diff options
Diffstat (limited to 'keycopy.sh')
-rw-r--r-- | keycopy.sh | 115 |
1 files changed, 0 insertions, 115 deletions
diff --git a/keycopy.sh b/keycopy.sh deleted file mode 100644 index 68c97fd..0000000 --- a/keycopy.sh +++ /dev/null | |||
@@ -1,115 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | yourip=68.48.18.140 | ||
3 | h=$yourip | ||
4 | n=andy | ||
5 | |||
6 | key_basename=ssh_host_rsa_key | ||
7 | input_key=/etc/ssh/$key_basename | ||
8 | |||
9 | ssh2der() | ||
10 | { | ||
11 | ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER | ||
12 | } | ||
13 | |||
14 | match_and_drop_first_word() | ||
15 | { | ||
16 | expect=$1 | ||
17 | while read word rest | ||
18 | do | ||
19 | if [ "$word" = "$expect" ] | ||
20 | then | ||
21 | printf '%s\n' "$rest" | ||
22 | return | ||
23 | fi | ||
24 | done | ||
25 | false | ||
26 | } | ||
27 | |||
28 | keyscan() | ||
29 | { | ||
30 | if [ -e keyscan.cache ] | ||
31 | then | ||
32 | cat keyscan.cache | ||
33 | else | ||
34 | ssh-keyscan -t rsa "$1" | ||
35 | fi | ||
36 | } | ||
37 | |||
38 | keycopy() | ||
39 | { | ||
40 | openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" | ||
41 | openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub | ||
42 | |||
43 | t=$(mktemp) | ||
44 | |||
45 | keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t" | ||
46 | ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub | ||
47 | rm -f "$t" | ||
48 | } | ||
49 | |||
50 | nocomments() | ||
51 | { | ||
52 | sed 's/#.*//; /^ *$/d' | ||
53 | } | ||
54 | |||
55 | |||
56 | write_config() | ||
57 | { | ||
58 | conn=$1 | ||
59 | remote_addrs=$2 | ||
60 | id=$3 | ||
61 | cat > /etc/swanctl/conf.d/"$conn".conf <<END | ||
62 | connections { | ||
63 | ${conn} { | ||
64 | remote_addrs = ${remote_addrs} | ||
65 | vips = :: | ||
66 | local { | ||
67 | pubkeys = ssh_host_rsa_key.pub | ||
68 | id = ${id} | ||
69 | } | ||
70 | remote { | ||
71 | id = "${remote_addrs}" | ||
72 | pubkeys = ${conn}.pub | ||
73 | } | ||
74 | children { | ||
75 | child { | ||
76 | remote_ts = 0::0/0 | ||
77 | dpd_action = restart | ||
78 | } | ||
79 | } | ||
80 | } | ||
81 | } | ||
82 | secrets { | ||
83 | private1 { | ||
84 | file = ssh_host_rsa_key | ||
85 | } | ||
86 | } | ||
87 | END | ||
88 | } | ||
89 | |||
90 | generate_config() | ||
91 | { | ||
92 | iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') | ||
93 | [ "$iface" ] || return | ||
94 | mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') | ||
95 | [ "$mymac" ] || return | ||
96 | write_config andy "$yourip" "$mymac" | ||
97 | } | ||
98 | |||
99 | test_new_config() | ||
100 | { | ||
101 | ipsec stop | ||
102 | |||
103 | generate_config | ||
104 | |||
105 | ipsec start | ||
106 | sleep 2 | ||
107 | swanctl -c | ||
108 | ipsec listpubkeys | ||
109 | ipsec up andy | ||
110 | } | ||
111 | |||
112 | set -e | ||
113 | keycopy | ||
114 | test_new_config | ||
115 | |||