aboutsummaryrefslogtreecommitdiffstats
path: root/mod/ssh-keys-import.rsc
blob: f67c0fc0cbd5a3a3162cd09a0f524126c264afb3 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!rsc by RouterOS
# RouterOS script: mod/ssh-keys-import
# Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
#
# requires RouterOS, version=7.14
#
# import ssh keys for public key authentication
# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md

:global SSHKeysImport;
:global SSHKeysImportFile;

# import single key passed as string
:set SSHKeysImport do={
  :local Key  [ :tostr $1 ];
  :local User [ :tostr $2 ];

  :global CharacterReplace;
  :global GetRandom20CharAlNum;
  :global LogPrint;
  :global MkDir;
  :global WaitForFile;

  :if ([ :len $Key ] = 0 || [ :len $User ] = 0) do={
    $LogPrint warning $0 ("Missing argument(s), please pass key and user!");
    :return false;
  }

  :if ([ :len [ /user/find where name=$User ] ] = 0) do={
    $LogPrint warning $0 ("User '" . $User . "' does not exist.");
    :return false;
  }

  :local KeyVal [ :toarray [ $CharacterReplace $Key " " "," ] ];
  :if (!($KeyVal->0 = "ssh-ed25519" || $KeyVal->0 = "ssh-rsa")) do={
    $LogPrint warning $0 ("SSH key of type '" . $KeyVal->0 . "' is not supported.");
    :return false;
  }

  :local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ];

  :if ([ :len [ /user/ssh-keys/find where user=$User key-owner~("\\bmd5=" . $FingerPrintMD5 . "\\b") ] ] > 0) do={
    $LogPrint warning $0 ("The ssh public key (MD5:" . $FingerPrintMD5 . \
      ") is already available for user '" . $User . "'.");
    :return false;
  }

  :if ([ $MkDir "tmpfs/ssh-keys-import" ] = false) do={
    $LogPrint warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!");
    :return false;
  }

  :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub");
  /file/add name=$FileName contents=($Key . ", md5=" . $FingerPrintMD5);
  $WaitForFile $FileName;

  :do {
    /user/ssh-keys/import public-key-file=$FileName user=$User;
    $LogPrint info $0 ("Imported ssh public key (" . $KeyVal->2 . ", " . $KeyVal->0 . ", " . \
      "MD5:" . $FingerPrintMD5 . ") for user '" . $User . "'.");
    /file/remove "tmpfs/ssh-keys-import";
  } on-error={
    $LogPrint warning $0 ("Failed importing key.");
    /file/remove "tmpfs/ssh-keys-import";
    :return false;
  }
}

# import keys from a file
:set SSHKeysImportFile do={
  :local FileName [ :tostr $1 ];
  :local User     [ :tostr $2 ];

  :global EitherOr;
  :global LogPrint;
  :global ParseKeyValueStore;
  :global SSHKeysImport;

  :if ([ :len $FileName ] = 0 || [ :len $User ] = 0) do={
    $LogPrint warning $0 ("Missing argument(s), please pass file name and user!");
    :return false;
  }

  :local File [ /file/find where name=$FileName ];
  :if ([ :len $File ] = 0) do={
    $LogPrint warning $0 ("File '" . $FileName . "' does not exist.");
    :return false;
  }
  :local Keys [ :tolf [ /file/get $FileName contents ] ];

  :foreach KeyVal in=[ :deserialize $Keys delimiter=" " from=dsv options=dsv.plain ] do={
    :local Continue false;
    :if ($KeyVal->0 = "ssh-ed25519" || $KeyVal->0 = "ssh-rsa") do={
      :do {
        $SSHKeysImport ($KeyVal->0 . " " . $KeyVal->1 . " " . $KeyVal->2) $User;
      } on-error={
        $LogPrint warning $0 ("Failed importing key for user '" . $User . "'.");
      }
      :set Continue true;
    }
    :if ($Continue = false && $KeyVal->0 = "#") do={
      :set User [ $EitherOr ([ $ParseKeyValueStore ($KeyVal->1) ]->"user") $User ];
      :set Continue true;
    }
    :if ($Continue = false && [ :len ($KeyVal->0) ] > 0) do={
      $LogPrint warning $0 ("SSH key of type '" . $KeyVal->0 . "' is not supported.");
    }
  }
}