Skip to content

Instantly share code, notes, and snippets.

@syzdek
Created July 9, 2012 20:25
Show Gist options
  • Save syzdek/3078682 to your computer and use it in GitHub Desktop.
Save syzdek/3078682 to your computer and use it in GitHub Desktop.
Script to encrypt a string using an SSH user's public RSA ssh key.
#!/bin/sh
#
# Convience script for encrypting a SSH user's password
# using the user's public SSH RSA key.
#
# encrypt-sshpass.sh
#
PROGRAM_NAME=`basename ${0}`
SSH_USER=${1}
SSH_KEY_NAME=${2}
SSH_USER_DIR=${3}
# check CLI arguments
if test "x${1}" == "x";then
echo "Usage: ${PROGRAM_NAME} <username> [ <keyname> [ <homedir> ] ]"
echo " "
echo "Notes:"
echo " On some systems, the '.' character can be used as a wild card for"
echo " username or keyname if the home directory is specified."
echo " "
exit 1
fi
# check for home directory
if test "x${3}" != "x";then
SSH_USER_DIR=${3}
elif test -d /Users;then
SSH_USER_DIR=/Users/${SSH_USER}
elif test -d /home;then
SSH_USER_DIR=/home/${SSH_USER}
else
echo "${PROGRAM_NAME}: unable to determine location of home directories."
exit 1
fi
if test ! -d ${SSH_USER_DIR};then
echo "${PROGRAM_NAME}: unable to find user's home directory."
exit 1
fi
# determine which key file to use
if test -f ${SSH_USER_DIR}/.ssh/authorized_keys;then
SSH_USER_KEY_FILE=${SSH_USER_DIR}/.ssh/authorized_keys
elif test -f ${SSH_USER_DIR}/.ssh/id_rsa.pub;then
SSH_USER_KEY_FILE=${SSH_USER_DIR}/.ssh/id_rsa.pub
else
echo "${PROGRAM_NAME}: user does not have a public RSA key"
exit 1
fi
# finds matching keys
PATTERN="^\(.\{1,\} \)\{0,1\}\(ssh-rsa AAAA[+/[:alnum:]]\{1,\}[=]\{0,2\} \(.\{0,\}$SSH_KEY_NAME.\{0,\}\)\)$"
KEYCOUNT=`grep "${PATTERN}" ${SSH_USER_KEY_FILE} | wc -l`
if test ${KEYCOUNT} -eq 0;then
echo "${PROGRAM_NAME}: unable to find matching key for user."
exit 1
fi
if test ${KEYCOUNT} -ne 1;then
echo ""
echo "Multiple keys found:"
grep "${PATTERN}" ${SSH_USER_KEY_FILE} \
| sed -e "s/$PATTERN/\3/g" \
-e "s/^/ /g"
echo ""
echo "Narrow criteria and try again."
echo ""
exit 1
fi
# prompt for new password
while test "x${PASS1}" != "x${PASS2}" || test "x${PASS1}" == "x";do
stty -echo
read -p "Enter User's New Password: " PASS1
echo ""
if test "x${PASS1}" == "x";then
echo ""
echo "Password cannot be empty."
echo ""
else
read -p "Re-enter User's New Password: " PASS2
echo ""
if test "x${PASS1}" != "x${PASS2}";then
echo ""
echo "Passwords do not match."
echo ""
fi
fi
stty echo
done
echo ""
echo ""
grep "${PATTERN}" ${SSH_USER_KEY_FILE} | sed -e "s/$PATTERN/\2/g" > /tmp/ssh-pubkey-${SSH_USER}-$$ || exit 1
ssh-keygen -f /tmp/ssh-pubkey-${SSH_USER}-$$ -e -m PKCS8 \
> /tmp/ssh-pubkey-${SSH_USER}-$$.pem || exit 1
echo "# Running the following output as a script on the host"
echo "# containing the user's private key, should decrypt the"
echo "# password:"
echo " "
echo 'cat << EOF |openssl enc -base64 -d |openssl rsautl -inkey ~/.ssh/id_rsa -decrypt'
echo "New Password: ${PASS1}" \
| openssl rsautl -pubin -inkey /tmp/ssh-pubkey-${SSH_USER}-$$.pem -encrypt -pkcs \
| openssl enc -base64
echo "EOF"
echo ""
rm -f /tmp/ssh-pubkey-${SSH_USER}-$$
rm -f /tmp/ssh-pubkey-${SSH_USER}-$$.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment