aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2023-04-04 16:27:23 +0200
committerGravatar Christian Hesse <mail@eworm.de>2023-04-26 10:31:23 +0200
commitc8500dddd01ef10128eca0e4176050ef087a3918 (patch)
tree9205cfd2814f651cbcf28882d52bcf78d76f4c03
parenta3a7e5be4b77a6f879dd318d67d40390d643d391 (diff)
mod/ssh-keys-import: make ssh-keys-import a modulerouteros-7.9beta4-3change-100
-rw-r--r--README.md2
-rw-r--r--doc/mod/ssh-keys-import.md59
-rw-r--r--doc/ssh-keys-import.md35
-rw-r--r--global-functions.rsc2
-rw-r--r--mod/ssh-keys-import.rsc84
-rw-r--r--news-and-changes.rsc2
-rw-r--r--ssh-keys-import.rsc11
7 files changed, 149 insertions, 46 deletions
diff --git a/README.md b/README.md
index 14a5680..1d6bc9b 100644
--- a/README.md
+++ b/README.md
@@ -225,7 +225,6 @@ Available scripts
* [Run scripts on ppp connection](doc/ppp-on-up.md)
* [Act on received SMS](doc/sms-action.md)
* [Forward received SMS](doc/sms-forward.md)
-* [Import SSH keys](doc/ssh-keys-import.md)
* [Play Super Mario theme](doc/super-mario-theme.md)
* [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md)
* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md)
@@ -243,6 +242,7 @@ Available modules
* [Send notifications via Matrix](doc/mod/notification-matrix.md)
* [Send notifications via Telegram](doc/mod/notification-telegram.md)
* [Download script and run it once](doc/mod/scriptrunonce.md)
+* [Import ssh keys for public key authentication](doc/mod/ssh-keys-import.md)
Installing custom scripts & modules
-----------------------------------
diff --git a/doc/mod/ssh-keys-import.md b/doc/mod/ssh-keys-import.md
new file mode 100644
index 0000000..2f631a7
--- /dev/null
+++ b/doc/mod/ssh-keys-import.md
@@ -0,0 +1,59 @@
+Import ssh keys for public key authentication
+=============================================
+
+[⬅️ Go back to main README](../../README.md)
+
+![required RouterOS version](https://img.shields.io/badge/RouterOS-7.9beta4-yellow?style=flat)
+
+> ℹ️️ **Info**: This module can not be used on its own but requires the base
+> installation. See [main README](../../README.md) for details.
+
+Description
+-----------
+
+RouterOS supports ssh login with public key authentication. The functions
+in this module help importing the keys.
+
+Requirements and installation
+-----------------------------
+
+Just install the module:
+
+ $ScriptInstallUpdate mod/ssh-keys-import;
+
+Usage and invocation
+--------------------
+
+### Import single key from terminal
+
+Call the function `$SSHKeysImport` with key and user as parameter to
+import that key:
+
+ $SSHKeysImport "ssh-rsa ssh-rsa AAAAB3Nza...QYZk8= user" admin;
+
+The third part of the key (`user` in this example) is inherited as
+`key-owner` in RouterOS.
+
+### Import several keys from file
+
+The functions `$SSHKeysImportFile` can read an `authorized_keys`-style file
+and import all the keys. The user given to the function can be overwritting
+from comments in the file. Create a file `keys.pub` with this content:
+
+```
+ssh-rsa AAAAB3Nza...QYZk8= user@client
+ssh-rsa AAAAB3Nza...ozyts= worker@station
+# user=example
+ssh-rsa AAAAB3Nza...GXQVk= person@host
+```
+
+Then import it with:
+
+ $SSHKeysImportFile keys.pub admin;
+
+This will import the first two keys for user `admin` (as given to function)
+and the third one for user `example` (as defined in comment).
+
+---
+[⬅️ Go back to main README](../../README.md)
+[⬆️ Go back to top](#top)
diff --git a/doc/ssh-keys-import.md b/doc/ssh-keys-import.md
index 2dd6c42..d1325aa 100644
--- a/doc/ssh-keys-import.md
+++ b/doc/ssh-keys-import.md
@@ -1,33 +1,2 @@
-Import SSH keys
-===============
-
-[⬅️ Go back to main README](../README.md)
-
-Description
------------
-
-This script imports public SSH keys (files with extension "`pub`") into
-local store for user authentication.
-
-Requirements and installation
------------------------------
-
-Just install the script:
-
- $ScriptInstallUpdate ssh-keys-import;
-
-Usage and invocation
---------------------
-
-Copy files with extension "`pub`" containing public SSH keys for your device.
-Then run the script:
-
- /system/script/run ssh-keys-import;
-
-Starting with an `authorized_keys` file you can split it on a shell:
-
- grep -E '^ssh-rsa' authorized_keys | nl -nrz | while read num type key name; do echo $type $key $name > $num-$name.pub; done
-
----
-[⬅️ Go back to main README](../README.md)
-[⬆️ Go back to top](#top)
+This script has been replaced by a module. Please see
+[Import ssh keys for public key authentication](mod/ssh-keys-import.md).
diff --git a/global-functions.rsc b/global-functions.rsc
index e6b1d36..4ec5857 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -12,7 +12,7 @@
:local 0 "global-functions";
# expected configuration version
-:global ExpectedConfigVersion 99;
+:global ExpectedConfigVersion 100;
# global variables not to be changed by user
:global GlobalFunctionsReady false;
diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc
new file mode 100644
index 0000000..6f47314
--- /dev/null
+++ b/mod/ssh-keys-import.rsc
@@ -0,0 +1,84 @@
+#!rsc by RouterOS
+# RouterOS script: mod/ssh-keys-import
+# Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# requires RouterOS, version=7.9beta4
+#
+# import ssh keys for public key authentication
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md
+
+:global SSHKeysImport;
+:global SSHKeysImportFile;
+
+# import single key passed as string
+:set SSHKeysImport do={
+ :local Key [ :tostr $1 ];
+ :local User [ :tostr $2 ];
+
+ :global GetRandom20CharAlNum;
+ :global LogPrintExit2;
+ :global MkDir;
+ :global WaitForFile;
+
+ :if ([ :len $Key ] = 0 || [ :len $User ] = 0) do={
+ $LogPrintExit2 warning $0 ("Missing argument(s), please pass key and user!") true;
+ }
+
+ :if ([ :len [ /user/find where name=$User ] ] = 0) do={
+ $LogPrintExit2 warning $0 ("User '" . $User . "' does not exist.") true;
+ }
+
+ :if ([ $MkDir "tmpfs/ssh-keys-import" ] = false) do={
+ $LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true;
+ }
+
+ :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub");
+ /file/add name=$FileName contents=$Key;
+ $WaitForFile $FileName;
+
+ :do {
+ /user/ssh-keys/import public-key-file=$FileName user=$User;
+ } on-error={
+ $LogPrintExit2 warning $0 ("Failed importing key.") true;
+ }
+}
+
+# import keys from a file
+:set SSHKeysImportFile do={
+ :local FileName [ :tostr $1 ];
+ :local User [ :tostr $2 ];
+
+ :global EitherOr;
+ :global LogPrintExit2;
+ :global ParseKeyValueStore;
+ :global SSHKeysImport;
+
+ :if ([ :len $FileName ] = 0 || [ :len $User ] = 0) do={
+ $LogPrintExit2 warning $0 ("Missing argument(s), please pass file name and user!") true;
+ }
+
+ :local File [ /file/find where name=$FileName ];
+ :if ([ :len $File ] = 0) do={
+ $LogPrintExit2 warning $0 ("File '" . $FileName . "' does not exist.") true;
+ }
+ :local Keys ([ /file/get $FileName contents ] . "\n");
+
+ :do {
+ :local Continue false;
+ :local Line [ :pick $Keys 0 [ :find $Keys "\n" ] ];
+ :set Keys [ :pick $Keys ([ :find $Keys "\n" ] + 1) [ :len $Keys ] ];
+ :local Type [ :pick $Line 0 [ :find $Line " " ] ];
+ :if ($Type = "ssh-rsa") do={
+ $SSHKeysImport $Line $User;
+ :set Continue true;
+ }
+ :if ($Continue = false && $Type = "#") do={
+ :set User [ $EitherOr ([ $ParseKeyValueStore [ :pick $Line 2 [ :len $Line ] ] ]->"user") $User ];
+ :set Continue true;
+ }
+ :if ($Continue = false && [ :len $Type ] > 0) do={
+ $LogPrintExit2 warning $0 ("SSH key of type '" . $Type . "' is not supported.") false;
+ }
+ } while=([ :len $Keys ] > 0);
+}
diff --git a/news-and-changes.rsc b/news-and-changes.rsc
index 7087c6c..1e43722 100644
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@@ -13,9 +13,11 @@
97="Modified 'dhcp-to-dns' to always add A records for names with mac address, and optionally add CNAME records if the host name is available.";
98="Extended 'check-certificates' to download new certificate by SubjectAltNames if download by CommonName fails.";
99="Modified 'dhcp-to-dns', which dropped global configuration. Settings moved to dhcp server's network definitions.";
+ 100="The script 'ssh-keys-import' became a module 'mod/ssh-keys-import' with enhanced functionality.";
};
# Migration steps to be applied on script updates
:global GlobalConfigMigration {
97=":local Rec [ /ip/dns/static/find where comment~\"^managed by dhcp-to-dns for \" ]; :if ([ :len \$Rec ] > 0) do={ /ip/dns/static/remove \$Rec; /system/script/run dhcp-to-dns; }";
+ 100=":global ScriptInstallUpdate; :if ([ :len [ /system/script/find where name=\"ssh-keys-import\" source~\"^#!rsc by RouterOS\\n\" ] ] > 0) do={ /system/script/set name=\"mod/ssh-keys-import\" ssh-keys-import; \$ScriptInstallUpdate; }";
};
diff --git a/ssh-keys-import.rsc b/ssh-keys-import.rsc
deleted file mode 100644
index b40a997..0000000
--- a/ssh-keys-import.rsc
+++ /dev/null
@@ -1,11 +0,0 @@
-#!rsc by RouterOS
-# RouterOS script: ssh-keys-import
-# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
-# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
-#
-# import ssh keys from file
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/ssh-keys-import.md
-
-:foreach Key in=[ /file/find where type="ssh key" ] do={
- /user/ssh-key/import user=admin public-key-file=[ /file/get $Key name ];
-}