Init ssh-keygrep
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
fcc428cdc2
commit
30ebadc915
54
scripts/sh/ssh-keygrep
Executable file
54
scripts/sh/ssh-keygrep
Executable file
@ -0,0 +1,54 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Alternative to `sss_ssh_authorizedkeys` which does not behave weirdly
|
||||||
|
#
|
||||||
|
# For use with sshd, you may utilize the following example lines in sshd_config:
|
||||||
|
# AuthorizedKeysCommand /usr/bin/sh -c '/usr/local/bin/ssh-keygrep %u'
|
||||||
|
# AuthorizedKeysCommandUser nobody
|
||||||
|
#
|
||||||
|
# Georg Pfuetzenreuter <georg@lysergic.dev>
|
||||||
|
# Created and last modified: 26/04/2022
|
||||||
|
|
||||||
|
uid="$1"
|
||||||
|
|
||||||
|
log="/var/log/ssh-keygrep.log"
|
||||||
|
uri="ldaps://ldap.example.com"
|
||||||
|
base="uid=$uid,ou=users,dc=example,dc=com"
|
||||||
|
attribute="sshPublicKey"
|
||||||
|
|
||||||
|
# -x ---> anonymous bind
|
||||||
|
# -D 'cn=foo,ou=users,dc=example,dc=com' -y '/path/to/passfile' ---> bind as user
|
||||||
|
auth_args="-x"
|
||||||
|
# any additional ldapsearch arguments
|
||||||
|
extra_args=""
|
||||||
|
|
||||||
|
binary_ldapsearch="/usr/bin/ldapsearch"
|
||||||
|
binary_perl="/usr/bin/perl"
|
||||||
|
|
||||||
|
if [ -z "$uid" ];
|
||||||
|
then
|
||||||
|
echo "Specify a uid."
|
||||||
|
fi
|
||||||
|
|
||||||
|
fetch () {
|
||||||
|
$binary_ldapsearch -LLL -H $uri $auth_args $extra_args -b $base $attribute
|
||||||
|
}
|
||||||
|
|
||||||
|
parse () {
|
||||||
|
$binary_perl -p00e 's/\r?\n //g;' -pe 's/sshPublicKey: //g;' -pe 's/\A(^.*$\r?\n){1}//'
|
||||||
|
}
|
||||||
|
|
||||||
|
key="`fetch | parse`"
|
||||||
|
|
||||||
|
printf "Key queried by $USER for $uid at `date`, " >> $log
|
||||||
|
if [ -z "$key" ];
|
||||||
|
then
|
||||||
|
echo "no result :-(" >> $log
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n "$key" ];
|
||||||
|
then
|
||||||
|
echo "result: $key" >> $log
|
||||||
|
echo "$key"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue
Block a user