diff options
author | Andrew Cady <d@samizdat> | 2021-09-29 12:56:38 -0400 |
---|---|---|
committer | Andrew Cady <d@samizdat> | 2021-09-29 12:56:38 -0400 |
commit | c9e9417b0fccbc1d030782bb82635fa8d1f53fb0 (patch) | |
tree | d7474cc84e3b9d2cf94f8c47f03383ea5fb35752 | |
parent | dfdc54af819c6ce9b4e150c30913967365bc7f32 (diff) |
use ssh-keyscan on ip to get key (not secure)
-rw-r--r-- | keycopy.sh | 54 |
1 files changed, 44 insertions, 10 deletions
@@ -1,21 +1,50 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net | 2 | yourip=68.48.18.140 |
3 | h=$yourip | ||
3 | n=andy | 4 | n=andy |
4 | 5 | ||
5 | key_basename=ssh_host_rsa_key | 6 | key_basename=ssh_host_rsa_key |
6 | input_key=/etc/ssh/$key_basename | 7 | input_key=/etc/ssh/$key_basename |
7 | 8 | ||
9 | ssh2der() | ||
10 | { | ||
11 | ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER | ||
12 | } | ||
13 | |||
14 | match_and_drop_first_word() | ||
15 | { | ||
16 | expect=$1 | ||
17 | while read word rest | ||
18 | do | ||
19 | if [ "$word" = "$expect" ] | ||
20 | then | ||
21 | printf '%s\n' "$rest" | ||
22 | return | ||
23 | fi | ||
24 | done | ||
25 | false | ||
26 | } | ||
27 | |||
28 | keyscan() | ||
29 | { | ||
30 | if [ -e keyscan.cache ] | ||
31 | then | ||
32 | cat keyscan.cache | ||
33 | else | ||
34 | ssh-keyscan -t rsa "$1" | ||
35 | fi | ||
36 | } | ||
37 | |||
8 | keycopy() | 38 | keycopy() |
9 | { | 39 | { |
10 | openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" | 40 | openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" |
11 | openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub | 41 | openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub |
12 | 42 | ||
13 | t=$(mktemp) | 43 | t=$(mktemp) |
14 | ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done | ||
15 | |||
16 | ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub | ||
17 | 44 | ||
18 | ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub | 45 | keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t" |
46 | ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub | ||
47 | rm -f "$t" | ||
19 | } | 48 | } |
20 | 49 | ||
21 | nocomments() | 50 | nocomments() |
@@ -61,17 +90,20 @@ secrets { | |||
61 | END | 90 | END |
62 | } | 91 | } |
63 | 92 | ||
64 | test_new_config() | 93 | generate_config() |
65 | { | 94 | { |
66 | ipsec stop | ||
67 | |||
68 | yourip=68.48.18.140 | ||
69 | iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') | 95 | iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') |
70 | [ "$iface" ] || return | 96 | [ "$iface" ] || return |
71 | mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') | 97 | mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') |
72 | [ "$mymac" ] || return | 98 | [ "$mymac" ] || return |
73 | |||
74 | write_config andy "$yourip" "$mymac" | 99 | write_config andy "$yourip" "$mymac" |
100 | } | ||
101 | |||
102 | test_new_config() | ||
103 | { | ||
104 | ipsec stop | ||
105 | |||
106 | generate_config | ||
75 | 107 | ||
76 | ipsec start | 108 | ipsec start |
77 | sleep 2 | 109 | sleep 2 |
@@ -80,5 +112,7 @@ test_new_config() | |||
80 | ipsec up andy | 112 | ipsec up andy |
81 | } | 113 | } |
82 | 114 | ||
115 | set -e | ||
116 | keycopy | ||
83 | test_new_config | 117 | test_new_config |
84 | 118 | ||