# shellcheck disable=SC2010
DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
SSH="ssh -a -x"
+TARGET_PATH=".ssh/authorized_keys"
umask 0177
usage () {
- printf 'Usage: %s [-h|-?|-f|-n|-s|-x] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+ printf 'Usage: %s [-h|-?|-f|-n|-s|-x] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [-t target_path] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
printf '\t-n: dry run -- no keys are actually copied\n' >&2
printf '\t-s: use sftp -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
GET_ID="ssh-add -L"
fi
-while getopts "i:o:p:F:fnsxh?" OPT
+while getopts "i:o:p:F:t:fnsxh?" OPT
do
case "$OPT" in
i)
s)
SFTP=sftp
;;
+ t)
+ TARGET_PATH="${OPTARG}"
+ ;;
x)
set -x
;;
}
# installkey_sh [target_path]
-# produce a one-liner to add the keys to remote authorized_keys file
-# optionally takes an alternative path for authorized_keys
+# produce a one-liner to add the keys to remote $TARGET_PATH
installkeys_sh() {
- AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
-
# In setting INSTALLKEYS_SH:
# the tr puts it all on one line (to placate tcsh)
# (hence the excessive use of semi-colons (;) )
INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
cd;
umask 077;
- AUTH_KEY_FILE="${AUTH_KEY_FILE}";
+ AUTH_KEY_FILE="${TARGET_PATH}";
[ -f /etc/openwrt_release ] && [ "\$LOGNAME" = "root" ] &&
AUTH_KEY_FILE=/etc/dropbear/authorized_keys;
AUTH_KEY_DIR=\`dirname "\${AUTH_KEY_FILE}"\`;
#shellcheck disable=SC2120 # the 'eval set' confuses this
installkeys_via_sftp() {
+ AUTH_KEY_FILE=${TARGET_PATH}
+ AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
# repopulate "$@" inside this function
eval set -- "$SSH_OPTS"
#shellcheck disable=SC2064
trap "$L_CLEANUP" EXIT TERM INT QUIT
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
- -get .ssh/authorized_keys $L_KEYS
+ -get "$AUTH_KEY_FILE" "$L_KEYS"
EOF
# add a newline or create file if it's missing, same like above
[ -z "$(tail -1c "$L_KEYS" 2>/dev/null)" ] || echo >> "$L_KEYS"
# append the keys being piped in here
cat >> "$L_KEYS"
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
- -mkdir .ssh
- chmod 700 .ssh
- put $L_KEYS .ssh/authorized_keys
- chmod 600 .ssh/authorized_keys
+ -mkdir "$AUTH_KEY_DIR"
+ chmod 700 "$AUTH_KEY_DIR"
+ put $L_KEYS "$AUTH_KEY_FILE"
+ chmod 600 "$AUTH_KEY_FILE"
EOF
#shellcheck disable=SC2064
eval "$L_CLEANUP" && trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
fi
;;
*)
- # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
+ # Assuming that the remote host treats $TARGET_PATH as one might expect
populate_new_ids 0
if ! [ "$DRY_RUN" ] ; then
printf '%s\n' "$NEW_IDS" | \
.Op Fl i Op Ar identity_file
.Op Fl p Ar port
.Op Fl o Ar ssh_option
+.Op Fl t Ar target_path
.Op Ar user Ns @ Ns
.Ar hostname
.Nm
.Pa ~/.ssh/authorized_keys
file will be downloaded, modified locally and uploaded with sftp.
This option is useful if the server has restrictions on commands which can be used on the remote side.
-.It Fl x
-This option is for debugging the
-.Nm
-script itself.
-It sets the shell's -x flag, so that you can see the commands being run.
-.It Fl h , Fl ?
-Print Usage summary
+.It Fl t Ar target_path
+the path on the target system where the keys should be added (defaults to ".ssh/authorized_keys")
.It Fl p Ar port , Fl o Ar ssh_option
These two options are simply passed through untouched, along with their
argument, to allow one to set the port or other
.Xr ssh 1 Ns 's
configuration file:
.Xr ssh_config 5 .
+.It Fl x
+This option is for debugging the
+.Nm
+script itself.
+It sets the shell's -x flag, so that you can see the commands being run.
+.It Fl h , Fl ?
+Print Usage summary
.El
.Pp
Default behaviour without
projects / thirdparty / openssh-portable.git / commitdiff
