Der ssh-pubkeymgr ist leicht modifiziert. Ein Blick auf das Skript zeigt,
inwiefern es für den Einsatz im Echtbetrieb der Nutzerumgebung geeignet ist.
Das Originalskript in der Source-Distribution ssh-3.2.0 war jedenfalls fehlerhaft.
Folgende Aufgaben löst der Manager:
#!/bin/sh # # ssh-pubkeymgr - A user public key manager for Secure Shell # # Author: Anne Carasik# Olaf Jörk (Anpassung an RM-Systeme) # # Copyright (C) 2000 SSH Communications Security Corp, Helsinki, Finland # All rights reserved. # # It's too much of a pain to create the public key files like identification # and authorization. This quick little script runs ssh-keygen2, then creates # the identification and authorization files. Then it runs scp to the remote # system to copy the public keys there. ######################### ChangeLog ########################################### # 18 August 2000 - removed downloading hostkeys because you get them anyway # during the first connection :) # # 12 February 2001 - removed hostname -s because too many bugs were being # reported from it. Also added config file checks for publickey authentication. # And comments. Many, many, many more comments. # # 18 June 2001 - fixed stupid bug where it should have been $keypair # instead of $user-$host. duh. # # 3 Jan 2003 - handles different echos (SysV/Linux), fixed upload bug, # removed some unnecessary messages (Jörk) # ######################### ChangeLog ########################################### ssh2config=/etc/ssh2/ssh2_config sshd2config=/etc/ssh2/sshd2_config ############################################################ # Some basic checks... # ############################################################ ## Set the default keypair to id_dsa_1024_a for keypair="id_dsa_1024_a" ## Check for compatibility for the $LOGNAME instead of $USER if [ -z "$USER" ] then if [ -n "$LOGNAME" ] then USER=$LOGNAME else USER=`whoami` fi fi ## discovery the system running on system=`uname -s` case $system in Linux ) echostr='echo -e';; ReliantUNIX-N ) echostr='echo';; * ) echostr='echo';; esac ## Set the hostname if [ -z "$HOSTNAME" ]; then HOSTNAME=`uname -n` $echostr "Setting host to $HOSTNAME" fi ############################################################ # Check the command line options. # ############################################################ if [ $# -eq 0 ] then $echostr "Running ssh-pubkeymgr .. " else while [ -n "$1" ] do case $1 in -k) keypair="$2" $echostr "Running ssh-pubkeymgr with keypair ($keypair) .." shift 2 ;; -h) $echostr "SSH Secure Shell user public key manager" $echostr "Usage: ssh-pubkeymgr [-k keypair]\n" $echostr "Type man ssh-pubkeymgr for more information." exit ;; *) $echostr "Usage: ssh-pubkeymgr [-k keypair]\n" $echostr "Type man ssh-pubkeymgr for more information." exit esac done fi ############################################################################# # Checking the configuration files to make sure so publickey authentication # # will work. Otherwise, program will exit with the return status of 1. # ############################################################################# ## Need to check ~/.ssh2/ssh2_config as well.. clientconfigcontains=`egrep '^[^#].*(AllowedAuth|RequiredAuth).*publickey' $ssh2config` # Commented out because user may not want to allow server to have publickey # authentication. # serverconfigcontains=`egrep '^[^#].*(AllowedAuth|RequiredAuth).*publickey' $sshd2config` $echostr "Checking for publickey authentication to be enabled in the client config.. \c" if [ -z "$clientconfigcontains" ] then $echostr "no." $echostr "Nothing found in $ssh2config. Add publickey" $echostr "authentication to AllowedAuthentications or RequiredAuthentications" $echostr "then restart ssh-pubkeymgr." exit 1 else $echostr "yes." fi $echostr "Checking for publickey authentication to be enabled in the server config.. \c" if [ -z "$serverconfigcontains" ] then $echostr "no." $echostr "Nothing found in $sshd2config. Add publickey" $echostr "authentication to AllowedAuthentications or RequiredAuthentications" $echostr "then restart ssh-pubkeymgr." exit 1 else $echostr "yes." fi ############################################################################# # Checking DSA public keys. Currently, there is no support for PGP or RSA # # public keys; however that will change. # ############################################################################# $echostr "Checking for existing user public keys.. \c" ## Check for the user's DSA keypair if [ -s "$HOME/.ssh2/$keypair" -a "$HOME/.ssh2/$keypair.pub" ] then $echostr "already have one." else $echostr "Couldn't find your DSA keypair.. I'll generate you a new set.." $echostr "Running ssh-keygen2... don't forget to give it a passphrase!\n" ssh-keygen2 fi ############################################################################# # Setup the identification file. This is so when you login, the client # # recognizes which private key you're using. # ############################################################################# ## Check for $HOME/.ssh2/identification if [ -s "$HOME/.ssh2/identification" ] then $echostr "You already have an identity file, skipping.." else $echostr "Creating your identity file.." $echostr IdKey $keypair > $HOME/.ssh2/identification fi ############################################################################# # Setup the authorization file. This is so when you login, the server # # recognizes your public key. # ############################################################################# ## Check for $HOME/.ssh2/authorization if [ -s "$HOME/.ssh2/authorization" ] then $echostr "You already have an authorization file, skipping.." else $echostr "Creating your authorization file.." touch $HOME/.ssh2/authorization fi ## Ask the user for the hostname of which remote hosts to add. # $echostr "The next section allows you to add hosts that you wish to login from" # $echostr "using public key authentication.\n" $echostr "Do you want to add any hosts to your authorization file? (y[es]) \c" while read addhosts do case "$addhosts" in "" | [yY] | [yY][eE][sS]) $echostr "\nType in their hostname, press return after each one." $echostr "Add which user?" read user $echostr "Add which host?" read host $echostr Key $user-$host.pub >> $HOME/.ssh2/authorization $echostr "You added $user at $host as a trusted login." $echostr "Press return to continue or Ctrl-D to exit." ;; [nN] | [nN][oO]) $echostr "Skipping editing the authorization file.." break esac done $echostr "All the new files are in your $HOME/.ssh2 directory." ########################################################################### # Send your public key to remote servers so you can login to them. # # Don't forget that you need to add this key to the ~/.ssh2/authorization # # file on the remote server. # ########################################################################### # $echostr"Nowthat you have your public keypair generated, you can copy your public" # $echostr "key up to remote hosts so you can login to them using public key" # $echostr"authentication. You also need to add this key," $USER"@"$HOSTNAME".pub," # $echostr "to the ~/.ssh2/authorization file on the server.\n" $echostr "Do you want to upload " $USER"@"$HOSTNAME" key to a remote host? (y[es]) \c" while read uploadhost do case "$uploadhost" in "" | [yY] | [yY][eE][sS]) $echostr "Upload to which host?" read host $echostr "Which user account?" read user $echostr "Where is the " $user"'s home directory? " $echostr "(e.g. /home/anne, /u/ahc, etc.)" read homedir # Run scp2 to copy the file $echostr "Now running scp2 to connect to "$host".." $echostr "Most likely you'll have to type a password :)" scp2 $HOME/.ssh2/$keypair.pub \ $user@$host:$homedir/.ssh2/$USER-$HOSTNAME.pub $echostr "\nPress return to upload to more hosts or Ctrl-D to exit." ;; [nN] | [nN][oO]) $echostr "Skipping local user public key uploads.." break ;; esac done $echostr "$0 finished."