#!/bin/bash # monkeysphere-server: MonkeySphere server admin tool # # The monkeysphere scripts are written by: # Jameson Rollins # # They are Copyright 2008, and are all released under the GPL, version 3 # or later. ######################################################################## PGRM=$(basename $0) SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} export SHAREDIR . "${SHAREDIR}/common" # date in UTF format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up GREP_OPTIONS= ######################################################################## # FUNCTIONS ######################################################################## usage() { cat < [args] MonkeySphere server admin tool. subcommands: gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server key to keyserver trust-keys (t) KEYID... mark keyids as trusted update-users (s) [USER]... update users authorized_keys files update-user-userids (u) USER UID... add/update user IDs for a user remove-user-userids (r) USER UID... remove user IDs for a user help (h,?) this help EOF } # generate server gpg key gen_key() { local hostName hostName=${1:-$(hostname --fqdn)} # set key defaults KEY_TYPE=${KEY_TYPE:-"RSA"} KEY_LENGTH=${KEY_LENGTH:-"2048"} KEY_USAGE=${KEY_USAGE:-"auth"} cat < = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years EOF read -p "Key is valid for? ($EXPIRE) " EXPIRE; EXPIRE=${EXPIRE:-"0"} SERVICE=${SERVICE:-"ssh"} USERID=${USERID:-"$SERVICE"://"$hostName"} # set key parameters keyParameters=$(cat < /dev/null 2>&1 ; then failure "key for '$USERID' already exists" fi # add commit command keyParameters="${keyParameters}"$(cat <> "$AUTHORIZED_KEYS" loge "done." fi fi # move the temp authorized_keys file into place mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}" log "authorized_keys file updated." done log "----- done. -----" ;; 'gen-key'|'g') gen_key "$1" ;; 'show-fingerprint'|'f') fingerprint_server_key ;; 'publish-key'|'p') publish_server_key ;; 'trust-keys'|'trust-key'|'t') if [ -z "$1" ] ; then failure "You must specify at least one key to trust." fi # process key IDs for keyID ; do trust_key "$keyID" done ;; 'update-user-userids'|'update-user-userid'|'u') uname="$1" shift if [ -z "$uname" ] ; then failure "You must specify user." fi if [ -z "$1" ] ; then failure "You must specify at least one user ID." fi # set authorized_user_ids variable, # translate ssh-style path variables authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") # make sure user's authorized_user_ids file exists touch "$authorizedUserIDs" # process the user IDs for userID ; do update_userid "$userID" "$authorizedUserIDs" done log "Run the following to update user's authorized_keys file:" log "$PGRM update-users $uname" ;; 'remove-user-userids'|'remove-user-userid'|'r') uname="$1" shift if [ -z "$uname" ] ; then failure "You must specify user." fi if [ -z "$1" ] ; then failure "You must specify at least one user ID." fi # set authorized_user_ids variable, # translate ssh-style path variables authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") # make sure user's authorized_user_ids file exists if [ ! -f "$authorizedUserIDs" ] ; then failure "authorized_user_ids file '$authorizedUserIDs' does not exist." fi # process the user IDs for userID ; do remove_userid "$userID" "$authorizedUserIDs" done log "Run the following to update user's authorized_keys file:" log "$PGRM update-users $uname" ;; 'help'|'h'|'?') usage ;; *) failure "Unknown command: '$COMMAND' Type '$PGRM help' for usage." ;; esac