print $5}')) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
[ $(date +%s -d $cert_exp_date) -lt $(date +%s -d "$SSH_CERT_VALIDITY_WARN_SEC") ] \
2022-09-14 14:43:45 +02:00
&& logwarning "CERTIFICATE expires in $(echo "scale=0; ( `date -d $cert_exp_date +%s` - `date -d now +%s`) / (24*3600)" | bc -l) days: ${pubkey%.pub}-cert.pub"
2021-05-20 00:04:54 +02:00
fi
2021-03-02 22:41:52 +01:00
done
2021-05-11 12:10:52 +02:00
loginfo "pubkeysonly: ${pubkeysonly[@]} (count: ${#pubkeysonly[*]})"
2021-03-02 22:41:52 +01:00
2020-09-26 07:03:47 +02:00
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
2023-02-22 16:19:00 +01:00
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set} - key: $key"
2023-07-06 19:30:28 +02:00
if [ "$(readlink -f $key)" != "$PKCS11_MODULE" -a "${PKCS11_MODULE:-x}" != "x" ]
then
key="$PKCS11_MODULE"
else
export PKCS11_MODULE=$(readlink -f $key)
fi
2023-02-22 16:19:00 +01:00
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set} - key: $key"
2023-07-06 19:30:28 +02:00
grep -q "PKCS11_MODULE" "${agentfile}" >/dev/null 2>&1 && { sed -i -e '/PKCS11_MODULE/d' "${agentfile}"; key=$PKCS11_MODULE; }
2023-07-03 09:46:04 +02:00
printf "%s\n" "PKCS11_MODULE=$(readlink -f $key)" | tee -a "${agentfile}" >&2
2021-05-11 12:10:52 +02:00
2022-10-21 17:09:07 +02:00
tokenfingerprints=($(ssh-keygen -l -D $key|tr -s ' '|awk '{print $2}'))
2021-05-11 12:10:52 +02:00
2022-10-21 17:09:07 +02:00
logtrace "fingerprints: ${fingerprints[*]}"
logtrace "tokenfingerprints count: ${#tokenfingerprints[@]}"
2023-02-18 21:21:15 +01:00
if [ ${#tokenfingerprints[@]} -gt 1 ]; then
2023-02-23 10:02:59 +01:00
logerr "Found ${#tokenfingerprints[@]} in $key! Check if only one token is plugged into your computer"
2023-02-18 21:21:15 +01:00
else
2023-02-18 21:20:18 +01:00
tokenfingerprint=${tokenfingerprints[0]}
logtrace "tokenfingerprint: ${tokenfingerprint}"
2022-10-21 17:09:07 +02:00
if [[ "${fingerprints[@]}" =~ "$tokenfingerprint" ]]; then
logdebug "token: $key ($tokenfingerprint) is loaded"
check_pubkeysonly
if $readd || $remove ; then
$readd && logdebug "re-add token $key"
$remove && logdebug "remove token $key"
2023-02-23 10:02:59 +01:00
logtrace "agentfile1 $agentfile \$SSH_ADD_OPTIONS $key "
2022-10-21 17:09:07 +02:00
logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e "${key}" 2>&1)"
$remove || logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s "${key}" 2>&1)"
fi
else
logdebug "token: $key is not loaded -> load it"
logdebug "$(ssh_runinagent $agentfile ssh-add -v ${SSH_ADD_OPTIONS} -e ${key} 2>&1)"
$remove || logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${key} 2>&1)"
fi
2023-02-18 21:22:40 +01:00
fi
2020-09-22 13:18:45 +02:00
done
fi
2022-10-11 14:50:18 +02:00
loginfo "currently loaded keys after action: $(ssh_runinagent $agentfile ssh-add -l|wc -l)"
logdebug "$(ssh_runinagent $agentfile ssh-add -l)"
2020-09-22 12:13:19 +02:00
else
2022-09-14 14:43:45 +02:00
logwarning "ssh-identity $ssh_identity is not configured. Please create $identitydir and add keys"
2020-09-22 09:47:15 +02:00
fi
2020-09-21 16:47:59 +02:00
fi
2022-03-24 14:55:37 +01:00
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
2020-09-21 16:47:59 +02:00
}
2022-10-11 14:50:18 +02:00
function check_pubkeysonly () {
2021-03-21 00:58:17 +01:00
if [ ${#pubkeysonly[*]} -gt 0 ] ; then
for p in ${pubkeysonly[@]}; do
2023-02-23 10:02:59 +01:00
logtrace "pubkeyonly: $p"
logtrace "$(ssh_runinagent $agentfile ssh-add -T ${p} 2>&1)"
2022-10-11 14:50:18 +02:00
ssh_runinagent $agentfile ssh-add -T ${p} 2>&1 || { $remove || readd=true; break; }
2021-03-21 00:58:17 +01:00
done
else
2022-09-14 14:43:45 +02:00
logwarning "obviously there is no pubkey for the token in ${SSH_IDENTITIES_DIR}/${ssh_identity}/"
logwarning "you can add the pubkey with"
logwarning " ssh-add -L > ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_etoken.pub"
logwarning "make sure, only the token is loaded into ssh-agent with"
logwarning " ssh-add -l"
logwarning "only one line should be the output"
2021-03-21 00:58:17 +01:00
fi
logdebug "readd: $readd"
}
2022-10-11 14:50:18 +02:00
ssh_runinagent () {
2020-09-21 16:47:59 +02:00
2023-06-29 15:02:14 +02:00
local SSH_AUTH_SOCK
local SSH_AGENT_PID
2020-09-21 16:47:59 +02:00
local agentfile
local command
2020-09-22 12:13:19 +02:00
local agentfile=${1}
2020-09-21 16:47:59 +02:00
shift
2020-09-22 12:13:19 +02:00
local sshcommand=${@}
2020-09-21 16:47:59 +02:00
2020-09-26 11:33:33 +02:00
logtrace "run command »$sshcommand« in agent $agentfile"
2020-09-21 16:47:59 +02:00
if [ -e "$agentfile" ]; then
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>/dev/null; $sshcommand"
2020-09-22 12:13:19 +02:00
ret=$?
2020-09-21 16:47:59 +02:00
else
2022-09-14 14:43:45 +02:00
logwarning "agentfile not existent"
2020-09-22 12:13:19 +02:00
ret=99
2020-09-21 16:47:59 +02:00
fi
2020-09-21 23:31:11 +02:00
2020-09-22 12:13:19 +02:00
return $ret
2020-09-21 23:31:11 +02:00
2020-09-21 16:47:59 +02:00
}
2020-09-21 12:39:58 +02:00
2023-02-18 21:20:18 +01:00
SCRIPTENTRY
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; }
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
logtrace " SSH_AGENTS_DIR: $SSH_AGENTS_DIR"
logtrace "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR"
logtrace " SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
2021-12-02 15:12:23 +01:00
if [[ $SSH_TTY || $X2GO_SESSION ]] ; then
2022-10-11 14:50:18 +02:00
logdebug "Shell running with forwarded ssh-agent. Please add local token manually"
2021-12-02 12:05:53 +01:00
check_token
2023-07-06 19:30:28 +02:00
res=2
2021-10-11 08:00:27 +02:00
else
2021-10-14 08:20:27 +02:00
logdebug "run with local ssh-agent"
2023-07-06 19:30:28 +02:00
check_token
if [ $? -eq 0 ]
then
loginfo "run with remote agent"
printf "%s" "${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
#! $createonly && agent_load_identity_keys $ssh_identity
res=1
else
agent_start_or_restart $ssh_identity
! $createonly && agent_load_identity_keys $ssh_identity
res=0
fi
2021-10-11 08:00:27 +02:00
fi
2023-02-18 21:20:18 +01:00
2020-09-21 23:31:11 +02:00
SCRIPTEXIT
2023-07-06 19:30:28 +02:00
loginfo "return with $res"
2021-10-11 08:00:27 +02:00
exit $res