2020-09-21 12:39:58 +02:00
#!/bin/bash
2020-09-22 13:18:45 +02:00
usage(){
cat << EOF
2020-09-22 20:35:47 +02:00
Usage: ssh-agent-start-or-restart [[-c]|[--create-only]]|[[-t]|[--token-only]]|[[-k]|[--key-only]]|[[-r]|[-f]|[--readd]|[--force]] [<ssh-identity>]
2020-09-22 13:18:45 +02:00
If started only with <ssh-identity>, the script looks up in configured identity-path \$SSH_IDENTITIES_DIR (${SSH_IDENTITIES_DIR}) if it can find a directory named after <ssh-identity>.
If no <ssh_identity> is given, the identity is set to \$SSH_DEFAULT_IDENTITY ($SSH_DEFAULT_IDENTITY) configured via Environment.
IF \$SSH_DEFAULT_IDENTITY is also not set, default is the SSH_DEFAULT_IDENTITY
The output is the name of the file, where ssh-agent infomations are hold to load it to current shell for further actions.
Use "$ eval \$(<outputfilenam>)", if you want to load the SSH_AUTH_SOCK and SSH_AGENT_PID in current shell or shorter "$ loadagent [<ssh_identity>]"
-c|--create-only Create or restart only the agent. Do not load any
key or token in it.
The Output is used for loading the agent in the current
shell. (loadagent <identity>)
-t|--token-only To add or renew only configured pkcs11-hardware-token
configured in ${SSH_IDENTITIES_DIR}/<ssh-identity>,
just use this.
-k|--key-only To add or renew only configured keys configured in
${SSH_IDENTITIES_DIR}/<ssh-identity>, just use this.
2020-09-22 20:35:47 +02:00
-r|-f|--readd-token|--force remove all in ${SSH_IDENTITIES_DIR}/<ssh-identity>
2020-09-22 13:18:45 +02:00
configured keys and tokens and readd them again.
Depends on -t an -k Option to select wheter only
keys or tokens only. If no -t and -k is given, all
keys and token are removed and readded again.
Just to be asked for password again, if you plugged off
hardware-token and plugged it in again.
2020-09-22 20:35:47 +02:00
--rm|--remove remove keys and token instead of adding them.
2020-09-22 13:18:45 +02:00
-h|--info Show this info
EOF
}
createonly=false
2020-09-22 09:47:15 +02:00
tokenonly=false
2020-09-22 20:35:47 +02:00
readd=false
2020-09-22 13:18:45 +02:00
keyonly=false
2020-09-22 20:35:47 +02:00
remove=false
2020-09-22 09:47:15 +02:00
while :; do
case $1 in
2020-09-22 13:18:45 +02:00
-c|--create-only)
createonly=true
2020-09-22 09:47:15 +02:00
shift
;;
-t|--token-only)
tokenonly=true
shift
;;
2020-09-22 13:18:45 +02:00
-k|--key-only)
keyonly=true
2020-09-22 12:13:19 +02:00
shift
;;
2020-09-22 20:35:47 +02:00
-r|-f|--readd-token|--force)
readd=true
shift
;;
--rm|--remove)
remove=true
2020-09-22 13:18:45 +02:00
shift
;;
-h|--info)
usage
exit 0
;;
-*)
echo "Unknown urgument: »$1«"
exit 1
;;
2020-09-22 09:47:15 +02:00
*)
2020-09-24 13:38:30 +02:00
#ssh_identity=${1-${SSH_DEFAULT_IDENTITY}}
ssh_identity=${1}
2020-09-22 09:47:15 +02:00
break
;;
esac
done
2020-09-21 23:31:11 +02:00
SCRIPTENTRY
2020-09-21 16:47:59 +02:00
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; }
2020-09-22 12:24:14 +02:00
[ -z "${SSH_AGENT_OPTIONS+x}" ] && { SSH_AGENT_OPTIONS=${SSH_AGENT_DEFAULT_OPTIONS--t 7200 }; export SSH_AGENT_OPTIONS; }
2020-09-21 21:37:38 +02:00
logdebug "SSH_AGENTS_DIR: $SSH_AGENTS_DIR" >&2
logdebug "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR" >&2
logdebug "SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR" >&2
2020-09-22 12:13:19 +02:00
logdebug "ssh-identität: $ssh_identity" >&2
2020-09-21 17:58:23 +02:00
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
2020-09-22 09:08:16 +02:00
2020-09-22 13:18:45 +02:00
2020-09-21 12:39:58 +02:00
agent-start-or-restart () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 12:39:58 +02:00
local ssh_identity
local agentfile
local agentsocket
2020-09-22 12:13:19 +02:00
local ret
2020-09-21 12:39:58 +02:00
if [ -n "${1+x}" ]; then
ssh_identity="$1"
2020-09-22 12:13:19 +02:00
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
if [ -d ${identitydir} ]; then
[ -e "${identitydir}/config" ] && . "${identitydir}/config"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
2020-09-24 10:35:56 +02:00
logtrace "agentfile: $agentfile" >&2
logtrace "agentsocket: $agentsocket" >&2
2020-09-22 12:13:19 +02:00
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
2020-09-22 20:35:47 +02:00
if (! $keyonly && ! $tokenonly ) && $remove ; then
2020-09-24 10:35:56 +02:00
loginfo "delete keys and tokens in ssh-agent $agentsocket"
2020-09-22 20:35:47 +02:00
loginfo "$(ssh-runinagent $agentfile ssh-add -D 2>&1)"
createonly=true
2020-09-22 12:13:19 +02:00
else
2020-09-22 20:35:47 +02:00
if [ -e $agentfile ]; then
local msg
2020-09-24 10:35:56 +02:00
# TODO make in runinagent
2020-09-22 20:35:47 +02:00
msg="$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l 2>&1")"
local ret=$?
logtrace "$msg"
case $ret in
0)
loginfo "agent is running" >&2
;;
1)
#logwarn "command failed on ssh-agent"
#logwarn "Output: $msg"
loginfo "agent is running, but:" >&2
logwarn "$msg"
;;
2)
2020-09-24 13:15:16 +02:00
loginfo "former agent is not running -> start it" >&2
2020-09-22 20:35:47 +02:00
[ -e $agentsocket ] && { logdebug -n "remove socketfile: $( rm -v "$agentsocket" )"; }
logdebug "$(ssh-agent -a $agentsocket ${SSH_AGENT_OPTIONS} > $agentfile )"
loginfo "agent started" >&2
;;
esac
else
2020-09-24 13:15:16 +02:00
loginfo "agent did not exist -> create it" >&2
2020-09-22 20:35:47 +02:00
#rm "$agentsocket"
logdebug "ssh-agent -a $agentsocket \> $agentfile"
logdebug "$(ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile )"
loginfo "agent started" >&2
fi
2020-09-22 12:13:19 +02:00
fi
2020-09-24 13:15:16 +02:00
logdebug "ssh-agent for identity »$ssh_identity«: $agentfile"
2020-09-24 13:38:30 +02:00
$createonly && logdebug "current loaded keys after action:
$(ssh-runinagent $agentfile ssh-add -l)"
2020-09-22 12:13:19 +02:00
echo $agentfile
ret=0
2020-09-21 16:47:59 +02:00
else
2020-09-24 13:15:16 +02:00
logwarn "ssh-identity »$ssh_identity« is not configured. Please create $identitydir and add keys"
2020-09-22 12:13:19 +02:00
ret=2
2020-09-21 12:39:58 +02:00
fi
2020-09-21 16:47:59 +02:00
2020-09-21 12:39:58 +02:00
else
2020-09-24 10:35:56 +02:00
if which gnome-keyring-daemon >/dev/null 2>&1; then
loginfo "no identity given -> gnome-keyrings ssh-agent"
agentfile="${SSH_AGENTS_DIR}/agent-gnome_session-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-gnome-session-$(hostname)"
gnome-keyring-daemon -s > $agentfile
2020-09-24 13:38:30 +02:00
logdebug "ssh-agent for identity »$ssh_identity«: $agentfile"
logdebug "currently loaded keys after action:
$(ssh-runinagent $agentfile ssh-add -l)"
2020-09-24 10:35:56 +02:00
echo $agentfile
ret=0
else
logwarn "no identity given -> exit"
ret=1
fi
2020-09-21 12:39:58 +02:00
fi
2020-09-21 23:31:11 +02:00
EXIT
2020-09-22 12:13:19 +02:00
return $ret
2020-09-21 12:39:58 +02:00
}
2020-09-21 16:47:59 +02:00
agent-load-identity-keys () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 16:47:59 +02:00
local ssh_identity
local agentfile
local agentsocket
local fingerprints
declare -a fingerprints
local fingerprint
local tokenfingerprint
if [ -n "${1+x}" ]; then
ssh_identity="$1"
2020-09-21 18:47:37 +02:00
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
2020-09-22 12:13:19 +02:00
if [ -d ${identitydir} ]; then
[ -e "${identitydir}/config" ] && . "${identitydir}/config"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
loginfo "ssh-identität: $ssh_identity" >&2
2020-09-24 10:35:56 +02:00
logdebug "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
logtrace "agentfile: $agentfile" >&2
logtrace "agentsocket: $agentsocket" >&2
logtrace "identitydir: $identitydir"
2020-09-22 12:13:19 +02:00
fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
2020-09-24 13:38:30 +02:00
logdebug "fingerprints from loaded keys before action:"
2020-09-24 13:05:26 +02:00
for f in ${fingerprints[*]};do
logdebug "$f"
done
2020-09-22 12:13:19 +02:00
if ! $tokenonly ; then
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do
2020-09-24 10:35:56 +02:00
fingerprint=$(ssh-keygen -l -f $key|awk '{print $2}')
2020-09-22 12:13:19 +02:00
if [[ ${fingerprints[*]} =~ "$fingerprint" ]]; then
2020-09-24 13:05:26 +02:00
logdebug "key: $(basename $key) (with fp $fingerprint) is loaded" >&2
2020-09-22 21:03:25 +02:00
if $readd || $remove ; then
2020-09-22 20:35:47 +02:00
$readd && logwarn "readd key $key" >&2
$remove && logwarn "remove key $key" >&2
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -d ${key} 2>&1)"
$remove || loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key} 2>&1)"
2020-09-22 13:18:45 +02:00
fi
2020-09-22 12:13:19 +02:00
else
2020-09-24 10:35:56 +02:00
logwarn "key: $key is not loaded -> load it" >&2
2020-09-24 13:05:26 +02:00
#loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -d ${key} 2>&1)"
2020-09-22 20:35:47 +02:00
$remove || loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key} 2>&1)"
2020-09-22 12:13:19 +02:00
fi
done
fi
2020-09-22 13:18:45 +02:00
if ! $keyonly ; then
for token in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
tokenfingerprint="$(ssh-keygen -l -D $token|tr -s ' '|awk '{print $2}')"
if [[ ${fingerprints[*]} =~ "$tokenfingerprint" ]]; then
2020-09-24 13:05:26 +02:00
logdebug "token: $token ($fingerprint) is loaded" >&2
2020-09-22 21:03:25 +02:00
if $readd || $remove ; then
2020-09-22 20:35:47 +02:00
$readd && logwarn "readd token $token" >&2
$remove && logwarn "remove token $token" >&2
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${token} 2>&1)"
$remove || loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${token} 2>&1)"
2020-09-22 13:18:45 +02:00
fi
else
2020-09-24 10:35:56 +02:00
logwarn "token: $token is not loaded -> load it" >&2
2020-09-22 20:35:47 +02:00
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e ${token} 2>&1)"
$remove || loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${token} 2>&1)"
2020-09-22 12:13:19 +02:00
fi
2020-09-22 13:18:45 +02:00
done
fi
2020-09-24 13:38:30 +02:00
logdebug "currently loaded keys after action:
2020-09-24 13:05:26 +02:00
$(ssh-runinagent $agentfile ssh-add -l)"
2020-09-22 12:13:19 +02:00
else
logwarn "ssh-identity $ssh_identity is not configured. Please create $identitydir and add keys"
2020-09-22 09:47:15 +02:00
fi
2020-09-21 16:47:59 +02:00
fi
2020-09-21 23:31:11 +02:00
EXIT
2020-09-21 16:47:59 +02:00
}
ssh-runinagent () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 16:47:59 +02:00
local agentfile
local command
2020-09-22 12:13:19 +02:00
local agentfile=${1}
2020-09-21 16:47:59 +02:00
shift
2020-09-22 12:13:19 +02:00
local sshcommand=${@}
2020-09-21 16:47:59 +02:00
2020-09-22 12:13:19 +02:00
logtrace "run command »$sshcommand« in agent $agentfile" >&2
2020-09-21 16:47:59 +02:00
if [ -e "$agentfile" ]; then
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>/dev/null; $sshcommand"
2020-09-22 12:13:19 +02:00
ret=$?
2020-09-21 16:47:59 +02:00
else
2020-09-21 21:24:47 +02:00
logwarn "agentfile not existent" >&2
2020-09-22 12:13:19 +02:00
ret=99
2020-09-21 16:47:59 +02:00
fi
2020-09-21 23:31:11 +02:00
2020-09-22 12:13:19 +02:00
EXIT
return $ret
2020-09-21 23:31:11 +02:00
2020-09-21 16:47:59 +02:00
}
2020-09-21 12:39:58 +02:00
2020-09-22 09:47:15 +02:00
agent-start-or-restart $ssh_identity
2020-09-22 13:18:45 +02:00
! $createonly && agent-load-identity-keys $ssh_identity
2020-09-21 23:31:11 +02:00
SCRIPTEXIT
2020-09-21 12:39:58 +02:00
exit $?