mirror.MikroTik/eworm-de.routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-06-21 01:25:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod/ssh-keys-import: make ssh-keys-import a module

Browse source
This commit is contained in:
Christian Hesse 2023-04-04 16:27:23 +02:00
parent a3a7e5be4b
commit c8500dddd0
7 changed files with 149 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -225,7 +225,6 @@ Available scripts
* [Run scripts on ppp connection](doc/ppp-on-up.md) * [Run scripts on ppp connection](doc/ppp-on-up.md)
* [Act on received SMS](doc/sms-action.md) * [Act on received SMS](doc/sms-action.md)
* [Forward received SMS](doc/sms-forward.md) * [Forward received SMS](doc/sms-forward.md)
* [Import SSH keys](doc/ssh-keys-import.md)
* [Play Super Mario theme](doc/super-mario-theme.md) * [Play Super Mario theme](doc/super-mario-theme.md)
* [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md) * [Chat with your router and send commands via Telegram bot](doc/telegram-chat.md)
* [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md) * [Install LTE firmware upgrade](doc/unattended-lte-firmware-upgrade.md)
@ -243,6 +242,7 @@ Available modules
* [Send notifications via Matrix](doc/mod/notification-matrix.md) * [Send notifications via Matrix](doc/mod/notification-matrix.md)
* [Send notifications via Telegram](doc/mod/notification-telegram.md) * [Send notifications via Telegram](doc/mod/notification-telegram.md)
* [Download script and run it once](doc/mod/scriptrunonce.md) * [Download script and run it once](doc/mod/scriptrunonce.md)
* [Import ssh keys for public key authentication](doc/mod/ssh-keys-import.md)
Installing custom scripts & modules Installing custom scripts & modules
----------------------------------- -----------------------------------

59
doc/mod/ssh-keys-import.md Normal file
View file

@ -0,0 +1,59 @@
Import ssh keys for public key authentication
=============================================
[⬅️ Go back to main README](../../README.md)
![required RouterOS version](https://img.shields.io/badge/RouterOS-7.9beta4-yellow?style=flat)
> **Info**: This module can not be used on its own but requires the base
> installation. See [main README](../../README.md) for details.
Description
-----------
RouterOS supports ssh login with public key authentication. The functions
in this module help importing the keys.
Requirements and installation
-----------------------------
Just install the module:
$ScriptInstallUpdate mod/ssh-keys-import;
Usage and invocation
--------------------
### Import single key from terminal
Call the function `$SSHKeysImport` with key and user as parameter to
import that key:
$SSHKeysImport "ssh-rsa ssh-rsa AAAAB3Nza...QYZk8= user" admin;
The third part of the key (`user` in this example) is inherited as
`key-owner` in RouterOS.
### Import several keys from file
The functions `$SSHKeysImportFile` can read an `authorized_keys`-style file
and import all the keys. The user given to the function can be overwritting
from comments in the file. Create a file `keys.pub` with this content:
```
ssh-rsa AAAAB3Nza...QYZk8= user@client
ssh-rsa AAAAB3Nza...ozyts= worker@station
# user=example
ssh-rsa AAAAB3Nza...GXQVk= person@host
```
Then import it with:
$SSHKeysImportFile keys.pub admin;
This will import the first two keys for user `admin` (as given to function)
and the third one for user `example` (as defined in comment).
---
[⬅️ Go back to main README](../../README.md)
[⬆️ Go back to top](#top)

35
doc/ssh-keys-import.md
View file

@ -1,33 +1,2 @@
Import SSH keys This script has been replaced by a module. Please see
=============== [Import ssh keys for public key authentication](mod/ssh-keys-import.md).
[⬅️ Go back to main README](../README.md)
Description
-----------
This script imports public SSH keys (files with extension "`pub`") into
local store for user authentication.
Requirements and installation
-----------------------------
Just install the script:
$ScriptInstallUpdate ssh-keys-import;
Usage and invocation
--------------------
Copy files with extension "`pub`" containing public SSH keys for your device.
Then run the script:
/system/script/run ssh-keys-import;
Starting with an `authorized_keys` file you can split it on a shell:
grep -E '^ssh-rsa' authorized_keys | nl -nrz | while read num type key name; do echo $type $key $name > $num-$name.pub; done
---
[⬅️ Go back to main README](../README.md)
[⬆️ Go back to top](#top)

2
global-functions.rsc
View file

@ -12,7 +12,7 @@
:local 0 "global-functions"; :local 0 "global-functions";
# expected configuration version # expected configuration version
:global ExpectedConfigVersion 99; :global ExpectedConfigVersion 100;
# global variables not to be changed by user # global variables not to be changed by user
:global GlobalFunctionsReady false; :global GlobalFunctionsReady false;

84
mod/ssh-keys-import.rsc Normal file
View file

@ -0,0 +1,84 @@
#!rsc by RouterOS
# RouterOS script: mod/ssh-keys-import
# Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
#
# requires RouterOS, version=7.9beta4
#
# import ssh keys for public key authentication
# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md
:global SSHKeysImport;
:global SSHKeysImportFile;
# import single key passed as string
:set SSHKeysImport do={
:local Key [ :tostr $1 ];
:local User [ :tostr $2 ];
:global GetRandom20CharAlNum;
:global LogPrintExit2;
:global MkDir;
:global WaitForFile;
:if ([ :len $Key ] = 0 || [ :len $User ] = 0) do={
$LogPrintExit2 warning $0 ("Missing argument(s), please pass key and user!") true;
}
:if ([ :len [ /user/find where name=$User ] ] = 0) do={
$LogPrintExit2 warning $0 ("User '" . $User . "' does not exist.") true;
}
:if ([ $MkDir "tmpfs/ssh-keys-import" ] = false) do={
$LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true;
}
:local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub");
/file/add name=$FileName contents=$Key;
$WaitForFile $FileName;
:do {
/user/ssh-keys/import public-key-file=$FileName user=$User;
} on-error={
$LogPrintExit2 warning $0 ("Failed importing key.") true;
}
}
# import keys from a file
:set SSHKeysImportFile do={
:local FileName [ :tostr $1 ];
:local User [ :tostr $2 ];
:global EitherOr;
:global LogPrintExit2;
:global ParseKeyValueStore;
:global SSHKeysImport;
:if ([ :len $FileName ] = 0 || [ :len $User ] = 0) do={
$LogPrintExit2 warning $0 ("Missing argument(s), please pass file name and user!") true;
}
:local File [ /file/find where name=$FileName ];
:if ([ :len $File ] = 0) do={
$LogPrintExit2 warning $0 ("File '" . $FileName . "' does not exist.") true;
}
:local Keys ([ /file/get $FileName contents ] . "\n");
:do {
:local Continue false;
:local Line [ :pick $Keys 0 [ :find $Keys "\n" ] ];
:set Keys [ :pick $Keys ([ :find $Keys "\n" ] + 1) [ :len $Keys ] ];
:local Type [ :pick $Line 0 [ :find $Line " " ] ];
:if ($Type = "ssh-rsa") do={
$SSHKeysImport $Line $User;
:set Continue true;
}
:if ($Continue = false && $Type = "#") do={
:set User [ $EitherOr ([ $ParseKeyValueStore [ :pick $Line 2 [ :len $Line ] ] ]->"user") $User ];
:set Continue true;
}
:if ($Continue = false && [ :len $Type ] > 0) do={
$LogPrintExit2 warning $0 ("SSH key of type '" . $Type . "' is not supported.") false;
}
} while=([ :len $Keys ] > 0);
}

2
news-and-changes.rsc
View file

@ -13,9 +13,11 @@
97="Modified 'dhcp-to-dns' to always add A records for names with mac address, and optionally add CNAME records if the host name is available."; 97="Modified 'dhcp-to-dns' to always add A records for names with mac address, and optionally add CNAME records if the host name is available.";
98="Extended 'check-certificates' to download new certificate by SubjectAltNames if download by CommonName fails."; 98="Extended 'check-certificates' to download new certificate by SubjectAltNames if download by CommonName fails.";
99="Modified 'dhcp-to-dns', which dropped global configuration. Settings moved to dhcp server's network definitions."; 99="Modified 'dhcp-to-dns', which dropped global configuration. Settings moved to dhcp server's network definitions.";
100="The script 'ssh-keys-import' became a module 'mod/ssh-keys-import' with enhanced functionality.";
}; };
# Migration steps to be applied on script updates # Migration steps to be applied on script updates
:global GlobalConfigMigration { :global GlobalConfigMigration {
97=":local Rec [ /ip/dns/static/find where comment~\"^managed by dhcp-to-dns for \" ]; :if ([ :len \$Rec ] > 0) do={ /ip/dns/static/remove \$Rec; /system/script/run dhcp-to-dns; }"; 97=":local Rec [ /ip/dns/static/find where comment~\"^managed by dhcp-to-dns for \" ]; :if ([ :len \$Rec ] > 0) do={ /ip/dns/static/remove \$Rec; /system/script/run dhcp-to-dns; }";
100=":global ScriptInstallUpdate; :if ([ :len [ /system/script/find where name=\"ssh-keys-import\" source~\"^#!rsc by RouterOS\\n\" ] ] > 0) do={ /system/script/set name=\"mod/ssh-keys-import\" ssh-keys-import; \$ScriptInstallUpdate; }";
}; };

11
ssh-keys-import.rsc
View file

@ -1,11 +0,0 @@
#!rsc by RouterOS
# RouterOS script: ssh-keys-import
# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
#
# import ssh keys from file
# https://git.eworm.de/cgit/routeros-scripts/about/doc/ssh-keys-import.md
:foreach Key in=[ /file/find where type="ssh key" ] do={
/user/ssh-key/import user=admin public-key-file=[ /file/get $Key name ];
}