implement "penyou" to authorize current user on corresponding remote user, via sash
HEADmaster2 files changed, 75 insertions, 4 deletions
|
diff --git a/penyou b/penyou index cc7fdda..0b1970a 100755 --- a/ penyou+++ b/ penyou |
@@ -1,4 +1,72 @@ |
1 | #!/bin/sh |
1 | #!/bin/bash |
2 | sudo=$([ $(id -u) -eq 0 ] || echo sudo --) |
2 | set -e |
3 | exec $sudo ssh -i /etc/ssh/ssh_host_ed25519_key -l root "$@" |
| |
4 | |
3 | |
| |
4 | gethome() |
| |
5 | { |
| |
6 | # getent passwd "$1" | (IFS=:; read line; set -- $line; printf '%s\n' "$6") |
| |
7 | eval printf '%s\\n' "~$1" |
| |
8 | } |
| |
9 | |
| |
10 | OPT=$(getopt -o 'l:u:' --long 'user:,login:' -n "$0" -- "$@") |
| |
11 | eval set -- "$OPT" |
| |
12 | unset OPT |
| |
13 | |
| |
14 | USERNAME=$(id -un) |
| |
15 | LOGINUSER=$USERNAME |
| |
16 | while true |
| |
17 | do |
| |
18 | case "$1" in |
| |
19 | -u | --user ) |
| |
20 | USERNAME=$2 |
| |
21 | shift 2 |
| |
22 | ;; |
| |
23 | -l | --login ) |
| |
24 | LOGINUSER=$2 |
| |
25 | shift 2 |
| |
26 | ;; |
| |
27 | -- ) |
| |
28 | shift |
| |
29 | break |
| |
30 | ;; |
| |
31 | * ) |
| |
32 | exit 1 |
| |
33 | ;; |
| |
34 | esac |
| |
35 | done |
| |
36 | |
| |
37 | q() |
| |
38 | { |
| |
39 | printf '%q' "$*" |
| |
40 | } |
| |
41 | |
| |
42 | remote_code() |
| |
43 | { |
| |
44 | set -e |
| |
45 | cd |
| |
46 | [ -d .ssh ] || mkdir .ssh |
| |
47 | printf '%s\n' "$1" >> .ssh/authorized_keys |
| |
48 | } |
| |
49 | |
| |
50 | [ $# = 1 ] |
| |
51 | |
| |
52 | h=$(gethome "$USERNAME") |
| |
53 | [ "$h" ] |
| |
54 | d=$h/.ssh |
| |
55 | [ -d "$d" ] |
| |
56 | |
| |
57 | keytypes='id_ed25519 id_ed25519_sk id_ecdsa id_ecdsa_sk id_rsa id_dsa' |
| |
58 | for k in $keytypes |
| |
59 | do |
| |
60 | f=$d/$k.pub |
| |
61 | if [ -e "$f" ] |
| |
62 | then |
| |
63 | read authline < "$f" |
| |
64 | (declare -f remote_code |
| |
65 | echo remote_code $(q "$authline")) | |
| |
66 | sash -T "$1" -- \ |
| |
67 | runuser -u "$LOGINUSER" -- bash |
| |
68 | exit |
| |
69 | fi |
| |
70 | done |
| |
71 | echo "$0: Error: no public key found for user $USERNAME" >&2 |
| |
72 | exit 1 |
|
|
diff --git a/sash b/sash index 62f8dc8..cc7fdda 120000..100755 --- a/ sash+++ b/ sash |
@@ -1 +1,4 @@ |
1 | penyou
\ No newline at end of file |
1 | #!/bin/sh |
| |
2 | sudo=$([ $(id -u) -eq 0 ] || echo sudo --) |
| |
3 | exec $sudo ssh -i /etc/ssh/ssh_host_ed25519_key -l root "$@" |
| |
4 | |
|