SSH Infect
A script to manage ssh public key install on servers
#!/bin/bash #set -x DESTHOST=$1 DB_PATH="$HOME/tmp" DB_HOST_PREFIX='ssh_key' packup_dir="${DB_PATH}/$(basename $0)_packup" bin_dir="$HOME/bin" which ssh-add >/dev/null 2>&1 SSH_ADD_PRESENT=$? function list_infected() { cd ${DB_PATH}/ hosts=`ls ${DB_HOST_PREFIX}* 2>/dev/null` for host in $hosts; do echo "- ${host##${DB_HOST_PREFIX}_}" done cd - >/dev/null 2>&1 } function clear_infected() { cd ${DB_PATH} hosts=`ls ${DB_HOST_PREFIX}_$1 2>/dev/null` if [[ "$hosts" == "" ]]; then echo "No matching record found for host: $1" exit 1 fi echo "#==================================================" echo "Following hosts will be cleared" echo "#==================================================" echo ${hosts##${DB_HOST_PREFIX}_}|tr " " "\n" echo "#==================================================" read -p "Confirm [y/n]: " ans if [[ "$ans" == "y" ]]; then key=$(awk '{print $NF}' ~/.ssh/id_rsa.pub) $(ssh $1 "sed -i \"/$key/d\" ~/.ssh/authorized_keys") && echo "Key removed" rm -f $hosts ssh_key_test $1 if [[ "$?" != "0" ]]; then echo "Host $1 cleaned" fi fi cd - >/dev/null 2>&1 } function packup() { rm -rf $packup_dir* packup_dir=${packup_dir}_$(date +%F) mkdir -p ${packup_dir}/{$(basename ${DB_PATH}),$(basename ${bin_dir})} cp -rp ${DB_PATH}/${DB_HOST_PREFIX}* ${packup_dir}/$(basename ${DB_PATH}) cp -rp $0 ${packup_dir}/$(basename ${bin_dir}) cp -rp ~/.ssh ${packup_dir} tar -czf ${packup_dir}.tgz $packup_dir 2>/dev/null echo "Package: ${packup_dir}.tgz" } function startup() { if [[ ! -d $DB_PATH ]]; then echo "DB path is not present" mkdir -p $DB_PATH fi } function ssh_key_gen() { if [[ ! -f ~/.ssh/id_rsa ]]; then [[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add -D ssh-keygen -t rsa -N '' -q -f ~/.ssh/id_rsa [[ $SSH_ADD_PRESENT -eq 0 ]] && ssh-add fi } function ssh_key_test() { ssh -oPasswordAuthentication=no $1 exit 0; return $? } function ssh_key_copy() { SSH_KEY_COPY_CMD="umask 0022; mkdir -p ~/.ssh; chmod 700 ~/.ssh; cat >> ~/.ssh/authorized_keys" ssh_key_test $DESTHOST if [[ "$?" != "0" ]]; then $(cat ~/.ssh/id_rsa.pub |ssh $DESTHOST $SSH_KEY_COPY_CMD) \ && touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST} else touch $DB_PATH/${DB_HOST_PREFIX}_${DESTHOST} fi } #===============START===================# startup if [[ "$1" == "-l" ]]; then echo "#==================================================" echo "Infected hosts" echo "#==================================================" list_infected elif [[ "$1" == "-c" ]]; then clear_infected $2 elif [[ "$1" == "-p" ]]; then echo "#==================================================" echo "Packing `basename $0` database" echo "#==================================================" packup else ssh_key_gen ssh_key_copy fi