feat(user/ssh): install vssh script

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-07-01 13:21:55 +02:00
parent 0f7de0b35a
commit 73090a0db1
Signed by: mfocko
GPG key ID: 7C47D46246790496
2 changed files with 37 additions and 0 deletions

31
roles/user/ssh/files/vssh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
# create a temporary directory for an SSH key
SSH_KEY_DIR=$(mktemp -d)
# if no path to the key exists, create a temporary one
if [[ $SSH_KEY_PATH == "" ]]; then
SSH_KEY_PATH=$SSH_KEY_DIR/id_ed25519
ssh-keygen -q -t ed25519 -N "" -f $SSH_KEY_PATH
fi
vault ssh \
-no-exec \
-field=signed_key \
-mode=ca \
-role="$VSSH_ROLE" \
-valid-principals="$VSSH_PRINCIPALS" \
-public-key-path=$SSH_KEY_PATH.pub \
-private-key-path=$SSH_KEY_PATH \
localhost > $SSH_KEY_PATH.pub.signed
chmod 400 $SSH_KEY_PATH.pub.signed
# [DEBUG]
ssh-keygen -L -f $SSH_KEY_PATH.pub.signed
# execute the SSH
ssh -i $SSH_KEY_PATH -i $SSH_KEY_PATH.pub.signed $@
# delete the signed key and temporary key if exists
rm -f $SSH_KEY_PATH.pub.signed
rm -rf $SSH_KEY_DIR

View file

@ -12,3 +12,9 @@
dest: ~/.ssh/authorized_keys dest: ~/.ssh/authorized_keys
mode: 0600 mode: 0600
tags: ssh/authorized-keys tags: ssh/authorized-keys
- name: Install vssh script
ansible.builtin.copy:
src: files/vssh
dest: ~/.local/bin/vssh
mode: 0640