diff options
| author | Andrew Cady <d@samizdat> | 2021-09-29 12:56:38 -0400 |
|---|---|---|
| committer | Andrew Cady <d@samizdat> | 2021-09-29 12:56:38 -0400 |
| commit | c9e9417b0fccbc1d030782bb82635fa8d1f53fb0 (patch) | |
| tree | d7474cc84e3b9d2cf94f8c47f03383ea5fb35752 | |
| parent | dfdc54af819c6ce9b4e150c30913967365bc7f32 (diff) | |
use ssh-keyscan on ip to get key (not secure)
| -rw-r--r-- | keycopy.sh | 54 |
1 files changed, 44 insertions, 10 deletions
| @@ -1,21 +1,50 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net | 2 | yourip=68.48.18.140 |
| 3 | h=$yourip | ||
| 3 | n=andy | 4 | n=andy |
| 4 | 5 | ||
| 5 | key_basename=ssh_host_rsa_key | 6 | key_basename=ssh_host_rsa_key |
| 6 | input_key=/etc/ssh/$key_basename | 7 | input_key=/etc/ssh/$key_basename |
| 7 | 8 | ||
| 9 | ssh2der() | ||
| 10 | { | ||
| 11 | ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER | ||
| 12 | } | ||
| 13 | |||
| 14 | match_and_drop_first_word() | ||
| 15 | { | ||
| 16 | expect=$1 | ||
| 17 | while read word rest | ||
| 18 | do | ||
| 19 | if [ "$word" = "$expect" ] | ||
| 20 | then | ||
| 21 | printf '%s\n' "$rest" | ||
| 22 | return | ||
| 23 | fi | ||
| 24 | done | ||
| 25 | false | ||
| 26 | } | ||
| 27 | |||
| 28 | keyscan() | ||
| 29 | { | ||
| 30 | if [ -e keyscan.cache ] | ||
| 31 | then | ||
| 32 | cat keyscan.cache | ||
| 33 | else | ||
| 34 | ssh-keyscan -t rsa "$1" | ||
| 35 | fi | ||
| 36 | } | ||
| 37 | |||
| 8 | keycopy() | 38 | keycopy() |
| 9 | { | 39 | { |
| 10 | openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" | 40 | openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" |
| 11 | openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub | 41 | openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub |
| 12 | 42 | ||
| 13 | t=$(mktemp) | 43 | t=$(mktemp) |
| 14 | ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done | ||
| 15 | |||
| 16 | ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub | ||
| 17 | 44 | ||
| 18 | ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub | 45 | keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t" |
| 46 | ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub | ||
| 47 | rm -f "$t" | ||
| 19 | } | 48 | } |
| 20 | 49 | ||
| 21 | nocomments() | 50 | nocomments() |
| @@ -61,17 +90,20 @@ secrets { | |||
| 61 | END | 90 | END |
| 62 | } | 91 | } |
| 63 | 92 | ||
| 64 | test_new_config() | 93 | generate_config() |
| 65 | { | 94 | { |
| 66 | ipsec stop | ||
| 67 | |||
| 68 | yourip=68.48.18.140 | ||
| 69 | iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') | 95 | iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') |
| 70 | [ "$iface" ] || return | 96 | [ "$iface" ] || return |
| 71 | mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') | 97 | mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') |
| 72 | [ "$mymac" ] || return | 98 | [ "$mymac" ] || return |
| 73 | |||
| 74 | write_config andy "$yourip" "$mymac" | 99 | write_config andy "$yourip" "$mymac" |
| 100 | } | ||
| 101 | |||
| 102 | test_new_config() | ||
| 103 | { | ||
| 104 | ipsec stop | ||
| 105 | |||
| 106 | generate_config | ||
| 75 | 107 | ||
| 76 | ipsec start | 108 | ipsec start |
| 77 | sleep 2 | 109 | sleep 2 |
| @@ -80,5 +112,7 @@ test_new_config() | |||
| 80 | ipsec up andy | 112 | ipsec up andy |
| 81 | } | 113 | } |
| 82 | 114 | ||
| 115 | set -e | ||
| 116 | keycopy | ||
| 83 | test_new_config | 117 | test_new_config |
| 84 | 118 | ||