SSH Infect
A script to manage ssh public key install on servers
#!/bin/bash
#set -x
DESTHOST=$1
DB_PATH="$HOME/tmp"
DB_HOST_PREFIX='ssh_key'
packup_dir="${DB_PATH}/$(basename $0)_packup"
bin_dir="$HOME/bin"
which ssh-add >/dev/null 2>&1
SSH_ADD_PRESENT=$?
function list_infected()
{
cd ${DB_PATH}/
hosts=`ls ${DB_HOST_PREFIX}* 2>/dev/null`
for host in $hosts; do
echo "- ${host##${DB_HOST_PREFIX}_}"
done
cd - >/dev/null 2>&1
}
function clear_infected()
{
cd ${DB_PATH}
hosts=`ls ${DB_HOST_PREFIX}_$1 2>/dev/null`
if [[ "$hosts" == "" ]]; then
echo "No matching record found for host: $1"
exit 1
fi
echo "#=================================================="
echo "Following hosts will be cleared"
echo "#=================================================="
echo ${hosts##${DB_HOST_PREFIX}_}|tr " " "\n"
echo "#=================================================="
read -p "Confirm [y/n]: " ans
if [[ "$ans" == "y" ]]; then
key=$(awk '{print $NF}' ~/.ssh/id_rsa.pub)
$(ssh $1 "sed -i \"/$key/d\" ~/.ssh/authorized_keys") && echo "Key removed"
rm -f $hosts
ssh_key_test $1
if [[ "$?" != "0" ]]; then
echo "Host $1 cleaned"
fi
fi
cd - >/dev/null 2>&1
}
function packup()
{
rm -rf $packup_dir*
packup_dir=${packup_dir}_$(date +%F)
mkdir -p ${packup_dir}/{$(basename ${DB_PATH}),$(basename ${bin_dir})}
cp -rp ${DB_PATH}/${DB_HOST_PREFIX}* ${packup_dir}/$(basename ${DB_PATH})
cp -rp $0 ${packup_dir}/$(basename ${bin_dir})
cp -rp ~/.ssh ${packup_dir}
tar -czf ${packup_dir}.tgz $packup_dir 2>/dev/null
echo "Package: ${packup_dir}.tgz"
}
function startup()
{
if [[ ! -d $DB_PATH ]]; then
echo "DB path is not present"
mkdir -p $DB_PATH
fi
}
function ssh_key_gen()
{
if [[ ! -f ~/.ssh/id_rsa ]]; then
[[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add -D
ssh-keygen -t rsa -N '' -q -f ~/.ssh/id_rsa
[[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add
fi
}
function ssh_key_test()
{
ssh -oPasswordAuthentication=no $1 exit 0;
return $?
}
function ssh_key_copy()
{
SSH_KEY_COPY_CMD="umask 0022; mkdir -p ~/.ssh; chmod 700 ~/.ssh; cat >> ~/.ssh/authorized_keys"
ssh_key_test $DESTHOST
if [[ "$?" != "0" ]]; then
$(cat ~/.ssh/id_rsa.pub |ssh $DESTHOST $SSH_KEY_COPY_CMD) \
&& touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST}
else
touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST}
fi
}
#===============START===================#
startup
if [[ "$1" == "-l" ]]; then
echo "#=================================================="
echo "Infected hosts"
echo "#=================================================="
list_infected
elif [[ "$1" == "-c" ]]; then
clear_infected $2
elif [[ "$1" == "-p" ]]; then
echo "#=================================================="
echo "Packing `basename $0` database"
echo "#=================================================="
packup
else
ssh_key_gen
ssh_key_copy
fi
Chandan Dutta Chowdhury 