Last active
December 2, 2023 23:54
-
-
Save Cubixmeister/b7c83671a628eaf2d44da4b49845d234 to your computer and use it in GitHub Desktop.
samber/sync-ssh-keys quick install script - synchronize your ssh keys from github on every login
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| set -ex | |
| if [[ -z "$SYNC_GH_ORG" ]]; then | |
| read -p "Enter Github Org: " SYNC_GH_ORG | |
| fi | |
| if [[ -z "$SYNC_GH_TEAM" ]]; then | |
| read -p "Enter Github Team: " SYNC_GH_TEAM | |
| fi | |
| if [[ -z "$SYNC_GH_TOKEN" ]]; then | |
| read -p "Enter Github Token: " SYNC_GH_TOKEN | |
| fi | |
| wget -q "https://github.com/samber/sync-ssh-keys/releases/download/v0.5.0/sync-ssh-keys_0.5.0_linux-amd64" -O /usr/local/bin/sync-ssh-keys | |
| chmod 555 /usr/local/bin/sync-ssh-keys | |
| # test settings | |
| /usr/local/bin/sync-ssh-keys --Werror=WERROR --github-org $SYNC_GH_ORG --github-team $SYNC_GH_TEAM --github-token $SYNC_GH_TOKEN >> /dev/null | |
| groupadd sync-ssh-keys || true | |
| # echo to eof to file | |
| cat << EOF > /etc/ssh/sshd_config.d/sync-ssh-keys.conf | |
| Match Group sync-ssh-keys | |
| AuthorizedKeysCommand /usr/local/bin/sync-ssh-keys --github-org $SYNC_GH_ORG --github-team $SYNC_GH_TEAM --github-token $SYNC_GH_TOKEN | |
| AuthorizedKeysCommandUser nobody | |
| EOF | |
| chmod 400 /etc/ssh/sshd_config.d/sync-ssh-keys.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script to fetch, cache and print ssh pubkeys from github org | |
| # According to man sshd_config(5) page this script should run after authorized_keys is tried | |
| # Set in sshd_config to use: | |
| # AuthorizedKeysCommand print-keys %h %u | |
| # AuthorizedKeysCommandUser root | |
| # | |
| # Copied from m6.craftseerve.pl /usr/local/bin/print-keys - written by Lumpiasty | |
| if [ -z "$1" ]; then | |
| echo "Usage: $0 <homedir> <username>" | |
| exit 1; | |
| fi | |
| # Make sure .ssh exists | |
| mkdir -pm 0700 $1/.ssh | |
| chown $2 $1/.ssh | |
| # Get last modification of github_keys | |
| lastmod=$(stat -c %Y $1/.ssh/github_keys) | |
| exists=$? | |
| # Get oldest allowed date | |
| oldest=$(date --date="1 hour ago" +%s) | |
| # If doesn't exist older than oldest allowed get new keys | |
| if [ $exists != "0" ] || [ $lastmod -lt $oldest ] ; then | |
| sync-ssh-keys --github-org $SYNC_GH_ORG --github-team $SYNC_GH_TEAM --github-token $SYNC_GH_TOKEN -o $1/.ssh/github_keys | |
| fi | |
| # Print result | |
| cat $1/.ssh/github_keys |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment