blob: 33cb2b4f7a2254aa88345eb95614445e7d9aa793 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/bin/dash
die() { echo "$0: Error: $*" >&2; exit 1; }
b16_to_b32()
{
echo -n "$1" | basez -x -d | basez -j -l | tr -d =
}
[ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH"
[ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}"
PEMFILE="${SSH_USER_AUTH}.tmp"
sed -ne 's/^publickey //p' < "${SSH_USER_AUTH}" > "${PEMFILE}" || die "could not rewrite SSH_USER_AUTH file"
SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') &&
[ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint"
SSH_CLIENT_FINGERPRINT_B32=$(b16_to_b32 "$SSH_CLIENT_FINGERPRINT")
read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE"
ssh_keytag_to_path_fragment()
{
case "$1" in
ssh-dss) echo dsa ;;
ecdsa-sha2-nistp256) echo ecdsa ;;
ssh-rsa|ssh-ed25519) echo ${1#ssh-} ;;
*) return 1 ;;
esac
}
if keyfrag=$(ssh_keytag_to_path_fragment "$keytype")
then
domain=${keyfrag}.cryptonomic.net
else
die "Unsupported key type: $keytype"
fi
if [ "$1" = '--copy-pem' -a "$2" ]
then
if [ -d "$2" ] || mkdir "$2"
then
mv "${PEMFILE}" "$2"/${SSH_CLIENT_FINGERPRINT}.${keytype}.pem
fi
else
rm -f "${PEMFILE}"
fi
env -i \
SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT_B32" \
SSH_CLIENT_KEYTYPE="$keytype" \
SSH_CLIENT_DOMAIN="$domain" \
SSH_CLIENT_PEMFILE="$PEMFILE" \
SSH_CLIENT_KEYDATA="$keydata"
|
