Created
July 9, 2012 20:25
-
-
Save syzdek/3078682 to your computer and use it in GitHub Desktop.
Script to encrypt a string using an SSH user's public RSA ssh key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Convience script for encrypting a SSH user's password | |
| # using the user's public SSH RSA key. | |
| # | |
| # encrypt-sshpass.sh | |
| # | |
| PROGRAM_NAME=`basename ${0}` | |
| SSH_USER=${1} | |
| SSH_KEY_NAME=${2} | |
| SSH_USER_DIR=${3} | |
| # check CLI arguments | |
| if test "x${1}" == "x";then | |
| echo "Usage: ${PROGRAM_NAME} <username> [ <keyname> [ <homedir> ] ]" | |
| echo " " | |
| echo "Notes:" | |
| echo " On some systems, the '.' character can be used as a wild card for" | |
| echo " username or keyname if the home directory is specified." | |
| echo " " | |
| exit 1 | |
| fi | |
| # check for home directory | |
| if test "x${3}" != "x";then | |
| SSH_USER_DIR=${3} | |
| elif test -d /Users;then | |
| SSH_USER_DIR=/Users/${SSH_USER} | |
| elif test -d /home;then | |
| SSH_USER_DIR=/home/${SSH_USER} | |
| else | |
| echo "${PROGRAM_NAME}: unable to determine location of home directories." | |
| exit 1 | |
| fi | |
| if test ! -d ${SSH_USER_DIR};then | |
| echo "${PROGRAM_NAME}: unable to find user's home directory." | |
| exit 1 | |
| fi | |
| # determine which key file to use | |
| if test -f ${SSH_USER_DIR}/.ssh/authorized_keys;then | |
| SSH_USER_KEY_FILE=${SSH_USER_DIR}/.ssh/authorized_keys | |
| elif test -f ${SSH_USER_DIR}/.ssh/id_rsa.pub;then | |
| SSH_USER_KEY_FILE=${SSH_USER_DIR}/.ssh/id_rsa.pub | |
| else | |
| echo "${PROGRAM_NAME}: user does not have a public RSA key" | |
| exit 1 | |
| fi | |
| # finds matching keys | |
| PATTERN="^\(.\{1,\} \)\{0,1\}\(ssh-rsa AAAA[+/[:alnum:]]\{1,\}[=]\{0,2\} \(.\{0,\}$SSH_KEY_NAME.\{0,\}\)\)$" | |
| KEYCOUNT=`grep "${PATTERN}" ${SSH_USER_KEY_FILE} | wc -l` | |
| if test ${KEYCOUNT} -eq 0;then | |
| echo "${PROGRAM_NAME}: unable to find matching key for user." | |
| exit 1 | |
| fi | |
| if test ${KEYCOUNT} -ne 1;then | |
| echo "" | |
| echo "Multiple keys found:" | |
| grep "${PATTERN}" ${SSH_USER_KEY_FILE} \ | |
| | sed -e "s/$PATTERN/\3/g" \ | |
| -e "s/^/ /g" | |
| echo "" | |
| echo "Narrow criteria and try again." | |
| echo "" | |
| exit 1 | |
| fi | |
| # prompt for new password | |
| while test "x${PASS1}" != "x${PASS2}" || test "x${PASS1}" == "x";do | |
| stty -echo | |
| read -p "Enter User's New Password: " PASS1 | |
| echo "" | |
| if test "x${PASS1}" == "x";then | |
| echo "" | |
| echo "Password cannot be empty." | |
| echo "" | |
| else | |
| read -p "Re-enter User's New Password: " PASS2 | |
| echo "" | |
| if test "x${PASS1}" != "x${PASS2}";then | |
| echo "" | |
| echo "Passwords do not match." | |
| echo "" | |
| fi | |
| fi | |
| stty echo | |
| done | |
| echo "" | |
| echo "" | |
| grep "${PATTERN}" ${SSH_USER_KEY_FILE} | sed -e "s/$PATTERN/\2/g" > /tmp/ssh-pubkey-${SSH_USER}-$$ || exit 1 | |
| ssh-keygen -f /tmp/ssh-pubkey-${SSH_USER}-$$ -e -m PKCS8 \ | |
| > /tmp/ssh-pubkey-${SSH_USER}-$$.pem || exit 1 | |
| echo "# Running the following output as a script on the host" | |
| echo "# containing the user's private key, should decrypt the" | |
| echo "# password:" | |
| echo " " | |
| echo 'cat << EOF |openssl enc -base64 -d |openssl rsautl -inkey ~/.ssh/id_rsa -decrypt' | |
| echo "New Password: ${PASS1}" \ | |
| | openssl rsautl -pubin -inkey /tmp/ssh-pubkey-${SSH_USER}-$$.pem -encrypt -pkcs \ | |
| | openssl enc -base64 | |
| echo "EOF" | |
| echo "" | |
| rm -f /tmp/ssh-pubkey-${SSH_USER}-$$ | |
| rm -f /tmp/ssh-pubkey-${SSH_USER}-$$.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment