Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Check + obtain access credentials to access ssh
- # Author: rodolfo.pilas@moove-it.com
- HOST=<host>
- PROJECT=ssh-SRE-Team
- export VAULT_TOKEN='s.nQXuP6UCcpa84bxc1f8'
- export VAULT_ADDR='http://3.13.153.226:8200'
- CERT=$HOME/.ssh/${HOST}-signed-cert.pub
- # check if CERT exists
- if [ ! -f $CERT ]; then
- vault login ${VAULT_TOKEN}
- vault write -field=signed_key ${PROJECT}/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $CERT
- else
- # exist, then compare dates
- VALID=$(ssh-keygen -L -f $CERT | grep "Valid: from" | awk '{print $5}' | cut -dT -f1)
- VALIDTO=$(date -j -f "%F" $VALID +"%s")
- TODAY=$(date "+%F")
- # re-issue is needed
- if [ $(date -j -f "%F" $TODAY +"%s") -gt $VALIDTO ]; then
- vault login ${VAULT_TOKEN}
- vault write -field=signed_key ${PROJECT}/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $CERT
- fi
- fi
- chmod 600 $CERT
- # complete ssh
- echo "connecting to ${HOST} ..."
- ssh ${HOST}
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
