File: ltsp-update-sshkeys

package info (click to toggle)
ltsp 5.2.4-2
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 4,932 kB
  • ctags: 271
  • sloc: sh: 5,267; ansic: 1,048; perl: 225; python: 211; lex: 152; makefile: 112; yacc: 59
file content (185 lines) | stat: -rwxr-xr-x 6,238 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
#!/bin/sh
#
#  Copyright (c) 2005 Canonical LTD
#
#  Author: Matt Zimmerman <mdz@canonical.com>
#
#  2006, Oliver Grawert <ogra@canonical.com>
#        Vagrant Cascadian <vagrant@freegeek.org>
#  2007, Scott Balneaves <sbalneav@ltsp.org>
#        Oliver Grawert <ogra@canonical.com>
#  2008, Vagrant Cascadian <vagrant@freegeek.org>
#        Oliver Grawert <ogra@canonical.com>
#        Warren Togami <wtogami@redhat.com>
#        Eric Harrison <eharrison@k12linux.mesd.k12.or.us>
#        Scott Balneaves <sbalneav@ltsp.org>
#  2010, Gideon Romm <gadi@ltsp.org>
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License as
#  published by the Free Software Foundation; either version 2 of the
#  License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, you can find it on the World Wide
#  Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
#  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
#  MA 02110-1301, USA.
#

#
# Handle args
#

unset EXPORTFILE

usage() {
cat <<EOF
$0 [OPTION] [hostname1] [hostname2] [hostname3] ...

  By specifying hostnames of other servers on the command line, an additional 
file will be created in /etc/ltsp/ssh_known_hosts.auto which will append those keys to those of this server on subsequent calls to this script.

  -b, --basedir  Base of ltsp chroot.  Default is /opt/ltsp if unspecified.
  -e, --export   Export ssh key file.  Default is 
                 \${basedir}/etc/ssh/ssk_known_hosts if unspecified.
  -u, --update   When IP addresses of other servers are passed on the 
                 command line, this flag will update the ssh_known_hosts
                 in the chroot in addition to exporting an additional
                 file with the keys to be pulled in later.
  -p, --port     SSH port for remote servers.
  -h, --help     This message.
EOF
}

ARGS=$(getopt -o b:e:hup: --long base:,export:,update,port:,help -n $0 -- "$@")

[ $? != 0 ] && exit 1

eval set -- "${ARGS}"

while true ; do
    case "$1" in
        -b|--base)   BASE=$2 ; shift 2 ;;
        -e|--export) EXPORTFILE=$2 ; shift 2 ;;
        -u|--update) UPDATE=1 ; shift 1 ;;
        -p|--port)   SSH_PORT="-p $2" ; shift 2 ;;
        -h|--help)   usage ; exit 0 ;; 
        --) shift ; break ;;
        *) echo "Internal error!" ; exit 1 ;;
    esac
done

# Set up variables
BASE=${BASE:-"/opt/ltsp"}
if [ -z "${CHROOTS}" ]; then
    CHROOTS=$(find ${BASE}/ -mindepth 1 -maxdepth 1 -type d 2>/dev/null | \
              grep -v images)
fi
ENC="dsa rsa"
OUTPUT=$(mktemp)

if [ -z "$*" ]; then
    HOSTNAME=$(hostname)
    if [ -x /sbin/ip ]; then
        IPS=$(/sbin/ip -o -f inet addr show | sed -e 's,.* \(.*\)/.*,\1,' | grep -v '^127')
    elif [ -x /sbin/ifconfig ]; then
        # this assumes freebsd-net-tools on a Debian GNU/kFreeBSD system
        IPS=$(/sbin/ifconfig  | awk '/inet [1-9]/{print $2}' | egrep -v ^127)
    fi
    NAMES="${HOSTNAME} ${IPS}"
    THIS_SERVER=1
else
    # We were passed hostnames and ips
    NAMES=$*
    EXPORTFILE=${EXPORTFILE:-"/etc/ltsp/ssh_known_hosts.auto"}
    unset THIS_SERVER
fi

# Check for LOGFILE location
unset LOGFILE
[ -e /var/log/syslog ]   && LOGFILE="/var/log/syslog"
[ -e /var/log/messages ] && LOGFILE="/var/log/messages"
if [ -z "$LOGFILE" ]; then
    echo "ERROR: Neither /var/log/messages nor /var/log/syslog exists.  Unable to log."
    exit 0
fi

# Any chroots found, and not exporting?
# fixes bug #207485 per Andy Rabagliati
if [ -z "${CHROOTS}" -a -z "${EXPORTFILE}" ]; then
	logger -f $LOGFILE -t ltsp \
        "No client chroots found, please run ltsp-build-client"
	exit 0
fi

# Make a "server" hostname entry
for ENCRYPTION in ${ENC}; do
    if [ -n "$THIS_SERVER" ]; then
        echo $(echo server $(cat /etc/ssh/ssh_host_${ENCRYPTION}_key.pub | \
            awk '{split ($0, a, " "); print a[1]" "a[2]" "}')) >> $OUTPUT
    fi
done

# Get encryption keys
for NAME in ${NAMES}; do
    for ENCRYPTION in ${ENC}; do
        if [ -n "$THIS_SERVER" ]; then
            if [ -f /etc/ssh/ssh_host_${ENCRYPTION}_key.pub ]; then
                # Make a "server" hostname entry
                echo $(echo $NAME $(cat /etc/ssh/ssh_host_${ENCRYPTION}_key.pub | \
                    awk '{split ($0, a, " "); print a[1]" "a[2]" "}')) >> $OUTPUT
                logger -f $LOGFILE -t ltsp "# Creating ${ENCRYPTION}-hostkey for ${NAME}"
            else
                logger -f $LOGFILE -t ltsp "No ${ENCRYPTION} key found for ${NAME}, please configure your ssh server correctly"
            fi
        else
            NAMED_SERVER=${NAME%:*}
            NAMED_PORT=${NAME#*:}
            [ "${NAMED_PORT}" != "${NAMED_SERVER}" ] && SSH_PORT="-p ${NAMED_PORT}"
            ssh-keyscan -t ${ENCRYPTION} ${SSH_PORT} ${NAME%:*} >> ${OUTPUT} 2>/dev/null
        fi
    done
done

#
# export file
# We need this for multiple host support.  This way, we can do an
# ltsp-update-sshkeys --export ssh_known_hosts.myname
# and install this file in the /etc/ltsp dir, where it will be picked up
# by the above.
# Note that ltsp-update-sshkeys --export - cats to stdout
# If no export specified, then update local chroots.
#

if [ -n "${EXPORTFILE}" ]; then
    if [ "${EXPORTFILE}" = "-" ]; then
        cat ${OUTPUT}
    else
        install -m 644 ${OUTPUT} ${EXPORTFILE}
        # Now that we have our new file, use it
        [ -n "$UPDATE" ] && $0
    fi
else
    # Add any additional hosts
    for SSHHOST in $(ls /etc/ltsp/ssh_known_hosts.* 2> /dev/null); do
        cat ${SSHHOST} >> $OUTPUT
        echo >> $OUTPUT
    done
    for CHROOT in ${CHROOTS}; do
        if [ -d ${CHROOT}/etc/ssh ]; then
            install -m 644 $OUTPUT ${CHROOT}/etc/ssh/ssh_known_hosts
        else
            echo "WARNING: ${CHROOT}/etc/ssh not found. skipping..."
        fi
    done
fi

rm -f ${OUTPUT}

exit 0