SSH Infect

SSH Infect

infect_demo

A script to manage ssh public key install on servers

#!/bin/bash
#set -x

DESTHOST=$1
DB_PATH="$HOME/tmp"
DB_HOST_PREFIX='ssh_key'
packup_dir="${DB_PATH}/$(basename $0)_packup"
bin_dir="$HOME/bin"

which ssh-add >/dev/null 2>&1
SSH_ADD_PRESENT=$?

function list_infected()
{
    cd ${DB_PATH}/
    hosts=`ls ${DB_HOST_PREFIX}* 2>/dev/null`

    for host in $hosts; do
            echo "- ${host##${DB_HOST_PREFIX}_}"
    done
    cd - >/dev/null 2>&1
}

function clear_infected()
{
    cd ${DB_PATH}
    hosts=`ls ${DB_HOST_PREFIX}_$1 2>/dev/null`
    if [[ "$hosts" == "" ]]; then
        echo "No matching record found for host: $1"
        exit 1
    fi
    echo "#=================================================="
    echo "Following hosts will be cleared"
    echo "#=================================================="
    echo ${hosts##${DB_HOST_PREFIX}_}|tr " " "\n"
    echo "#=================================================="
    read -p "Confirm [y/n]: " ans
    if [[ "$ans" == "y" ]]; then
        key=$(awk '{print $NF}' ~/.ssh/id_rsa.pub)
        $(ssh $1 "sed -i \"/$key/d\" ~/.ssh/authorized_keys") && echo "Key removed"
        rm -f $hosts

        ssh_key_test $1
        if [[ "$?" != "0" ]]; then
            echo "Host $1 cleaned"
        fi
    fi
    cd - >/dev/null 2>&1
}

function packup()
{

    rm -rf $packup_dir*
    packup_dir=${packup_dir}_$(date +%F)
    mkdir -p ${packup_dir}/{$(basename ${DB_PATH}),$(basename ${bin_dir})}
    cp -rp ${DB_PATH}/${DB_HOST_PREFIX}* ${packup_dir}/$(basename ${DB_PATH})
    cp -rp $0 ${packup_dir}/$(basename ${bin_dir})
    cp -rp ~/.ssh ${packup_dir}
    tar -czf ${packup_dir}.tgz $packup_dir 2>/dev/null
    echo "Package: ${packup_dir}.tgz"
}

function startup()
{
    if [[ ! -d $DB_PATH ]]; then
        echo "DB path is not present"
        mkdir -p $DB_PATH
    fi

}

function ssh_key_gen()
{
    if [[ ! -f ~/.ssh/id_rsa ]]; then
        [[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add -D
        ssh-keygen -t rsa -N '' -q -f ~/.ssh/id_rsa
        [[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add
    fi
}

function ssh_key_test()
{
    ssh -oPasswordAuthentication=no $1 exit 0;
    return $?

}

function ssh_key_copy()
{
    SSH_KEY_COPY_CMD="umask 0022; mkdir -p ~/.ssh; chmod 700 ~/.ssh; cat >> ~/.ssh/authorized_keys"
    ssh_key_test $DESTHOST
    if [[ "$?" != "0" ]]; then
        $(cat ~/.ssh/id_rsa.pub |ssh $DESTHOST $SSH_KEY_COPY_CMD) \
                && touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST}
    else
        touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST}
    fi
}

#===============START===================#
startup

if [[ "$1" == "-l" ]]; then
    echo "#=================================================="
    echo "Infected hosts"
    echo "#=================================================="
    list_infected
elif [[ "$1" == "-c" ]]; then
    clear_infected $2
elif [[ "$1" == "-p" ]]; then
    echo "#=================================================="
    echo "Packing `basename $0` database"
    echo "#=================================================="
    packup
else
    ssh_key_gen
    ssh_key_copy
fi

Advertisements

Published by

Chandan Dutta Chowdhury

Software Engineer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s