Darren Tucker | 3dfb877 | 2012-12-07 13:03:10 +1100 | [diff] [blame] | 1 | # $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $ |
Damien Miller | 771c43c | 2012-12-03 10:12:13 +1100 | [diff] [blame] | 2 | # Placed in the Public Domain. |
| 3 | |
| 4 | tid="authorized keys from command" |
| 5 | |
| 6 | if test -z "$SUDO" ; then |
| 7 | echo "skipped (SUDO not set)" |
| 8 | echo "need SUDO to create file in /var/run, test won't work without" |
| 9 | exit 0 |
| 10 | fi |
| 11 | |
| 12 | # Establish a AuthorizedKeysCommand in /var/run where it will have |
| 13 | # acceptable directory permissions. |
| 14 | KEY_COMMAND="/var/run/keycommand_${LOGNAME}" |
| 15 | cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" |
| 16 | #!/bin/sh |
Darren Tucker | 3dfb877 | 2012-12-07 13:03:10 +1100 | [diff] [blame] | 17 | test "x\$1" != "x${LOGNAME}" && exit 1 |
Damien Miller | 771c43c | 2012-12-03 10:12:13 +1100 | [diff] [blame] | 18 | exec cat "$OBJ/authorized_keys_${LOGNAME}" |
| 19 | _EOF |
| 20 | $SUDO chmod 0755 "$KEY_COMMAND" |
| 21 | |
| 22 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak |
| 23 | ( |
| 24 | grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak |
| 25 | echo AuthorizedKeysFile none |
| 26 | echo AuthorizedKeysCommand $KEY_COMMAND |
| 27 | echo AuthorizedKeysCommandUser ${LOGNAME} |
| 28 | ) > $OBJ/sshd_proxy |
| 29 | |
Darren Tucker | 3dfb877 | 2012-12-07 13:03:10 +1100 | [diff] [blame] | 30 | if [ -x $KEY_COMMAND ]; then |
| 31 | ${SSH} -F $OBJ/ssh_proxy somehost true |
| 32 | if [ $? -ne 0 ]; then |
| 33 | fail "connect failed" |
| 34 | fi |
| 35 | else |
| 36 | echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" |
Damien Miller | 771c43c | 2012-12-03 10:12:13 +1100 | [diff] [blame] | 37 | fi |
Darren Tucker | 3dfb877 | 2012-12-07 13:03:10 +1100 | [diff] [blame] | 38 | |
| 39 | $SUDO rm -f $KEY_COMMAND |