blob: b595a434fb78a915fae503fb832f55632d5d736f [file] [log] [blame]
Darren Tucker3dfb8772012-12-07 13:03:10 +11001# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
Damien Miller771c43c2012-12-03 10:12:13 +11002# Placed in the Public Domain.
3
4tid="authorized keys from command"
5
6if test -z "$SUDO" ; then
7 echo "skipped (SUDO not set)"
8 echo "need SUDO to create file in /var/run, test won't work without"
9 exit 0
10fi
11
12# Establish a AuthorizedKeysCommand in /var/run where it will have
13# acceptable directory permissions.
14KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
15cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
16#!/bin/sh
Darren Tucker3dfb8772012-12-07 13:03:10 +110017test "x\$1" != "x${LOGNAME}" && exit 1
Damien Miller771c43c2012-12-03 10:12:13 +110018exec cat "$OBJ/authorized_keys_${LOGNAME}"
19_EOF
20$SUDO chmod 0755 "$KEY_COMMAND"
21
22cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
23(
24 grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
25 echo AuthorizedKeysFile none
26 echo AuthorizedKeysCommand $KEY_COMMAND
27 echo AuthorizedKeysCommandUser ${LOGNAME}
28) > $OBJ/sshd_proxy
29
Darren Tucker3dfb8772012-12-07 13:03:10 +110030if [ -x $KEY_COMMAND ]; then
31 ${SSH} -F $OBJ/ssh_proxy somehost true
32 if [ $? -ne 0 ]; then
33 fail "connect failed"
34 fi
35else
36 echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
Damien Miller771c43c2012-12-03 10:12:13 +110037fi
Darren Tucker3dfb8772012-12-07 13:03:10 +110038
39$SUDO rm -f $KEY_COMMAND