myshellconfig/bin/ssh-agent-start-or-restart

168 lines
5.5 KiB
Text
Raw Normal View History

2020-09-21 12:39:58 +02:00
#!/bin/bash
2020-09-22 09:47:15 +02:00
loadonly=false
tokenonly=false
while :; do
case $1 in
-l|--load-only-agent)
loadonly=true
shift
;;
-t|--token-only)
tokenonly=true
shift
;;
*)
ssh_identity=$1
break
;;
esac
done
2020-09-21 23:31:11 +02:00
SCRIPTENTRY
2020-09-21 16:47:59 +02:00
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
[ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; }
2020-09-21 21:37:38 +02:00
logdebug "SSH_AGENTS_DIR: $SSH_AGENTS_DIR" >&2
logdebug "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR" >&2
logdebug "SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR" >&2
2020-09-21 17:58:23 +02:00
[ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR"
[ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR"
[ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR"
2020-09-22 09:08:16 +02:00
2020-09-21 12:39:58 +02:00
agent-start-or-restart () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 12:39:58 +02:00
local ssh_identity
local agentfile
local agentsocket
if [ -n "${1+x}" ]; then
ssh_identity="$1"
2020-09-21 13:00:56 +02:00
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
2020-09-21 16:47:59 +02:00
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
2020-09-21 21:24:47 +02:00
logdebug "agentfile: $agentfile" >&2
logdebug "agentsocket: $agentsocket" >&2
2020-09-21 21:43:51 +02:00
logdebug "ssh-identität: $ssh_identity" >&2
2020-09-21 16:47:59 +02:00
if [ -e $agentfile ]; then
2020-09-21 12:39:58 +02:00
2020-09-22 09:47:15 +02:00
local msg="$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l")"
local ret=$?
logdebug "$msg"
case $ret in
2020-09-22 09:08:16 +02:00
0)
loginfo "agent is running" >&2
;;
1)
logwarn "command failed on ssh-agent"
2020-09-21 16:47:59 +02:00
;;
2)
2020-09-22 09:08:16 +02:00
loginfo "former agent is not running" >&2
[ -e $agentsocket ] && { logdebug -n "remove socketfile: $( rm -v "$agentsocket" )"; }
logdebug "$(ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile )"
loginfo "agent started" >&2
2020-09-21 16:47:59 +02:00
;;
esac
else
2020-09-22 09:08:16 +02:00
loginfo "agent did not exist" >&2
2020-09-21 16:47:59 +02:00
#rm "$agentsocket"
2020-09-21 21:43:51 +02:00
logdebug "ssh-agent -a $agentsocket \> $agentfile"
2020-09-22 09:08:16 +02:00
logdebug "$(ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile )"
loginfo "agent started" >&2
2020-09-21 12:39:58 +02:00
fi
2020-09-21 16:47:59 +02:00
2020-09-22 09:08:16 +02:00
logdebug "agent for $ssh_identity: $agentfile"
2020-09-21 12:39:58 +02:00
echo $agentfile
return 0
2020-09-21 16:47:59 +02:00
2020-09-21 12:39:58 +02:00
else
2020-09-21 21:43:51 +02:00
logwarn "no identity given - exit" >&2
2020-09-21 12:39:58 +02:00
return 1
fi
2020-09-21 23:31:11 +02:00
EXIT
2020-09-21 12:39:58 +02:00
}
2020-09-21 16:47:59 +02:00
agent-load-identity-keys () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 16:47:59 +02:00
local ssh_identity
local agentfile
local agentsocket
local fingerprints
declare -a fingerprints
local fingerprint
local tokenfingerprint
if [ -n "${1+x}" ]; then
ssh_identity="$1"
2020-09-21 18:47:37 +02:00
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
2020-09-22 09:08:16 +02:00
[ -e "${identitydir}/config" ] && . "${identitydir}/config"
2020-09-21 16:47:59 +02:00
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
2020-09-22 09:47:15 +02:00
loginfo "ssh-identität: $ssh_identity" >&2
loginfo "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
2020-09-21 21:24:47 +02:00
logdebug "agentfile: $agentfile" >&2
logdebug "agentsocket: $agentsocket" >&2
2020-09-22 09:08:16 +02:00
logdebug "identitydir: $identitydir"
2020-09-21 16:47:59 +02:00
fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
2020-09-22 09:47:15 +02:00
if ! $tokenonly ; then
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do
logdebug "key: $key"
fingerprint=$(ssh-keygen -l -f ~/.ssh/identities/bmi/id_ed25519|awk '{print $2}')
logtrace "${fingerprints[*]} and $fingerprint"
if [[ ${fingerprints[*]} =~ "$fingerprint" ]]; then
logdebug "$key is loaded" >&2
else
logdebug "$key is not loaded" >&2
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key})"
fi
done
fi
2020-09-22 09:08:16 +02:00
for token in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
logdebug "token: $token"
2020-09-21 16:47:59 +02:00
tokenfingerprint="$(ssh-keygen -l -D $token|tr -s ' '|awk '{print $2}')"
2020-09-21 22:08:30 +02:00
logtrace "${fingerprints[*]} and $tokenfingerprint"
2020-09-21 16:47:59 +02:00
if [[ ${fingerprints[*]} =~ "$tokenfingerprint" ]]; then
2020-09-21 21:24:47 +02:00
logdebug "$token is loaded" >&2
2020-09-21 16:47:59 +02:00
else
2020-09-21 21:24:47 +02:00
logdebug "$token is not loaded" >&2
2020-09-22 09:47:15 +02:00
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${token})"
2020-09-21 16:47:59 +02:00
fi
done
2020-09-22 09:08:16 +02:00
logdebug "current loaded keys: $(ssh-runinagent $agentfile ssh-add -l)"
2020-09-21 16:47:59 +02:00
fi
2020-09-21 23:31:11 +02:00
EXIT
2020-09-21 16:47:59 +02:00
}
ssh-runinagent () {
2020-09-21 23:31:11 +02:00
ENTRY
2020-09-21 16:47:59 +02:00
local agentfile
local command
agentfile=${1}
shift
sshcommand=${@}
2020-09-22 09:08:16 +02:00
logdebug "run command »$sshcommand« in agent $agentfile" >&2
2020-09-21 16:47:59 +02:00
if [ -e "$agentfile" ]; then
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>/dev/null; $sshcommand"
2020-09-21 23:31:11 +02:00
EXIT
2020-09-21 16:47:59 +02:00
return $?
else
2020-09-21 21:24:47 +02:00
logwarn "agentfile not existent" >&2
2020-09-21 23:31:11 +02:00
EXIT
2020-09-21 16:47:59 +02:00
return 1
fi
2020-09-21 23:31:11 +02:00
2020-09-21 16:47:59 +02:00
}
2020-09-21 12:39:58 +02:00
2020-09-22 09:47:15 +02:00
agent-start-or-restart $ssh_identity
! $loadonly && agent-load-identity-keys $ssh_identity
2020-09-21 23:31:11 +02:00
SCRIPTEXIT
2020-09-21 12:39:58 +02:00
exit $?