clean up keycopy.sh somewhat (and rename it)

author: Andrew Cady <d@cryptonomic.net> 2021-10-04 18:57:00 -0400
committer: Andrew Cady <d@cryptonomic.net> 2021-10-04 18:57:21 -0400
commit: 448cab6d8f073558a3f4c3a85652d3fcbf03c100 (patch)
tree: 58edbb0c02b918e96b36ed8597cbbd5b1fee62d0
parent: 8856797b5e7a7dcd8262e641d4acc119f00c6bec (diff)
2 files changed, 153 insertions, 115 deletions
diff --git a/connect-vpn.sh b/connect-vpn.sh
new file mode 100755
index 0000000..f4f302c
--- /dev/null
+++ b/connect-vpn.sh
@@ -0,0 +1,153 @@
+#!/bin/sh
+ROUTER_IP=68.48.18.140
+ROUTER_NAME=andy
+CLIENT_KEY_BASENAME=ssh_host_rsa_key
+CLIENT_KEY_DIRNAME=/etc/ssh
+CLIENT_KEY=${CLIENT_KEY_DIRNAME}/${CLIENT_KEY_BASENAME}
+ssh2der()
+{
+        ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
+}
+match_and_drop_first_word()
+{
+        expect=$1
+        while read word rest
+        do
+                if [ "$word" = "$expect" ]
+                then
+                        printf '%s\n' "$rest"
+                        return
+                fi
+        done
+        false
+}
+keyscan()
+{
+        if [ -e keyscan.cache ]
+        then
+                cat keyscan.cache
+        else
+                ssh-keyscan -t rsa "$1"
+        fi
+}
+write_successfully()
+{
+    local f=$(mktemp) || return
+    local out="$1"
+    [ "$2" = -- ] || return
+    shift 2
+    if "$@" > "$f"
+    then
+        if [ "$NO_ACT" ]
+        then
+            echo "mv $f $out" >&2
+        else
+            mv "$f" "$out"
+        fi
+    else
+        rm -f "$f"
+        return 1
+    fi
+}
+keycopy()
+{
+    private_key_tmp="$(mktemp)" || return
+    cp "$CLIENT_KEY" "$private_key_tmp"
+    ssh-keygen -N '' -P '' -p -m PEM -f "$private_key_tmp"
+    trap 'rm -f "$private_key_tmp"' EXIT
+    write_successfully /etc/swanctl/private/"$CLIENT_KEY_BASENAME"    -- openssl rsa -in "$private_key_tmp" -outform DER
+    write_successfully /etc/swanctl/pubkey/"$CLIENT_KEY_BASENAME".pub -- openssl rsa -in "$private_key_tmp" -outform DER -pubout
+    trap - EXIT
+    rm -f "$private_key_tmp"
+          t=$(mktemp)
+          keyscan "$ROUTER_IP" | match_and_drop_first_word "$ROUTER_IP" > "$t"
+    write_successfully /etc/swanctl/pubkey/"$ROUTER_NAME".pub -- ssh2der "$t"
+          rm -f "$t"
+}
+nocomments()
+{
+          sed 's/#.*//; /^ *$/d'
+}
+config()
+{
+    local conn="$1" remote_addrs="$2" id="$3"
+    local remote_ts=0::0/0 vips=::
+    local public_key_file="${CLIENT_KEY_BASENAME}.pub" private_key_file="${CLIENT_KEY_BASENAME}"
+    sed -e 's/^        //' <<END
+        connections {
+            ${conn} {
+                remote_addrs = ${remote_addrs}
+                vips = ${vips}
+                local {
+                    pubkeys = ${public_key_file}
+                    id = ${id}
+                }
+                remote {
+                    id = "${remote_addrs}"
+                    pubkeys = ${conn}.pub
+                }
+                children {
+                    child {
+                        remote_ts = ${remote_ts}
+                        dpd_action = restart
+                    }
+                }
+            }
+        }
+        secrets {
+            private {
+                file = ${private_key_file}
+            }
+        }
+END
+}
+get_my_mac()
+{
+          iface=$(ip -oneline route get "$1"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
+          [ "$iface" ] || return
+          my_mac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
+          [ "$my_mac" ]
+}
+NO_ACT()
+{
+    [ "$NO_ACT" ] || "$@"
+}
+write_config()
+{
+    get_my_mac "$ROUTER_IP" || return
+    write_successfully /etc/swanctl/conf.d/"$ROUTER_NAME".conf -- config "$ROUTER_NAME" "$ROUTER_IP" "$my_mac"
+}
+test_new_config()
+{
+    NO_ACT ipsec stop
+          write_config
+          NO_ACT ipsec start
+          NO_ACT sleep 2
+          NO_ACT swanctl -c
+          NO_ACT ipsec listpubkeys
+          NO_ACT ipsec up ${ROUTER_NAME}
+}
+NO_ACT=y
+set -e
+keycopy
+test_new_config
diff --git a/keycopy.sh b/keycopy.sh
deleted file mode 100644
index 68c97fd..0000000
--- a/keycopy.sh
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/sh
-yourip=68.48.18.140
-h=$yourip
-n=andy
-key_basename=ssh_host_rsa_key
-input_key=/etc/ssh/$key_basename
-ssh2der()
-{
-        ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
-}
-match_and_drop_first_word()
-{
-        expect=$1
-        while read word rest
-        do
-                if [ "$word" = "$expect" ]
-                then
-                        printf '%s\n' "$rest"
-                        return
-                fi
-        done
-        false
-}
-keyscan()
-{
-        if [ -e keyscan.cache ]
-        then
-                cat keyscan.cache
-        else
-                ssh-keyscan -t rsa "$1"
-        fi
-}
-keycopy()
-{
-        openssl rsa -in "$input_key"         -outform DER > /etc/swanctl/private/"$key_basename"
-        openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
-        t=$(mktemp)
-        keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t"
-        ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
-        rm -f "$t"
-}
-nocomments()
-{
-        sed 's/#.*//; /^ *$/d'
-}
-write_config()
-{
-        conn=$1
-        remote_addrs=$2
-        id=$3
-        cat > /etc/swanctl/conf.d/"$conn".conf <<END
-connections {
-    ${conn} {
-        remote_addrs = ${remote_addrs}
-        vips = ::
-        local {
-            pubkeys = ssh_host_rsa_key.pub
-            id = ${id}
-        }
-        remote {
-            id = "${remote_addrs}"
-            pubkeys = ${conn}.pub
-        }
-        children {
-            child {
-                remote_ts = 0::0/0
-                dpd_action = restart
-            }
-        }
-    }
-}
-secrets {
-    private1 {
-        file = ssh_host_rsa_key
-    }
-}
-END
-}
-generate_config()
-{
-        iface=$(ip -oneline route get "$yourip"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
-        [ "$iface" ] || return
-        mymac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
-        [ "$mymac" ] || return
-        write_config andy "$yourip" "$mymac"
-}
-test_new_config()
-{
-        ipsec stop
-        generate_config
-        ipsec start
-        sleep 2
-        swanctl -c
-        ipsec listpubkeys
-        ipsec up andy
-}
-set -e
-keycopy
-test_new_config
author	Andrew Cady <d@cryptonomic.net>	2021-10-04 18:57:00 -0400
committer	Andrew Cady <d@cryptonomic.net>	2021-10-04 18:57:21 -0400
commit	448cab6d8f073558a3f4c3a85652d3fcbf03c100 (patch)
tree	58edbb0c02b918e96b36ed8597cbbd5b1fee62d0
parent	8856797b5e7a7dcd8262e641d4acc119f00c6bec (diff)

diff --git a/connect-vpn.sh b/connect-vpn.sh new file mode 100755 index 0000000..f4f302c --- /dev/null +++ b/connect-vpn.sh
@@ -0,0 +1,153 @@
		1	#!/bin/sh
		2	ROUTER_IP=68.48.18.140
		3	ROUTER_NAME=andy
		4
		5	CLIENT_KEY_BASENAME=ssh_host_rsa_key
		6	CLIENT_KEY_DIRNAME=/etc/ssh
		7	CLIENT_KEY=${CLIENT_KEY_DIRNAME}/${CLIENT_KEY_BASENAME}
		8
		9	ssh2der()
		10	{
		11	ssh-keygen -e -f "$1" -m PEM \| openssl rsa -RSAPublicKey_in -outform DER
		12	}
		13
		14	match_and_drop_first_word()
		15	{
		16	expect=$1
		17	while read word rest
		18	do
		19	if [ "$word" = "$expect" ]
		20	then
		21	printf '%s\n' "$rest"
		22	return
		23	fi
		24	done
		25	false
		26	}
		27
		28	keyscan()
		29	{
		30	if [ -e keyscan.cache ]
		31	then
		32	cat keyscan.cache
		33	else
		34	ssh-keyscan -t rsa "$1"
		35	fi
		36	}
		37
		38	write_successfully()
		39	{
		40	local f=$(mktemp) \|\| return
		41	local out="$1"
		42	[ "$2" = -- ] \|\| return
		43	shift 2
		44	if "$@" > "$f"
		45	then
		46	if [ "$NO_ACT" ]
		47	then
		48	echo "mv $f $out" >&2
		49	else
		50	mv "$f" "$out"
		51	fi
		52	else
		53	rm -f "$f"
		54	return 1
		55	fi
		56	}
		57
		58	keycopy()
		59	{
		60	private_key_tmp="$(mktemp)" \|\| return
		61	cp "$CLIENT_KEY" "$private_key_tmp"
		62	ssh-keygen -N '' -P '' -p -m PEM -f "$private_key_tmp"
		63	trap 'rm -f "$private_key_tmp"' EXIT
		64
		65	write_successfully /etc/swanctl/private/"$CLIENT_KEY_BASENAME" -- openssl rsa -in "$private_key_tmp" -outform DER
		66	write_successfully /etc/swanctl/pubkey/"$CLIENT_KEY_BASENAME".pub -- openssl rsa -in "$private_key_tmp" -outform DER -pubout
		67
		68	trap - EXIT
		69	rm -f "$private_key_tmp"
		70
		71	t=$(mktemp)
		72	keyscan "$ROUTER_IP" \| match_and_drop_first_word "$ROUTER_IP" > "$t"
		73	write_successfully /etc/swanctl/pubkey/"$ROUTER_NAME".pub -- ssh2der "$t"
		74	rm -f "$t"
		75	}
		76
		77	nocomments()
		78	{
		79	sed 's/#.//; /^ $/d'
		80	}
		81
		82
		83	config()
		84	{
		85	local conn="$1" remote_addrs="$2" id="$3"
		86	local remote_ts=0::0/0 vips=::
		87	local public_key_file="${CLIENT_KEY_BASENAME}.pub" private_key_file="${CLIENT_KEY_BASENAME}"
		88	sed -e 's/^ //' <<END
		89	connections {
		90	${conn} {
		91	remote_addrs = ${remote_addrs}
		92	vips = ${vips}
		93	local {
		94	pubkeys = ${public_key_file}
		95	id = ${id}
		96	}
		97	remote {
		98	id = "${remote_addrs}"
		99	pubkeys = ${conn}.pub
		100	}
		101	children {
		102	child {
		103	remote_ts = ${remote_ts}
		104	dpd_action = restart
		105	}
		106	}
		107	}
		108	}
		109	secrets {
		110	private {
		111	file = ${private_key_file}
		112	}
		113	}
		114	END
		115	}
		116
		117	get_my_mac()
		118	{
		119	iface=$(ip -oneline route get "$1" \| sed -ne 's/.* dev \([^ ]\) ./\1/p')
		120	[ "$iface" ] \|\| return
		121	my_mac=$(ip -oneline -6 addr show dev "$iface" \| sed -ne 's/.* inet6 fe80::\([^/]\)\/./\1/p')
		122	[ "$my_mac" ]
		123	}
		124
		125	NO_ACT()
		126	{
		127	[ "$NO_ACT" ] \|\| "$@"
		128	}
		129
		130	write_config()
		131	{
		132	get_my_mac "$ROUTER_IP" \|\| return
		133	write_successfully /etc/swanctl/conf.d/"$ROUTER_NAME".conf -- config "$ROUTER_NAME" "$ROUTER_IP" "$my_mac"
		134	}
		135
		136	test_new_config()
		137	{
		138	NO_ACT ipsec stop
		139
		140	write_config
		141
		142	NO_ACT ipsec start
		143	NO_ACT sleep 2
		144	NO_ACT swanctl -c
		145	NO_ACT ipsec listpubkeys
		146	NO_ACT ipsec up ${ROUTER_NAME}
		147	}
		148
		149	NO_ACT=y
		150	set -e
		151	keycopy
		152	test_new_config
		153


diff --git a/keycopy.sh b/keycopy.sh deleted file mode 100644 index 68c97fd..0000000 --- a/keycopy.sh +++ /dev/null
@@ -1,115 +0,0 @@
1	#!/bin/sh
2	yourip=68.48.18.140
3	h=$yourip
4	n=andy
5
6	key_basename=ssh_host_rsa_key
7	input_key=/etc/ssh/$key_basename
8
9	ssh2der()
10	{
11	ssh-keygen -e -f "$1" -m PEM \| openssl rsa -RSAPublicKey_in -outform DER
12	}
13
14	match_and_drop_first_word()
15	{
16	expect=$1
17	while read word rest
18	do
19	if [ "$word" = "$expect" ]
20	then
21	printf '%s\n' "$rest"
22	return
23	fi
24	done
25	false
26	}
27
28	keyscan()
29	{
30	if [ -e keyscan.cache ]
31	then
32	cat keyscan.cache
33	else
34	ssh-keyscan -t rsa "$1"
35	fi
36	}
37
38	keycopy()
39	{
40	openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename"
41	openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
42
43	t=$(mktemp)
44
45	keyscan "$yourip" \| match_and_drop_first_word "$yourip" > "$t"
46	ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
47	rm -f "$t"
48	}
49
50	nocomments()
51	{
52	sed 's/#.//; /^ $/d'
53	}
54
55
56	write_config()
57	{
58	conn=$1
59	remote_addrs=$2
60	id=$3
61	cat > /etc/swanctl/conf.d/"$conn".conf <<END
62	connections {
63	${conn} {
64	remote_addrs = ${remote_addrs}
65	vips = ::
66	local {
67	pubkeys = ssh_host_rsa_key.pub
68	id = ${id}
69	}
70	remote {
71	id = "${remote_addrs}"
72	pubkeys = ${conn}.pub
73	}
74	children {
75	child {
76	remote_ts = 0::0/0
77	dpd_action = restart
78	}
79	}
80	}
81	}
82	secrets {
83	private1 {
84	file = ssh_host_rsa_key
85	}
86	}
87	END
88	}
89
90	generate_config()
91	{
92	iface=$(ip -oneline route get "$yourip" \| sed -ne 's/.* dev \([^ ]\) ./\1/p')
93	[ "$iface" ] \|\| return
94	mymac=$(ip -oneline -6 addr show dev "$iface" \| sed -ne 's/.* inet6 fe80::\([^/]\)\/./\1/p')
95	[ "$mymac" ] \|\| return
96	write_config andy "$yourip" "$mymac"
97	}
98
99	test_new_config()
100	{
101	ipsec stop
102
103	generate_config
104
105	ipsec start
106	sleep 2
107	swanctl -c
108	ipsec listpubkeys
109	ipsec up andy
110	}
111
112	set -e
113	keycopy
114	test_new_config
115