From f0580823e871ff0d92c2186df66cc1b89b49800e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Sep 2021 00:36:13 -0400 Subject: VICI style config works --- keycopy.sh | 53 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 6 deletions(-) (limited to 'keycopy.sh') diff --git a/keycopy.sh b/keycopy.sh index 29f8423..f9ebbb9 100644 --- a/keycopy.sh +++ b/keycopy.sh @@ -4,12 +4,53 @@ n=andy key_basename=ssh_host_rsa_key input_key=/etc/ssh/$key_basename -openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" -openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub -t=$(mktemp) -ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done +keycopy() +{ + openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename" + openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub -ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub + t=$(mktemp) + ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done + + ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub + + ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub +} + +nocomments() +{ + sed 's/#.*//; /^ *$/d' +} + + +test_old_config() +{ + ipsec stop + rm -f /etc/swanctl/conf.d/andy.conf + cp ipsec.conf /etc/ + nocomments < ipsec.conf + ipsec start + sleep 2 + ipsec listpubkeys + ipsec up andy + ipsec stop +} + +test_new_config() +{ + ipsec stop + cp -T ipsec.conf.empty /etc/ipsec.conf + cp andy.conf /etc/swanctl/conf.d/ + nocomments < andy.conf + ipsec start + sleep 2 + swanctl -c + ipsec listpubkeys + ipsec up andy + ipsec stop +} + +test_old_config +test_new_config -ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub -- cgit v1.2.3