API tools faq
paste
flipje

ssh-key-generator

flipje
Jul 19th, 2012
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.52 KB | None | 0 0
raw download clone embed print report
  1. # +-----------------------------------------------------------------------------------------+
  2. # | GENERATE KEYS FOR NEW HOSTS OR RENEW PASSPHRASE FOR ALL KEYS                            |
  3. # |                                                                                         |
  4. # |                 Dit script moet uiteindelijk vervangen worden door puppet :)            |
  5. # +-----------------------------------------------------------------------------------------+
  6.  
  7. # Dit script genereert public en private sshkeys voor alle linux hosts in de cmdb database.
  8. # Alle private keys worden in /mnt/keys bewaard, de public keys worden in /var/www/keys gezet,
  9. # zodat alle ldap enabled hosts ieadere nacht rond 3 uur deze public key kunnen wgetten vanuit
  10. # de cron en deze in hun authorized_keyfiles kunnen zetten.
  11. # Op deze manier is zelfs als ldap overlijd, er nog in te loggen op de andere machines, en
  12. # zijn er geautomatiseerde taken als root op het platform los te laten.
  13. # flip hess juli 2012 [email protected]
  14.  
  15. # Global variables:
  16.  
  17. PATH='/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'
  18. SCRIPT_PATH="${0}"
  19. ARGS="${#}"
  20. BASEDIR="/var/www/keys"
  21. PUBKEYS="${BASEDIR}/pubkeys"
  22. PRIVKEYS="/etc/keys"
  23. TMP="/etc/keys/tmp"
  24. MYSQL='mysql nagiostool -Be'
  25.  
  26.  
  27. # Functions:
  28.  
  29.   # exit function
  30.   function die()
  31.   {
  32.     echo -e "Error in${SCRIPT_PATH}:\n${1}"
  33.     exit 1
  34.   }
  35.  
  36.   # Shows usage function.
  37.   function fShowUsage()
  38.   {
  39.     echo -e "Usage: ${SCRIPT_PATH} [create|renew|help]\n
  40.    help     Show Usage
  41.    create   Generate Public Keys for all new hosts in database\n
  42.    renew    Renew password for all existing hosts\n
  43.    ssh key generation root account\$ - [email protected]\n\nVersie 1.0"
  44.  
  45.     return 0
  46.   }
  47.  
  48.   # check for.......
  49.   function fCheck()
  50.   {
  51.     # user must be root:
  52.     [ $(whoami) = root ] || die "User must be root!"
  53.  
  54.     # checken binaries
  55.     { [ -x /usr/bin/mysqldump ] && [ -x /usr/bin/mysql ]; } || die "This script depends on mysql-common!"
  56.  
  57.     # check op .my.cnf
  58.     [ -f /root/.my.cnf ] || die "/root/.my.cnf Not found!"
  59.  
  60.     # checken op connectiviteit
  61.     ( mysql --connect-timeout=2 -Be "show databases" |grep -Eq '(information_schema|mysql)' ) || die "Failed to connect to database!"
  62.  
  63.     # checken op staat
  64.     [ "$( ${MYSQL} "DESC tbl_host" | wc -l )" -eq 57 ] || die "Database state unknown!"
  65.  
  66.     # check argumenten
  67.     { [ "${ARGS}" = 1 ]; } || { fShowUsage ; exit 1; }
  68.  
  69.     # get arguments
  70.     read -p "Type het ssh passphrase wachtwoord in ----> " FRASE ; sleep 1
  71.     echo "Password stored, dont forget to put it in teampass as well!"
  72.  
  73.     # check for testkey
  74.     { [ -f "/var/www/keys/testkey.id_rsa" ] && [ -f "/var/www/keys/testkey.id_rsa.pub" ]; } || die "Testkey /var/www/keys/testkey.id_rsa[.pub] is gone"
  75.  
  76.     # check for dirs
  77.     { [ -d "${PUBKEYS}" ] ; } die "Dir ${PUBKEYS}  is gone"
  78.     { [ -d "${PRIVKEYS}" ]; } die "Dir ${PRIVKEYS} is gone"
  79.     { [ -d "${BASEDIR}" ] ; } die "Dir ${BASEDIR}  is gone"
  80.  
  81.     # check if passphrase is correct:
  82.     if ! ( ssh-keygen -p -P "${FRASE}" -N "${FRASE}" -f /var/www/keys/testkey.id_rsa | grep -q 'Your identification has been saved with the new passphrase' ); then
  83.        die "Passphrase Incorrect!"
  84.     fi
  85.  
  86.     return 0
  87.   }
  88.  
  89.   # fInspect functie check if key is valid or regenerate
  90.   function fVerify()
  91.   {
  92.    HOSTALIAS="${@}"
  93.    NAME="${HOSTALIAS}_id_rsa"
  94.  
  95.    # check if frase is consistent
  96.    if ! ( ssh-keygen -p -P "${FRASE}" -N "${FRASE}" -f "${PRIVKEY}/${NAME}_id_rsa" | grep -q 'Your identification has been saved with the new passphrase' ); then
  97.      die "Passphrase Incorrect!"
  98.    fi
  99.  
  100.    # check if ${1} is existent in /var/www/keys/pubkeys or report
  101.    if  [ -f "${PUBKEYS}/${NAME}.pub" ] && [ -f "${PRIVKEYS}/${NAME}" ]; then
  102.        # check if frase is consistent
  103.        if ! ( ssh-keygen -p -P "${FRASE}" -N "${FRASE}" -f "${PRIVKEY}/${NAME}_id_rsa" | grep -q 'Your identification has been saved with the new passphrase' ); then
  104.           { fReport "${HOSTALIAS}" ; return 1; }
  105.        fi
  106.    else
  107.        { fReport "${HOSTALIAS}" ; return 1; }
  108.    fi
  109.  
  110.    return 0
  111.   }
  112.  
  113.   # fReport removes missed keys, and outputs
  114.   function fReport()
  115.   {
  116.    HOSTALIAS="${@}"
  117.    NAME="${HOSTALIAS}_id_rsa"
  118.    DEST="${TMP}"
  119.  
  120.    # check if ${1} is existen in /var/www/keys/pubkeys and remove
  121.    [ -f "${PUBKEYS}/${NAME}.pub" ] && rm "${PUBKEYS}/${NAME}"
  122.    [ -f "${DEST}/${NAME}.pub" ] && rm "${DEST}/${NAME}"
  123.  
  124.    # check if privkey is existen in /etc/keys and remove
  125.    [ -f "${PRIVKEYS}/${NAME}" ] && rm "${PRIVKEYS}/${NAME}"
  126.    [ -f "${DEST}/${NAME}" ] && rm "${DEST}/${NAME}"
  127.  
  128.    # echo output
  129.    echo -e "Key for ${HOSTALIAS} failed in generation or passphrase change.\n
  130.   If you are in a hurry, run this script again manually or check how this problem can be solved"
  131.  
  132.    return 0
  133.  
  134.   }
  135.  
  136.   # fGenerate keys
  137.   function fGenerate()
  138.   {
  139.    HOSTALIAS="${@}"
  140.    NAME="${HOSTALIAS}_id_rsa"
  141.    DEST="${TMP}"
  142.  
  143.    # check if existent, if so check and go to next
  144.    { [ -f "${PRIVKEYS}/${NAME}" ] && [ -f "${PUBKEYS}/${NAME}.pub" ]; } && { fVerify "${HOSTALIAS}" ; return 1; }
  145.  
  146.    # generate key and move
  147.    { ssh-keygen -b 4096 -N "${FRASE}" -C "${HOSTALIAS}" -f "${DEST}/${NAME}"; }           || { fReport "${HOSTALIAS}" ; return 1; }
  148.    { [ -f "${DEST}/${NAME}" ]     && mv "${DEST}/${NAME}" "${PRIVKEYS}/${NAME}"; }        || { fReport "${HOSTALIAS}" ; return 1; }
  149.    { [ -f "${DEST}/${NAME}.pub" ] && mv "${DEST}/${NAME}.pub" "${PUBKEYS}/${NAME}.pub"; } || { fReport "${HOSTALIAS}" ; return 1; }
  150.  
  151.    return 0
  152.   }
  153.  
  154.   # fChange keys
  155.   function fChange()
  156.   {
  157.    HOSTALIAS="${1}"
  158.    NEWFRASE="${2}"
  159.    NAME="${HOSTALIAS}_id_rsa"
  160.    SOURCE="${PRIVKEYS}"
  161.  
  162.    # check if existent, if so check and go to next
  163.    [ -f "${PRIVKEYS}/${NAME}" ]    || { fReport "${HOSTALIAS}" ; return 1; }
  164.    [ -f "${PUBKEYS}/${NAME}.pub" ] || { fReport "${HOSTALIAS}" ; return 1; }
  165.  
  166.    { ssh-keygen -p -P "${FRASE}" -N "${NEWFRASE}" -C "${HOSTALIAS}" -f "${SOURCE}/${NAME}"; } || { fReport "${HOSTALIAS}" ; return 1; }
  167.  
  168.    return 0
  169.   }
  170.  
  171.   # create new keys
  172.   function fRunCreate()
  173.   {
  174.    # check if existent:
  175.    if [ ! -d "${TMP}" ] ; then
  176.       mkdir -p "${TMP}"
  177.    else
  178.       cd ${TMP} && rm *
  179.    fi
  180.  
  181.    # create keys
  182.    for HOSTALIAS in $( ${MYSQL} "SELECT display_name FROM tbl_host WHERE display_name LIKE '\.linux\.'" | sed '1d' | sort -u )
  183.    do
  184.      fGenerate ${HOSTALIAS} || { fReport "${HOSTALIAS}" ; continue; }
  185.    done
  186.  
  187.    return 0
  188.   }
  189.  
  190.   # function renew password of old keys
  191.   function fRunRenew()
  192.   {
  193.    read -p "Please type the new passphrase for all ssh keys: ---> " NEWFRASE
  194.  
  195.    # check if enough chars:
  196.    if [ "$( echo "${NEWFRASE}" | wc -m )" -lt 12 ] ; then
  197.       die "Passphrase is less than 10 Chars, Please pick a STRONGER password! Are you a Window\$oft Clicker?"
  198.    fi
  199.  
  200.    # for key in
  201.    for KEY in $( ls ${PRIVKEYS} )
  202.    do
  203.     fChange "${HOSTALIAS}" "${NEWFRASE}" || { fReport "${HOSTALIAS}" ; continue; }
  204.    done
  205.  
  206.    return 0
  207.   }
  208.  
  209.   # The main function.
  210.   function fMain()
  211.   {
  212.     # check for arguments:
  213.     [ "${ARGS}" = 1 ] || fShowUsage
  214.  
  215.     # Do the Magic:
  216.      #get options and set vars
  217.       case "${ARG1}" in
  218.  
  219.         create)
  220.           fRunCreate
  221.           ;;
  222.         renew)
  223.           fRunRenew
  224.           ;;
  225.         help)
  226.           fShowUsage
  227.           ;;
  228.         *)
  229.           fShowUsage
  230.           ;;
  231.       esac
  232.  
  233.     return 0
  234.   }
  235.  
  236.  # check environment:
  237.   fCheck
  238.  
  239.  # Start the program:
  240.   fMain
  241.  
  242.  # Exit with previous return code:
  243.   exit "${?}"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!