feat(user/ssh): install vssh script
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
0f7de0b35a
commit
73090a0db1
2 changed files with 37 additions and 0 deletions
31
roles/user/ssh/files/vssh
Executable file
31
roles/user/ssh/files/vssh
Executable file
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# create a temporary directory for an SSH key
|
||||||
|
SSH_KEY_DIR=$(mktemp -d)
|
||||||
|
|
||||||
|
# if no path to the key exists, create a temporary one
|
||||||
|
if [[ $SSH_KEY_PATH == "" ]]; then
|
||||||
|
SSH_KEY_PATH=$SSH_KEY_DIR/id_ed25519
|
||||||
|
ssh-keygen -q -t ed25519 -N "" -f $SSH_KEY_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
|
vault ssh \
|
||||||
|
-no-exec \
|
||||||
|
-field=signed_key \
|
||||||
|
-mode=ca \
|
||||||
|
-role="$VSSH_ROLE" \
|
||||||
|
-valid-principals="$VSSH_PRINCIPALS" \
|
||||||
|
-public-key-path=$SSH_KEY_PATH.pub \
|
||||||
|
-private-key-path=$SSH_KEY_PATH \
|
||||||
|
localhost > $SSH_KEY_PATH.pub.signed
|
||||||
|
chmod 400 $SSH_KEY_PATH.pub.signed
|
||||||
|
|
||||||
|
# [DEBUG]
|
||||||
|
ssh-keygen -L -f $SSH_KEY_PATH.pub.signed
|
||||||
|
|
||||||
|
# execute the SSH
|
||||||
|
ssh -i $SSH_KEY_PATH -i $SSH_KEY_PATH.pub.signed $@
|
||||||
|
|
||||||
|
# delete the signed key and temporary key if exists
|
||||||
|
rm -f $SSH_KEY_PATH.pub.signed
|
||||||
|
rm -rf $SSH_KEY_DIR
|
|
@ -12,3 +12,9 @@
|
||||||
dest: ~/.ssh/authorized_keys
|
dest: ~/.ssh/authorized_keys
|
||||||
mode: 0600
|
mode: 0600
|
||||||
tags: ssh/authorized-keys
|
tags: ssh/authorized-keys
|
||||||
|
|
||||||
|
- name: Install ‹vssh› script
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/vssh
|
||||||
|
dest: ~/.local/bin/vssh
|
||||||
|
mode: 0640
|
||||||
|
|
Loading…
Reference in a new issue