Hi all, I wrote a small script (developed and testet on Solaris 8), which automates the generation and installation of the steps needed to put keys in place. I you are interested to take it, feel free to do it. -- *** Freundliche Gruesse **** Best regards *** Anton Burkhalter Dipl. El. Ing. HTL Mobile:+41(0)78 844-0290 mailto:anton.burkhalter at gmx.net http://www.abu-online.com -- If you are not the intended recipient of this email, you are not authorized to make any use of it; please delete it and notify me by return email. Thank you. -- -------------- next part -------------- #!/bin/sh # ****************************************************************************** # $Id: ssh-keymanager,v 1.1 2002/07/08 16:04:13 ccadmin Exp $ # Copyright (C) 2002 Anton Burkhalter, this is free software. # ****************************************************************************** # # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # Author : Anton Burkhalter # # Description: Key Manager for OpenSSH # # Creation date : Sat Jul 6 17:57:52 MEST 2002 scriptID="\$Id: ssh-keymanager,v 1.1 2002/07/08 16:04:13 ccadmin Exp $" ;export scriptID # # Change history: # $Log: ssh-keymanager,v $ # Revision 1.1 2002/07/08 16:04:13 ccadmin # Initial revision # # ------------------------------------------------------------------------------ SAVEDIR=`pwd` cd MYHOMEDIR=`pwd` MYHOSTNAME=`/bin/uname -n | cut -f1 -d .` MYNAME=`basename $0` TARGEThomedir=`pwd` TARGEThostname="" TARGETusername=${LOGNAME} MYUSERNAME=${LOGNAME} if [ -x /usr/xpg4/bin/cp ]; then CP="/usr/xpg4/bin/cp -p" else CP="/usr/bin/cp" fi ################################################################################ ### functions ################################################################## # ## ++ yes_or_no() { # Takes two arguments, a PROMPT and the default value (Y | N). # Returns 0 if the user specified "Y", nonzero otherwise. # if [ ${#} -ne 2 ]; then return 1 fi if [ "${2}" = "Y" ]; then DEFPMPT="([Y]/N):\c " DEFVAL="Y" else DEFPMPT="(Y/[N]):\c " DEFVAL="N" fi echo "${1} ${DEFPMPT} \c" read ANS : ${ANS:="${DEFVAL}"} if [ "${ANS}" != "Y" -a "${ANS}" != "y" ]; then return 1 fi return 0 } # - ## ++ do_info() { echo "" echo "${scriptID}" | awk '{print "ssh-keymanager Version "$3" Release "$4}' echo "" echo "The basis of using ssh without typing your password is public key based" echo "authentication. You need to generate a pair of public/private keys for" echo "this. \"ssh-keymanager\" will help you to do that." echo "" echo " - It generates your public/private \"DSA\" keys using ssh-keygen. They" echo " are encrypted on disk using DES, via your passphrase. The keys will" echo " be saved in ~/.ssh as \"id_dsa\" and \"id_dsa.pub\"." echo " Your public DSA key will get the name \"${USER}-id_dsa.pub\" which is" echo " a copy of \"id_dsa.pub\"". echo "" echo " - The \"${USER}-id_dsa.pub\" will be added to \"~/.ssh/authorized_keys\"" echo " of the remote host you want to logon." echo "" } # - ## ++ do_note() { echo "" echo "NOTE:" echo "It is possible to just press the enter key when prompted for a" echo "passphrase, which will make a key with no passphrase. This is" echo "a Bad Idea for an identity key, so don't do it. It is strongly" echo "recommended using a passphrase !" echo "" echo "At the prompt \"Enter file in which to save the key...\", -> press the Return key." echo "At the prompt \"Enter passphrase...\", -> enter your passphrase !" echo "" echo "It may take a while to generate the keys. Please wait..." } # - ## ++ get_target_hostname() { # globals in: MYUSERNAME # out: TARGEThostname if [ ${TARGEThostname:-Notset} = Notset ]; then ANSWER="not_defined" BADANSWER=${ANSWER} else ANSWER=${TARGEThostname} fi need_input="y" while [ ${need_input} = "y" ]; do echo "" echo "Enter remote host name you want to logon:" echo "" echo "** Host name [${ANSWER}] : \c" read ANS : ${ANS:="${ANSWER}"} if [ $ANS = ${BADANSWER} ];then echo "" else TARGEThostname=${ANS} echo "" yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGEThostname}\"" Y if [ ${?} -eq 0 ]; then need_input="n" echo "" fi ANSWER=${TARGEThostname} fi done } # - ## ++ get_target_username() { # globals in: MYUSERNAME, TARGEThostname # out: TARGETusername if [ ${TARGETusername:-Notset} = Notset ]; then ANSWER="not_defined" BADANSWER=${ANSWER} else ANSWER=${TARGETusername} fi need_input="y" while [ ${need_input} = "y" ]; do echo "" echo "Enter the username on remote host \"${TARGEThostname}\"" echo "" echo " Target username [${ANSWER}] : \c" read ANS : ${ANS:="${ANSWER}"} if [ $ANS = ${BADANSWER} ];then echo "" else TARGETusername=${ANS} echo "" yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGETusername}@${TARGEThostname}\"" Y if [ ${?} -eq 0 ]; then need_input="n" echo "" fi ANSWER=${TARGETusername} fi done } # - ## ++ get_target_homedir() { # globals in: MYUSERNAME, TARGEThostname, TARGETusername # out: TARGEThomedir savedir=`pwd` cd if [ ${TARGETusername} = "root" ]; then ANSWER="/" else ANSWER="/home/${TARGETusername}" fi need_input="y" while [ ${need_input} = "y" ]; do echo "" echo "Enter the home directory of user \"${TARGETusername}\" on remote machine \"${TARGEThostname}\":" echo "" echo "** Home directory [${ANSWER}] : \c" read ANS : ${ANS:="${ANSWER}"} TARGEThomedir=${ANS} echo "" yes_or_no "Would you like to export \"${MYUSERNAME}-id_dsa.pub\" to the remote host \"${TARGETusername}@${TARGEThostname}:${TARGEThomedir}/.ssh\"" Y if [ ${?} -eq 0 ]; then need_input="n" echo "" fi ANSWER=${TARGEThomedir} done cd ${savedir} unset savedir } # - ## ++ do_buildkeys() { # globals in: MYHOMEDIR, MYUSERNAME /usr/bin/rm -f id_dsa* do_note ssh-keygen -b 1280 -t dsa chmod 600 id_dsa.pub ${CP} id_dsa.pub ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub chmod 600 ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub echo "" echo "A copy of our public key has been saved in" echo "${MYHOMEDIR}/.ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub" echo "" } # - ## ++ do_make_keys() { # globals in: MYHOMEDIR if [ ! -d ${MYHOMEDIR}/.ssh ]; then /usr/bin/rm -f ${MYHOMEDIR}/.ssh mkdir ${MYHOMEDIR}/.ssh fi chmod 700 ${MYHOMEDIR}/.ssh savedir=`pwd` cd ${MYHOMEDIR}/.ssh if [ -f id_dsa ] && [ -f id_dsa.pub ]; then echo "" echo "The following DSA keys already available:" /usr/bin/ls -l | grep id_dsa | awk '{print " "$6" "$7" "$8" "$9}' echo "" yes_or_no "** do you need a new key pair " N if [ ${?} -eq 0 ]; then do_buildkeys fi else do_buildkeys fi cd ${savedir} unset savedir } # - ## ++ do_create_script() { # globals in: MYHOMEDIR, MYHOSTNAME, MYUSERNAME /usr/bin/rm -f ${MYUSERNAME}_make_key echo '#!/bin/sh' >> ${MYUSERNAME}_make_key echo "# File: ${MYHOMEDIR}/${MYUSERNAME}_make_key" >> ${MYUSERNAME}_make_key echo "# created by ssh-keymanager at: `date`" >> ${MYUSERNAME}_make_key echo '#' >> ${MYUSERNAME}_make_key echo 'PATH=/usr/bin;export PATH' >> ${MYUSERNAME}_make_key echo "KEYNAME=\"${MYUSERNAME}@${MYHOSTNAME}\"" >> ${MYUSERNAME}_make_key echo 'MYHOST=`/bin/uname -n | cut -f1 -d .`' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo 'cd' >> ${MYUSERNAME}_make_key echo 'MYHOME=`pwd`' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo 'if [ ! -d ${MYHOME}/.ssh ]; then' >> ${MYUSERNAME}_make_key echo ' /usr/bin/rm -f ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key echo ' mkdir ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key echo 'fi' >> ${MYUSERNAME}_make_key echo 'chmod 700 ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo 'if [ ${MYHOME} -ne "/" ]; then' >> ${MYUSERNAME}_make_key echo ' chmod 755 ${MYHOME}' >> ${MYUSERNAME}_make_key echo 'fi' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo "if [ ! -f \${MYHOME}/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ]; then" >> ${MYUSERNAME}_make_key echo ' echo ""' >> ${MYUSERNAME}_make_key echo " echo \"Public key: \${MYHOME}/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub not found ...\"" >> ${MYUSERNAME}_make_key echo ' echo ""' >> ${MYUSERNAME}_make_key echo ' exit' >> ${MYUSERNAME}_make_key echo 'fi' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo "/usr/bin/rm -f \${MYHOME}/.ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub" >> ${MYUSERNAME}_make_key echo "mv ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub \${MYHOME}/.ssh" >> ${MYUSERNAME}_make_key echo 'cd ${MYHOME}/.ssh' >> ${MYUSERNAME}_make_key echo "chmod 600 ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub" >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo 'if [ -f authorized_keys ]; then' >> ${MYUSERNAME}_make_key echo ' /usr/bin/rm -f authorized_keys.new' >> ${MYUSERNAME}_make_key echo ' grep -v "${KEYNAME}" authorized_keys >authorized_keys.new' >> ${MYUSERNAME}_make_key echo " cat ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub >> authorized_keys.new" >> ${MYUSERNAME}_make_key echo ' /usr/bin/rm -f authorized_keys.bak' >> ${MYUSERNAME}_make_key echo ' mv authorized_keys authorized_keys.bak' >> ${MYUSERNAME}_make_key echo ' sort -u authorized_keys.new >authorized_keys' >> ${MYUSERNAME}_make_key echo ' /usr/bin/rm -f authorized_keys.new' >> ${MYUSERNAME}_make_key echo 'else' >> ${MYUSERNAME}_make_key echo " cat ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub >> authorized_keys" >> ${MYUSERNAME}_make_key echo 'fi' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo 'chmod 600 authorized_keys' >> ${MYUSERNAME}_make_key echo 'cd' >> ${MYUSERNAME}_make_key echo 'echo ""' >> ${MYUSERNAME}_make_key echo "echo \"\${MYHOST}: ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub added to \${MYHOME}/.ssh/authorized_keys\"" >> ${MYUSERNAME}_make_key echo 'echo ""' >> ${MYUSERNAME}_make_key echo 'echo "done..."' >> ${MYUSERNAME}_make_key echo '' >> ${MYUSERNAME}_make_key echo "/usr/bin/rm -f ${MYUSERNAME}_make_key" >> ${MYUSERNAME}_make_key chmod +x ${MYUSERNAME}_make_key } # - ## ++ do_transfer_files() { # globals in: MYUSERNAME, TARGEThomedir, TARGEThostname, TARGETusername echo "" echo "The public key ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub will be transfered to ${TARGEThostname}" echo "" if [ ${TARGETusername} = "root" ]; then echo "scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:/" scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:/ else echo "scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:${TARGEThomedir}" scp -p ${MYUSERNAME}_make_key .ssh/${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub ${TARGETusername}@${TARGEThostname}:${TARGEThomedir} fi echo "" echo "The public key ${MYUSERNAME}_${MYHOSTNAME}-id_dsa.pub will be added to:" echo "" echo " ${MYUSERNAME}@${TARGEThostname}:${TARGEThomedir}/.ssh/authorized_keys" echo "" echo "ssh ${TARGETusername}@${TARGEThostname} ${TARGEThomedir}/${MYUSERNAME}_make_key" ssh ${TARGETusername}@${TARGEThostname} ${TARGEThomedir}/${MYUSERNAME}_make_key /usr/bin/rm -f ${MYUSERNAME}_make_key } # - ## ++ do_hint() { echo "" echo "********************************************************************************" echo "" echo "To login on remote machine without typing in your password do the following:" echo "" echo " You need to start the agent, tell it your passphrase, and hook up to" echo " the agent whenever you need to connect to the remote machine." echo "" echo " Example: ssh-agent sh -c 'ssh-add && bash --login'" echo " ssh ${TARGEThostname} -l ${TARGETusername}" echo "" echo "********************************************************************************" echo "" } # - ################################################################################ ### main starts here ########################################################## # do_info get_target_hostname get_target_username get_target_homedir do_make_keys do_create_script do_transfer_files do_hint cd ${SAVEDIR} -------------- next part -------------- A non-text attachment was scrubbed... Name: anton.burkhalter.vcf Type: text/x-vcard Size: 193 bytes Desc: Card for Anton Burkhalter Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020809/aab6b03f/attachment.vcf