#!/bin/bash SCRIPTENTRY [ -z "${SSH_IDENTITIES_DIR+x}" ] && { SSH_IDENTITIES_DIR="${SSH_IDENTITIES_DEFAULT_DIR-${HOME}/.ssh/identities}"; export SSH_IDENTITIES_DIR; } [ -z "${SSH_AGENTS_DIR+x}" ] && { SSH_AGENTS_DIR=${SSH_AGENTS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENTS_DIR; } [ -z "${SSH_AGENT_SOCKETS_DIR+x}" ] && { SSH_AGENT_SOCKETS_DIR=${SSH_AGENT_SOCKETS_DEFAULT_DIR-~/.ssh/agents}; export SSH_AGENT_SOCKETS_DIR; } logdebug "SSH_AGENTS_DIR: $SSH_AGENTS_DIR" >&2 logdebug "SSH_AGENT_SOCKETS_DIR: $SSH_AGENT_SOCKETS_DIR" >&2 logdebug "SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR" >&2 [ -z "${SSH_AGENTS_DIR-x}" ] || mkdir -vp "$SSH_AGENTS_DIR" [ -z "${SSH_AGENT_SOCKETS_DIR-x}" ] || mkdir -vp "$SSH_AGENT_SOCKETS_DIR" [ -z "${SSH_IDENTITIES_DIR-x}" ] || mkdir -vp "$SSH_IDENTITIES_DIR" agent-start-or-restart () { ENTRY local ssh_identity local agentfile local agentsocket if [ -n "${1+x}" ]; then ssh_identity="$1" agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)" agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)" logdebug "agentfile: $agentfile" >&2 logdebug "agentsocket: $agentsocket" >&2 logdebug "ssh-identität: $ssh_identity" >&2 if [ -e $agentfile ]; then # look if agent is reachable # local sshsock sshpid # sshsock=$SSH_AUTH_SOCK # sshpid=$SSH_AGENT_PID # unset SSH_AUTH_SOCK SSH_AGENT_PID logdebug "$(/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>&1; ssh-add -l")" case $? in 0|1) logdebug "agent is running" >&2 ;; 2) logdebug "agent is not running 1" >&2 [ -e $agentsocket ] && rm "$agentsocket" ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile 2>&2 logdebug "agent started" >&2 ;; esac else logdebug "agent is not running 2" >&2 #rm "$agentsocket" logdebug "ssh-agent -a $agentsocket \> $agentfile" ssh-agent -a $agentsocket $SSH_AGENT_OPTIONS > $agentfile 2>&2 logdebug "agent started" >&2 fi loginfo "agent for $ssh_identity: $agentfile" echo -n "agent for $ssh_identity: " >&2 echo $agentfile return 0 else logwarn "no identity given - exit" >&2 return 1 fi EXIT } agent-load-identity-keys () { ENTRY local ssh_identity local agentfile local agentsocket local fingerprints declare -a fingerprints local fingerprint local tokenfingerprint if [ -n "${1+x}" ]; then ssh_identity="$1" identitydir=${SSH_IDENTITIES_DIR}/${ssh_identity} [ -e "${identitydir}/.config" ] && . "${identitydir}/.config" agentfile="${SSH_AGENTS_DIR}/agent-${ssh_identity}-$(hostname)" agentsocket="${SSH_AGENT_SOCKETS_DIR}/socket-${ssh_identity}-$(hostname)" logdebug "agentfile: $agentfile" >&2 logdebug "agentsocket: $agentsocket" >&2 logdebug "ssh-identität: $ssh_identity" >&2 fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") ) for key in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}|grep -v "pub$\|so$"); do logtrace "key: $key" fingerprint=$(ssh-keygen -l -f ~/.ssh/identities/bmi/id_ed25519|awk '{print $2}') logtrace "${fingerprints[*]} and $fingerprint" if [[ ${fingerprints[*]} =~ "$fingerprint" ]]; then logdebug "$key is loaded" >&2 else logdebug "$key is not loaded" >&2 loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} ${identitydir}/${key})" fi done for token in $(ls ${SSH_IDENTITIES_DIR}/${ssh_identity}|grep "so$"); do logtrace "token: $token" tokenfingerprint="$(ssh-keygen -l -D $token|tr -s ' '|awk '{print $2}')" logtrace "${fingerprints[*]} and $tokenfingerprint" if [[ ${fingerprints[*]} =~ "$tokenfingerprint" ]]; then logdebug "$token is loaded" >&2 else logdebug "$token is not loaded" >&2 loginfo "$(ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s ${identitydir}/${token})" fi done fi EXIT } ssh-runinagent () { ENTRY local agentfile local command agentfile=${1} shift sshcommand=${@} logtrace "run command »$sshcommand« in agent $agentfile" >&2 if [ -e "$agentfile" ]; then /bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>/dev/null; $sshcommand" EXIT return $? else logwarn "agentfile not existent" >&2 EXIT return 1 fi } agent-start-or-restart $1 agent-load-identity-keys $1 SCRIPTEXIT exit $?