summaryrefslogtreecommitdiffstats
path: root/scripts/sh/ssh-keygrep
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2022-04-26 21:54:56 +0200
committerGeorg Pfuetzenreuter2022-04-26 21:54:56 +0200
commit30ebadc915d078797b31efa21e252b66ec0c35ce (patch)
tree006c4c51fc967bc2dd4fc6495dcc2b52ee87efdf /scripts/sh/ssh-keygrep
parentfcc428cdc23cf5cd1f69140008771592348fedb2 (diff)
downloadsystem-30ebadc915d078797b31efa21e252b66ec0c35ce.tar.gz
system-30ebadc915d078797b31efa21e252b66ec0c35ce.tar.bz2
system-30ebadc915d078797b31efa21e252b66ec0c35ce.zip
Init ssh-keygrep
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'scripts/sh/ssh-keygrep')
-rwxr-xr-xscripts/sh/ssh-keygrep54
1 files changed, 54 insertions, 0 deletions
diff --git a/scripts/sh/ssh-keygrep b/scripts/sh/ssh-keygrep
new file mode 100755
index 0000000..42ffd6d
--- /dev/null
+++ b/scripts/sh/ssh-keygrep
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Alternative to `sss_ssh_authorizedkeys` which does not behave weirdly
+#
+# For use with sshd, you may utilize the following example lines in sshd_config:
+# AuthorizedKeysCommand /usr/bin/sh -c '/usr/local/bin/ssh-keygrep %u'
+# AuthorizedKeysCommandUser nobody
+#
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+# Created and last modified: 26/04/2022
+
+uid="$1"
+
+log="/var/log/ssh-keygrep.log"
+uri="ldaps://ldap.example.com"
+base="uid=$uid,ou=users,dc=example,dc=com"
+attribute="sshPublicKey"
+
+# -x ---> anonymous bind
+# -D 'cn=foo,ou=users,dc=example,dc=com' -y '/path/to/passfile' ---> bind as user
+auth_args="-x"
+# any additional ldapsearch arguments
+extra_args=""
+
+binary_ldapsearch="/usr/bin/ldapsearch"
+binary_perl="/usr/bin/perl"
+
+if [ -z "$uid" ];
+then
+ echo "Specify a uid."
+fi
+
+fetch () {
+ $binary_ldapsearch -LLL -H $uri $auth_args $extra_args -b $base $attribute
+}
+
+parse () {
+ $binary_perl -p00e 's/\r?\n //g;' -pe 's/sshPublicKey: //g;' -pe 's/\A(^.*$\r?\n){1}//'
+}
+
+key="`fetch | parse`"
+
+printf "Key queried by $USER for $uid at `date`, " >> $log
+if [ -z "$key" ];
+then
+ echo "no result :-(" >> $log
+ exit 1
+fi
+if [ -n "$key" ];
+then
+ echo "result: $key" >> $log
+ echo "$key"
+ exit 0
+fi
+