add ssh script

This commit is contained in:
Russ Long 2020-07-08 15:19:57 -04:00
parent 18302eed49
commit 18a4834a3c
2 changed files with 61 additions and 0 deletions

View File

@ -31,3 +31,16 @@ Used to upload a directory of ssh keys to bitwarden, placing public key in the n
3. Run script like this:
```/home/$USER/scripts/bw-ssh-uploader.sh /path/to/directory/of/keys $COLLECTIONID $ORGID```
## bw-ssh.sh
Used to fetch a private key from bitwarden, add it to ssh-agent, and login to a host
### Usage Instructions
1. Copy the file to a location of your choosing, I use `/home/$USER/scripts`
2. Mark it as executable
3. Run the script like this:
```/home/$USER/scripts/bw-ssh.sh $KEYNAME $USERNAME $HOSTNAME```

48
bw-ssh.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/bash
# To ssh to a host using a key stored in Bitwarden
# Key must be stored as a Secure Note, with the private key as an attachment to the note
# Bitwarden vault must be unlocked prior to use
#Set variables
keyname="${1}"
username=${2}
hostname=${3}
keysavename=$(echo -e ${keyname} | tr -d '[:space:]' | awk -F"/" '{print $NF}')
keyfile=${keysavename}-$(date "+%s")
#Check to see if user is logged in to Bitwarden and vault is unlocked
#check_login()
#{
if bw status | grep -q "unlocked"; then
echo "Bitwarden Vault unlocked, continuing..."
else
echo "Please login with 'bw unlock'"
exit 1
fi
#}
#Fetch private key and place in /home/$user/.ssh/$keysavename_datetime
bw get attachment $(bw get item $keyname | jq ".attachments[] | select((.fileName == \"$keyname\")).id" -r) --output $HOME/$keyfile --itemid $(bw get item $keyname | jq -r .id)
chmod 0600 $HOME/$keyfile
mv $HOME/$keyfile $HOME/.ssh/
#store passphrase in a variable
sshpassphrase=$(bw get item $keyname | jq -r ".fields[] | select((.name == \"Passphrase\")).value")
#Add the key to ssh-agent
expect << EOF
spawn ssh-add -t 30 $HOME/.ssh/$keyfile
expect "Enter passphrase"
send "$sshpassphrase\r"
expect eof
EOF
#SSH to the host
ssh $username@$hostname
#Remove keyfile
rm -f $HOME/.ssh/$keyfile