#!/bin/sh
set -e
if [ "$(id -u)" -ne 0 ]
then
        exec sudo -- "$0" "$@"
fi

vprintf() { [ ! "$VERBOSE" ] || printf "$@" >&2; }

write()
{
        printf '%s\n' "$line" >> /root/.ssh/authorized_keys
        vprintf 'New root authorization: %s\n' "$line"
        [ "$VERBOSE" ] || printf '%s\n' "$line" >&2
}

scan_network()
{
        arp-scan -q --localnet | grep '	'
        while read ip junk
        do
            vprintf 'ARP scan found IP: %s\n' "$ip"
            grep -qF " penme host key @ $ip\$" /root/.ssh/authorized_keys || echo "$ip"
        done
}

mkdir -p /root/.ssh
[ -e /root/.ssh/authorized_keys ] || touch /root/.ssh/authorized_keys

which arp-scan >/dev/null &&
which ssh-keyscan >/dev/null ||
apt install --no-upgrade arp-scan openssh-client || true

ssh-keyscan - $(scan_network) 2>/dev/null |
while read ip key
do
        line=$(printf '%s penme host key @ %s\n' "$key" "$ip")
        grep -q -Fx "$line" /root/.ssh/authorized_keys && vprintf 'Already authorized: %s\n' "$line" ||
        write "$line" /root/.ssh/authorized_keys
done