From 97ca243214359ae27d70f11db4f2cebc0b641eee Mon Sep 17 00:00:00 2001 From: Russ Long Date: Thu, 7 Feb 2019 14:51:01 -0500 Subject: [PATCH] Add copy-id command --- README.md | 21 ++++++++++++++++++--- ssh-copy-id.sh | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 3 deletions(-) create mode 100755 ssh-copy-id.sh diff --git a/README.md b/README.md index cab836b..b9e6698 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,29 @@ # Purpose This script allows you to ssh to a server using an SSH Key and passphrase pulled from your lastpass account. -# Requirements +# ssh.sh Script +## Requirements This script requires the `lastpass-cli` and `expect` packages. The SSH Key must be stored in your lastpass account, as a Secure Note of the type SSH Key, with the Private Key and Passphrase fields filled out, at a minimum. -# Usage +## Usage 1. Download the script to a location of your choosing, ensuring it is executable 2. run it like this: ```./ssh.sh KEYNAME server-you-wish-to-ssh-to``` -# How it works +## How it works This script uses the official `lastpass-cli` package to pull the private key to a file and the private key passphrase to a variable. The script then uses that information to ssh to the requested server, and removes the private key when the connection is closed. + +# ssh-copy-id.sh Script +## Requirements +This script requires the `lastpass-cli` package. + +The SSH Key must be stored in your lastpass account, as a Secure Note of the type SSH Key, with the Private Key and Public Key fields filled out, at a minimum. + +## Usage +1. Download the script to a location of your choosing, ensuring it is executable +2. run it like this: ```./ssh-copy-id.sh KEYNAME server-you-wish-to-ssh-to``` +3. You will be prompted to answer if you would like to remove all old ssh keys currently installed on the remote host. This is strongly recommended. + +## How it works +This script uses the official `lastpass-cli` package to pull the public and private keys to files. The script then uses that information to run `ssh-copy-id` to requested server, and removes the key files when the connection is closed. diff --git a/ssh-copy-id.sh b/ssh-copy-id.sh new file mode 100755 index 0000000..6b181fd --- /dev/null +++ b/ssh-copy-id.sh @@ -0,0 +1,49 @@ +#!/bin/bash +#Maintained by Linux Operations - Russ Long - + +#Set variables +keyname=${1} +hostname=${2} +keyfile=$HOME/.ssh/${keyname}-$(date "+%s") +pubkeyfile=$HOME/.ssh/${keyname}-$(date "+%s").pub + +#Check to see if user is logged in to lastpass cli +if lpass status | grep -q "Logged in as"; then + echo "Logged in to Lastpass, continuing..." +else + echo "Please login with 'lpass login email@address.com'" + exit 1 +fi + +#Fetch private key and place in /home/$user/.ssh/$keyname-datetime +lpass show $keyname --field="Private Key" > $keyfile +chmod 0600 $keyfile + +#Fetch public Key and place in /home/$user/.ssh/$keyname-datetime.pub +lpass show $keyname --field="Public Key" > $pubkeyfile + +#Ask user if they wish to remove old keys +read -r -p "Do you wish to remove ALL other ssh keys for your user on $hostname? [Y/n]" removeresponse +removeresponse=${removeresponse,,} #tolower +if [ -z $removeresponse ]; then + removeresponse="y" +fi +if [ $removeresponse = "y" ] || [ $removeresponse = "yes" ]; then + echo "ALL Old keys being removed for your user, authorized_keys file on $hostname being backed up first." + ssh $hostname "cp .ssh/authorized_keys{,.bak} && cat /dev/null > .ssh/authorized_keys" +else + echo "Something other than Yes was entered..." + echo "" + echo "Old keys will remain in place, please audit your authorized_keys file frequently!" + echo "" + echo "You may be prompted for your key passphrase for the key to be copied." + echo "" +fi + +#Add the key to ssh-agent +echo "Copying id to $hostname, you may be asked to authenticate to SSH." +ssh-copy-id -i $pubkeyfile $hostname + +#Remove keyfiles +rm -f $keyfile +rm -f $pubkeyfile