diff --git a/CHANGELOG.md b/CHANGELOG.md index 1741582..47756a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## master (unreleased) -* No entry +* Add 'key setup' command (easy SSH key installation) ## v1.3.0 (2017-11-23) diff --git a/README.md b/README.md index 915df77..a80c642 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,8 @@ Jump host/Jump server without the jump, a.k.a Transparent SSH bastion * Connect to host using key or password * Admin commands can be run directly or in an interactive shell * User Roles +* User invitations +* Easy authorized_keys installation ## Usage @@ -81,28 +83,18 @@ List hosts ```console config> host ls - ID | NAME | URL | KEY | PASS | GROUPS | COMMENT -+----+------+-------------------------+---------+------+--------+---------+ - 1 | foo | bart@foo.example.org:22 | default | | 1 | + ID | NAME | URL | KEY | PASS | GROUPS | COMMENT ++----+------+-------------------------+---------+------+---------+---------+ + 1 | foo | bart@foo.example.org:22 | default | | default | Total: 1 hosts. config> ``` -Get the default key in authorized_keys format +Add the key to the server ```console -config> key inspect default -[...] - "PubKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvUP/8FedyIe+a+RWU4KvJ1+iZwtWmY9czJubLwN4RcjKHQMzLqWC7pKZHAABCZjLJjVD/3Zb53jZwbh7mysAkocundMpvUL5+Yb4a8lDiflXkdXT9fZCx+ibJBk4jRnKLGIneSzVtFEerEwQKKnKQoCgPkZwCDaL/jHhDlOmAvxqAJrjiy42HXwppX2UuF8zujs6OKHRYJ/Q1vo0caa6/o1eoyXE9OrOwIk+IcAN3YIQi/B1BOlZOQBzHIZz83AFlD2TcPhyYcbxPyKGih84Zr3rQaaP1WiaiPqxzp3s5OhTLthc5XtCSLzmRSLvgC2eFdNhBDB5KLtO2khBkz5ID", -[...] -config> -``` - -Add this key to the server - -```console -$ ssh bart@foo.example.org -> umask 077; mkdir -p .ssh; echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvUP/8FedyIe+a+RWU4KvJ1+iZwtWmY9czJubLwN4RcjKHQMzLqWC7pKZHAABCZjLJjVD/3Zb53jZwbh7mysAkocundMpvUL5+Yb4a8lDiflXkdXT9fZCx+ibJBk4jRnKLGIneSzVtFEerEwQKKnKQoCgPkZwCDaL/jHhDlOmAvxqAJrjiy42HXwppX2UuF8zujs6OKHRYJ/Q1vo0caa6/o1eoyXE9OrOwIk+IcAN3YIQi/B1BOlZOQBzHIZz83AFlD2TcPhyYcbxPyKGih84Zr3rQaaP1WiaiPqxzp3s5OhTLthc5XtCSLzmRSLvgC2eFdNhBDB5KLtO2khBkz5ID >> .ssh/authorized_keys +$ ssh bart@foo.example.org "$(ssh localhost -p 2222 -l admin key setup default)" +$ ``` Profit @@ -172,6 +164,7 @@ key create [-h] [--name=] [--type=] [--length=] [--comment= key inspect [-h] KEY... key ls [-h] key rm [-h] KEY... +key setup [-h] KEY # user management user help diff --git a/shell.go b/shell.go index 43afdf1..6e90c10 100644 --- a/shell.go +++ b/shell.go @@ -903,6 +903,24 @@ GLOBAL OPTIONS: return SSHKeysByIdentifiers(db, c.Args()).Delete(&SSHKey{}).Error }, + }, { + Name: "setup", + Usage: "Return shell command to install key on remote host", + ArgsUsage: "KEY", + Action: func(c *cli.Context) error { + if c.NArg() != 1 { + return cli.ShowSubcommandHelp(c) + } + + // not checking roles, everyone with an account can see how to enroll new hosts + + var key SSHKey + if err := SSHKeysByIdentifiers(db, c.Args()).First(&key).Error; err != nil { + return err + } + fmt.Fprintf(s, "umask 077; mkdir -p .ssh; echo %s sshportal >> .ssh/authorized_keys\n", key.PubKey) + return nil + }, }, }, }, {