jakob/myshellconfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix not loading correct key, new token

Browse source
This commit is contained in:
Jakobus Schürz 2020-09-22 09:47:15 +02:00
parent a17ab5dd9c
commit 8daca8dcc4
2 changed files with 65 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
bin/ssh-agent-start-or-restart
View file

@ -1,5 +1,24 @@
#!/bin/bash #!/bin/bash
loadonly=false
tokenonly=false
while :; do
case $1 in
-l|--load-only-agent)
loadonly=true
shift
;;
-t|--token-only)
tokenonly=true
shift
;;
*)
ssh_identity=$1
break
;;
esac
done
SCRIPTENTRY SCRIPTENTRY
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; } [ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; }
[ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; } [ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; }
@ -27,8 +46,10 @@ agent-start-or-restart () {
logdebug "ssh-identität: $ssh_identity" >&2 logdebug "ssh-identität: $ssh_identity" >&2
if [ -e $agentfile ]; then if [ -e $agentfile ]; then
loginfo "$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l >/dev/null")" local msg="$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l")"
case $? in local ret=$?
logdebug "$msg"
case $ret in
0) 0)
loginfo "agent is running" >&2 loginfo "agent is running" >&2
;; ;;
@ -80,13 +101,14 @@ agent-load-identity-keys () {
[ -e "${identitydir}/config" ] && . "${identitydir}/config" [ -e "${identitydir}/config" ] && . "${identitydir}/config"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)" agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)" agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
loginfo "ssh-identität: $ssh_identity" >&2
loginfo "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
logdebug "agentfile: $agentfile" >&2 logdebug "agentfile: $agentfile" >&2
logdebug "agentsocket: $agentsocket" >&2 logdebug "agentsocket: $agentsocket" >&2
logdebug "identitydir: $identitydir" logdebug "identitydir: $identitydir"
loginfo "ssh-identität: $ssh_identity" >&2
loginfo "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") ) fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
if ! $tokenonly ; then
for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/id_*|grep -v "pub$\|so$\|config$\|public$"); do
logdebug "key: $key" logdebug "key: $key"
fingerprint=$(ssh-keygen -l -f ~/.ssh/identities/bmi/id_ed25519|awk '{print $2}') fingerprint=$(ssh-keygen -l -f ~/.ssh/identities/bmi/id_ed25519|awk '{print $2}')
@ -98,6 +120,7 @@ agent-load-identity-keys () {
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key})" loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${key})"
fi fi
done done
fi
for token in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do for token in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}/*|grep "\.so$"); do
logdebug "token: $token" logdebug "token: $token"
tokenfingerprint="$(ssh-keygen -l -D $token|tr -s ' '|awk '{print $2}')" tokenfingerprint="$(ssh-keygen -l -D $token|tr -s ' '|awk '{print $2}')"
@ -106,7 +129,7 @@ agent-load-identity-keys () {
logdebug "$token is loaded" >&2 logdebug "$token is loaded" >&2
else else
logdebug "$token is not loaded" >&2 logdebug "$token is not loaded" >&2
loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s /${token})" loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${token})"
fi fi
done done
logdebug "current loaded keys: $(ssh-runinagent $agentfile ssh-add -l)" logdebug "current loaded keys: $(ssh-runinagent $agentfile ssh-add -l)"
@ -138,7 +161,7 @@ ssh-runinagent () {
} }
agent-start-or-restart $1 agent-start-or-restart $ssh_identity
agent-load-identity-keys $1 ! $loadonly && agent-load-identity-keys $ssh_identity
SCRIPTEXIT SCRIPTEXIT
exit $? exit $?

37
functions.sh
View file

@ -750,14 +750,23 @@ utoken () {
EXIT EXIT
} }
token () { token(){
ssh-agent-start-or-restart -t $1
}
tokenold () {
ENTRY ENTRY
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
[ -z "${SSH_ADD_OPTIONS+x}" ] && { SSH_ADD_OPTIONS=${SSH_ADD_DEFAULT_OPTIONS}; export SSH_ADD_OPTIONS; } [ -z "${SSH_ADD_OPTIONS+x}" ] && { SSH_ADD_OPTIONS=${SSH_ADD_DEFAULT_OPTIONS}; export SSH_ADD_OPTIONS; }
[ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR=${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}; export SSH_IDENTITIES_DIR; } [ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR=${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}; export SSH_IDENTITIES_DIR; }
local FORCE local FORCE
local ssh_identity local ssh_identity
FORCE=false local fingerprints
declare -a fingerprints
local tokenfingerprint
local agentfile
local FORCE=false
case $1 in case $1 in
-f) -f)
FORCE=true FORCE=true
@ -767,21 +776,23 @@ token () {
ssh_identity=${1-default} ssh_identity=${1-default}
;; ;;
esac esac
identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
logtrace "identitydir: $identitydir"
[ -e "${identitydir}/config" ] && echo found "${identitydir}/config"
[ -e "${identitydir}/config" ] && eval $(<"${identitydir}/config")
logtrace "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
local fingerprints
declare -a fingerprints
local tokenfingerprint
[ -z "${PKCS11_MODULE+x}" ] && { PKCS11_MODULE=/usr/lib64/p11-kit-proxy.so; export PKCS11_MODULE; }
if [ -n "${ssh_identity+x}" ]; then if [ -n "${ssh_identity+x}" ]; then
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)" identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity}
if [ -e "$agentfile" ]; then [ -e "${identitydir}/config" ] && logdebug "found ${identitydir}/config"
[ -e "${identitydir}/config" ] && eval $(<"${identitydir}/config")
loginfo "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)"
agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)"
loginfo "ssh-identität: $ssh_identity" >&2
loginfo "SSH_ADD_OPTIONS: $SSH_ADD_OPTIONS"
logdebug "agentfile: $agentfile" >&2
logdebug "agentsocket: $agentsocket" >&2
logdebug "identitydir: $identitydir"
fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") ) fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
if [ -e "$agentfile" ]; then
tokenfingerprint="$(ssh-keygen -l -D $PKCS11_MODULE|tr -s ' '|awk '{print $2}')" tokenfingerprint="$(ssh-keygen -l -D $PKCS11_MODULE|tr -s ' '|awk '{print $2}')"
logdebug "fingerprints ${fingerprints[*]}" logdebug "fingerprints ${fingerprints[*]}"