diff options
author | eivind <eivind@FreeBSD.org> | 2002-01-31 01:46:32 +0800 |
---|---|---|
committer | eivind <eivind@FreeBSD.org> | 2002-01-31 01:46:32 +0800 |
commit | 4b33eb7c80ae6ea81a9d57b7b67621091f325088 (patch) | |
tree | 168dd8c95cba513bcf95957d2ffeffc53038fe7e /security/safesh | |
parent | dba469644772f9e35e64fec7089163cd014c2b04 (diff) | |
download | freebsd-ports-graphics-4b33eb7c80ae6ea81a9d57b7b67621091f325088.tar.gz freebsd-ports-graphics-4b33eb7c80ae6ea81a9d57b7b67621091f325088.tar.zst freebsd-ports-graphics-4b33eb7c80ae6ea81a9d57b7b67621091f325088.zip |
Upgrade this to V1.1:
- Add support for handling different usernames
- Add file-format support for different ports. There is so far no way to
specify a different port, but the "database" for safesh will not need to
change to accomodate it.
Note that this is NOT compatible with the naming conventions used in 1.0;
as 1.0 was available for 55 minutes yesterday before being marked as
BROKEN, I hope nobody was too much inconvenienced.
Diffstat (limited to 'security/safesh')
-rw-r--r-- | security/safesh/Makefile | 4 | ||||
-rw-r--r-- | security/safesh/src/safesh.1 | 52 | ||||
-rw-r--r-- | security/safesh/src/safesh.sh | 33 |
3 files changed, 54 insertions, 35 deletions
diff --git a/security/safesh/Makefile b/security/safesh/Makefile index 47068e25a16..1f3c0403665 100644 --- a/security/safesh/Makefile +++ b/security/safesh/Makefile @@ -8,15 +8,13 @@ # PORTNAME= safesh -PORTVERSION= 1.0 +PORTVERSION= 1.1 CATEGORIES= security MASTER_SITES= # none DISTFILES= # none MAINTAINER= eivind@FreeBSD.org -BROKEN="Incompatible upgrade coming shortly" - NO_BUILD= yes NO_WRKSUBDIR= yes diff --git a/security/safesh/src/safesh.1 b/security/safesh/src/safesh.1 index d9f3fcff059..ab599b82489 100644 --- a/security/safesh/src/safesh.1 +++ b/security/safesh/src/safesh.1 @@ -53,10 +53,10 @@ When run, .It Normalizes the hostname you are talking about, using the $HOME/.safesh/map file. .It -Checks if the host has an ssh dsa key in $HOME/.safesh, and creates one using +Checks if the user and host has an ssh dsa key in $HOME/.safesh, and creates one using .Xr ssh-keygen 1 if it does not. -The DSA key is stored in $HOME/.safesh/$HOST/dsa_id. +The DSA key is stored in $HOME/.safesh/$USER@$HOST-$PORT/dsa_id. You will be asked for a passphrase when the key is created. Note that if you use the same passphrase for all .Nm @@ -69,7 +69,7 @@ Checks if you have the for this host running, and starts it if not. .It Checks what keys you are supposed to have active when connecting to this host -(the key for the host and any keys listed in $HOME/.safesh/$HOST/extra_keys), +(the key for the host and any keys listed in $HOME/.safesh/$USER@$HOST-$PORT/extra_keys), and which of these are missing from the active agent. .It If any identities were missing from the agent, it executes @@ -78,7 +78,7 @@ to add them to the agent. .It Executes .Xr ssh 1 -with either $HOST or the extra command line supplied by the user. +with either $USER@$HOST or the extra command line supplied by the user. .El .Sh BASIC CONCEPT DESCRIPTION @@ -100,9 +100,6 @@ do authentication forwarding to it. .Bl -tag -width "$HOME/.safesh" -compact .It Pa $HOME is replaced with the path your home directory, -$HOST is replaced with the name of the host you are -.Xr ssh 1 ing -to, .It Pa $HOST is replaced with the name of the host you are running .Nm @@ -131,6 +128,18 @@ $AUTHTARGET is a machine you are to .Pa from $HOST. +The format of $AUTHTARGET is <user>@<somehost>-<someport>, where <user> +defaults to the username you run +.Nm +as, and <someport> default to 22 (and it is not possible to set anything +else at this time.) +.It Pa $USER +is replaced with The username used on $HOST; defaults to the same as the +username you have on $YOURHOST, but will be different if you do safesh +user@host instead of just safesh host. +.It Pa $PORT +The port used on $HOST. +Presently always 22. .El .Sh FILES @@ -142,7 +151,7 @@ Directory containing information for .It Pa $HOME/.safesh/map Mapping file for .Nm , -describing how to map names to their canonical form. +describing how to map host names to their canonical form. This is usually used to map short names to their long form. The format of the file is one mapping per line, what it is mapped from as the first word, what it is mapped to as the second. @@ -152,26 +161,26 @@ the name of the host as the first parameter, and the name of the host with a period (.) at the end as the second parameter. E.g, "freefall.freebsd.org freefall.freebsd.org." -.It Pa $HOME/.safesh/$HOST/ +.It Pa $HOME/.safesh/$USER@$HOST-$PORT/ Directory with data for a particular hostname. Automatically generated on first connect to a host with .Nm . -.It Pa $HOME/.safesh/$HOST/dsa_id -Private key for use against $HOST. +.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id +Private key for use to authenticate as $USER@$HOST. Automatically generated on first connect to a host with .Nm . -.It Pa $HOME/.safesh/$HOST/dsa_id.pub -Public key for use by $HOST. -To connect to $HOST using +.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id.pub +Public key for use by $HOST to authenticate $USER. +To connect to $HOST as $USER using .Nm without giving a password, add the contents of this file to the end of $HOME/.ssh/authorized_keys2. Automatically generated on first connect to a host with .Nm . -.It Pa $HOME/.safesh/$HOST/$AUTHTARGET +.It Pa $HOME/.safesh/$USER@$HOST-$PORT/$AUTHTARGET Private key for use when $HOST authenticates towards $AUTHTARGET. This is used in preference to $HOME/.safesh/$AUTHTARGET/dsa_id for authentication forwarding through $HOST to $AUTHTARGET. @@ -202,17 +211,20 @@ Public key corresponding to the private key described above. .It Pa $HOME/.safesh/$HOST/extra_keys List of extra keys to make available for this host. -Each line in the file is first attempted matched against the host database in -$HOME/.safesh/. -If a key exists here, +Each line in the file is first attempted matched against the host/user/port +database in $HOME/.safesh/. +Username and/or port is added if just the hostname is specified extra_keys, and +the hostname is always normalized using the map file. +If a key exists in $HOME/.safesh/, .Nm attempts to add that. -Otherwise, it first tries to look for a file of this name relative to /, then +Otherwise, it first tries to look for the line as a file relative to /, then relative to $HOME. If it does not find either of these, .Nm will exit with an error message. -If it finds one, it will add it. +If it finds one, it will add it using +.Xr ssh-add 1 . .It Pa $HOME/.safesh/$HOST/activeagent-$YOURHOST.sh Bourne shell (see diff --git a/security/safesh/src/safesh.sh b/security/safesh/src/safesh.sh index d1a74a8e7a1..bd741796451 100644 --- a/security/safesh/src/safesh.sh +++ b/security/safesh/src/safesh.sh @@ -1,7 +1,12 @@ #!/bin/sh -HOST=$1 AKEYS=${HOME}/.safesh/ +# Use username as supplied on the command line if user@host syntax is used, +# otherwise use the presently active username +USER=`whoami` +USER=`echo $1 | sed -e "/^[^@]*\$/s/.*/$USER/" -e "/@/s/\\(.*\\)@.*/\\1/"` +# Use hostname as supplied on commandline, without username +HOST=`echo $1 | sed -e 's/.*@//' | tr A-Z a-z` # MY eXit myx() { @@ -31,17 +36,18 @@ fi # shift 2> /dev/null; -if [ ! -d $AKEYS/$HOST ]; then - mkdir -p $AKEYS/$HOST || myx "Unable to create $AKEYS/$HOST" +HOSTDIR=$AKEYS/$USER@${HOST}-22 +if [ ! -d $HOSTDIR ]; then + mkdir -p $HOSTDIR || myx "Unable to create $HOSTDIR" fi -if [ ! -e $AKEYS/$HOST/id_dsa ]; then - ssh-keygen -t dsa -f $AKEYS/$HOST/id_dsa || myx "Unable to create $AKEYS/$HOST/id_dsa" +if [ ! -e $HOSTDIR/id_dsa ]; then + ssh-keygen -t dsa -f $HOSTDIR/id_dsa || myx "Unable to create $HOSTDIR/id_dsa" fi -# We now have a key in $AKEYS/$HOST/id_dsa +# We now have a key in $HOSTDIR/id_dsa -ACTIVEAGENT=$AKEYS/$HOST/activeagent-`hostname` +ACTIVEAGENT=$HOSTDIR/activeagent-`hostname` if [ -e $ACTIVEAGENT.sh ]; then . $ACTIVEAGENT.sh || myx "Unable to read $ACTIVEAGENT.sh" fi @@ -59,10 +65,13 @@ fi # We now have a live agent, possibly without any keys in it -for i in $HOST $(cat ${AKEYS}/$HOST/extra_keys 2> /dev/null); do - tmp=`normalizehost $i` - if [ -f $AKEYS/$HOST/$tmp ]; then - IDENTITY=$AKEYS/$HOST/$tmp +for i in $USER@${HOST}-22 `cat $HOSTDIR/extra_keys 2> /dev/null`; do + tmpuser=`echo $i | sed -e "/^[^@]*\$/s/.*/$USER/" -e "/@/s/\\(.*\\)@.*/\\1/"` + tmpport=`echo $i | sed -e '/-\([0-9][0-9]*\)/!s/$/-22/' -e 's/.*-\([0-9][0-9]*\)/\1/'` + tmphost=`echo $1 | sed -e 's/.*@\(.*\)//' -e 's/-[0-9][0-9]*$//' | tr A-Z a-z` + tmp=$USER@`normalizehost $tmphost`-$tmpport + if [ -f $HOSTDIR/$tmp ]; then + IDENTITY=$HOSTDIR/$tmp elif [ -d $AKEYS/$tmp/ ]; then if ! [ -f $AKEYS/$tmp/id_dsa -a -r $AKEYS/$tmp/id_dsa ]; then myx "Missing key for $tmp" @@ -88,7 +97,7 @@ if [ "${KEYLIST}" != "" ]; then fi if [ "$1" = "" ]; then - exec ssh $HOST + exec ssh $USER@$HOST else exec ssh "$@" fi |