fix use of token from remote
This commit is contained in:
parent
35bfdb7dd0
commit
1884a7ebff
2 changed files with 32 additions and 44 deletions
|
@ -42,12 +42,18 @@ EOF
|
|||
}
|
||||
|
||||
check_token(){
|
||||
loginfo "a P11M: ${P11M}"
|
||||
loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||
|
||||
[ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
|
||||
loginfo "b P11M: ${P11M}"
|
||||
loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||
# it's the same as "token" in functions.sh
|
||||
# defined here also, to work also in environments, where functions.sh couldn't be sourced
|
||||
[ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
|
||||
|
||||
loginfo "c P11M: ${P11M}"
|
||||
loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
|
||||
# So remember and unset DISPLAY, and set it at the end again, if it was set before
|
||||
[ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
|
||||
|
@ -57,7 +63,7 @@ check_token(){
|
|||
# Write public keys of all in agent stored keys to a temporary file
|
||||
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
|
||||
logtrace "tmppubkey: $tmppubkey"
|
||||
loginfo "$(ssh-add -L > $tmppubkey)"
|
||||
ssh-add -L > $tmppubkey || return $?
|
||||
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
|
||||
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
|
||||
logdebug "$(rm "${tmppubkey}")"
|
||||
|
|
66
functions.sh
66
functions.sh
|
@ -21,48 +21,14 @@ promptcommandmunge () {
|
|||
EXIT
|
||||
}
|
||||
|
||||
function _pkcs11module_hook() {
|
||||
_pkcs11module_hook() {
|
||||
|
||||
# if [ -S ~/.ssh/ssh_from_remote_auth_sock ]
|
||||
# then
|
||||
# if ss -elx|grep -q $(readlink -f ~/.ssh/ssh_from_remote_auth_sok) # test if socket is active
|
||||
# then
|
||||
# # Use PKCS11_MODULE from remote connection, even when using local machine
|
||||
# # This is for: When i'm logged in from remote and working on local workstation, so i can use the token locally too
|
||||
# #echo "read p11m" >&2
|
||||
# if [ -e ~/.ssh/p11m ]
|
||||
# then
|
||||
# . ~/.ssh/p11m
|
||||
# else
|
||||
# rm ~/.ssh/p11m
|
||||
# unset P11M
|
||||
# unset PKCS11_MODULE
|
||||
# fi
|
||||
# fi
|
||||
# else
|
||||
# #echo "NOT read p11m, delete it!" >&2
|
||||
# [ -e ~/.ssh/p11m ] && { rm ~/.ssh/p11m; \
|
||||
# unset P11M; \
|
||||
# unset PKCS11_MODULE; \
|
||||
# }
|
||||
#
|
||||
# fi
|
||||
|
||||
if [ -z "${PKCS11_MODULE:+x}" ]
|
||||
if [ ! -z ${SSH_TTY:+x} ]; then
|
||||
# Ich bin remote
|
||||
if [ -n "${P11M:+x}" ]
|
||||
then
|
||||
# setze PKCS11_MODULE
|
||||
loginfo "PKCS11_MODULE not set yet"
|
||||
if [ -z "${P11M:+x}" ]
|
||||
then
|
||||
# komme ich nicht über ssh, oder P11M ist nicht gesetzt, dann suche das P11-KIT-PROXY Modul für PKCS11_MODULE
|
||||
logtrace "P11M not set -> search for p11-kit-proxy"
|
||||
PKCS11_MODULE="$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}')"
|
||||
[ -n "$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}')" ] && \
|
||||
export PKCS11_MODULE=$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}') || \
|
||||
{ loginfo "${pkcs11_module_default:-p11-kit-proxy.so} not forwarded by ssh or installed, unset P11M"; unset P11M; }
|
||||
else
|
||||
# komme ich über ssh, dann ist P11M (hoffentlich) gesetzt. Setze PKCS11_MODULE auf P11M
|
||||
logtrace "P11M set -> set PKCS11_MODULE to P11M"
|
||||
logdebug "P11M set -> set PKCS11_MODULE to P11M"
|
||||
PKCS11_MODULE=${P11M}
|
||||
if [ -n "${TMUX}" ]; then
|
||||
tmux set-environment P11M ${P11M}
|
||||
|
@ -70,14 +36,30 @@ function _pkcs11module_hook() {
|
|||
fi
|
||||
fi
|
||||
else
|
||||
# lass es gesetzt.
|
||||
logtrace "PKCS11_MODULE is set, do nothing"
|
||||
# Ich bin lokal
|
||||
if [ -z "${P11M:+x}" ]
|
||||
then
|
||||
# komme ich nicht über ssh, oder P11M ist nicht gesetzt, dann suche das P11-KIT-PROXY Modul für PKCS11_MODULE
|
||||
logdebug "P11M not set -> search for p11-kit-proxy"
|
||||
PKCS11_MODULE="$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}')"
|
||||
[ -n "$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}')" ] && \
|
||||
export PKCS11_MODULE=$(whereis ${pkcs11_module_default:-p11-kit-proxy.so}|awk '{print $2}') || \
|
||||
{ loginfo "${pkcs11_module_default:-p11-kit-proxy.so} not forwarded by ssh or installed, unset P11M"; unset P11M; }
|
||||
else
|
||||
# komme ich über ssh, dann ist P11M (hoffentlich) gesetzt. Setze PKCS11_MODULE auf P11M
|
||||
logdebug "P11M set -> set PKCS11_MODULE to P11M"
|
||||
PKCS11_MODULE=${P11M}
|
||||
if [ -n "${TMUX}" ]; then
|
||||
tmux set-environment P11M ${P11M}
|
||||
tmux set-environment -g P11M ${P11M}
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
loginfo "PKCS11_MODULE: $PKCS11_MODULE"
|
||||
|
||||
if [ -n "${TMUX}" -a -n "${PKCS11_MODULE}" ]; then
|
||||
logdebug "set PKCS11_MODULE also in tmux environment"
|
||||
loginfo "set PKCS11_MODULE also in tmux environment"
|
||||
tmux set-environment PKCS11_MODULE ${PKCS11_MODULE}
|
||||
tmux set-environment -g PKCS11_MODULE ${PKCS11_MODULE}
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue