Skip to content

Instantly share code, notes, and snippets.

@dhensby
Last active September 17, 2018 12:42
Show Gist options
  • Save dhensby/f30e4f0825a251561961 to your computer and use it in GitHub Desktop.
Save dhensby/f30e4f0825a251561961 to your computer and use it in GitHub Desktop.
Script to update SSH keys for a user from a github gist - uses jq or python as a fallback
#!/usr/bin/env bash
USER=''
HOME_DIR=''
DEBUG=false
GIST_ID=''
USE_PYTHON=0
function requirejq {
which jq
if [ "$?" -ne "0" ]; then
debug "jq not installed, attempting install"
which apt-get
local APT_GET="$?"
which apt
local APT="$?"
which yum
local YUM="$?"
which dnf
local DNF="$?"
if [ "$APT_GET" -eq "0" ]; then
debug "Attempting to install with apt-get"
apt-get install -y jq
elif [ "$APT" -eq "0" ]; then
debug "Attempting to install with apt"
apt install -y jq
elif [ "$YUM" -eq "0" ]; then
debug "Attempting to install with yum"
yum install -y jq
elif [ "$DNF" -eq "0" ]; then
debug "Attempting to install with dnf"
dnf install -y jq
else
echo "Can't proceed, jq needs to be installed"
exit 1
fi
if [ "$?" -ne "0" ]; then
echo "Failed to install jq"
exit 1
fi
fi
}
function setuser {
if [ -z "$1" ]; then
echo "RUNTIME EXCEPTION: No user supplied"
exit 1
fi
debug "Setting user $1"
USER="$1"
HOME_DIR="$(eval echo ~$USER)"
debug "Set home dir to: ${HOME_DIR}"
return 0
}
function debug {
${DEBUG} && echo "$@"
return 0
}
function addkeys {
# ensure the user has an ~/.ssh/ dir
debug "Adding .ssh dir for user"
mkdir -p -m 700 "${HOME_DIR}/.ssh/"
# If the authorized keys file exists, remove our managed keys
if [ -f "${HOME_DIR}/.ssh/authorized_keys" ]; then
debug "authorized keys file exists, removing automatically managed keys"
sed -i '/### AUTOMATICALLY MANAGED KEYS ###/,/### END OF AUTOMATICALLY MANAGED KEYS ###/d' "${HOME_DIR}/.ssh/authorized_keys"
else
debug "Authorized keys file doesn't exist, adding it"
touch "${HOME_DIR}/.ssh/authorized_keys"
fi
debug "Adding automatically managed keys"
# Add our keys to the authorized keys file
echo '### AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
#loop over lines in file
# This is looping over each word and not each line
while read -r line; do
if [[ "${line}" == \#* ]]; then
continue
fi
debug "Adding key: ${line}"
echo "${line}" >> "${HOME_DIR}/.ssh/authorized_keys"
done <<< "${KEYS}"
echo '### END OF AUTOMATICALLY MANAGED KEYS ###' >> "${HOME_DIR}/.ssh/authorized_keys"
debug "finished adding keys"
debug "Ensuring ownership of .ssh is correct"
# ensure ownership and permissions are correct
chown -R "${USER}:" "${HOME_DIR}/.ssh"
debug "Making sure authorized keys file permissions are set correctly"
chmod 0600 "${HOME_DIR}/.ssh/authorized_keys"
return 0
}
while getopts "u:g:dp" OPTION; do
case ${OPTION} in
u ) setuser "${OPTARG}"
;;
g ) GIST_ID="${OPTARG}"
;;
d ) DEBUG=true
;;
p ) USE_PYTHON=1
;;
esac
done
if [ -z "${USER}" ]; then
setuser `whoami`
fi
if [ -z "${GIST_ID}" ]; then
echo "MISSING ARGUMENT: Gist ID (-g) required"
exit 1
fi
if [ "$USE_PYTHON" -ne "0" ]; then
cat >/tmp/gistparser.py <<EOF
#!/usr/bin/env python
from urllib2 import urlopen
from urllib2 import HTTPError
import json
import sys
url = 'https://api.github.com/gists/$GIST_ID'
try:
response = urlopen(url)
except HTTPError:
sys.exit(1)
json_obj = json.loads(response.read())
for i in json_obj['files']:
print json_obj['files'][i]['content']
EOF
chmod +x /tmp/gistparser.py
KEYS="$(/tmp/gistparser.py)"
else
requirejq
KEYS="$(curl -s -H 'accept: application/vnd.github.v3+json' https://api.github.com/gists/$GIST_ID | jq -r '.files[].content')"
fi
if [ -n "${KEYS}" ]; then
addkeys
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment