mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-08-09 20:54:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod/ssh-keys-import: calculate fingerprint...

Browse source 
... and store it in key-owner, which is descriptive only.

This requires RouterOS 7.12beta1 for the 'transform' property
for ':convert' command.
This commit is contained in:
Christian Hesse 2023-11-02 09:46:25 +01:00
parent c3045f3723
commit 1265caca60
4 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
doc/mod/ssh-keys-import.md
View file

@ -3,6 +3,8 @@ Import ssh keys for public key authentication
[⬅️ Go back to main README](../../README.md) [⬅️ Go back to main README](../../README.md)
[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.12beta1-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
> **Info**: This module can not be used on its own but requires the base > **Info**: This module can not be used on its own but requires the base
> installation. See [main README](../../README.md) for details. > installation. See [main README](../../README.md) for details.
@ -35,7 +37,11 @@ been added:
$SSHKeysImport "ssh-ed25519 AAAAC3Nza...ZVugJT user" admin; $SSHKeysImport "ssh-ed25519 AAAAC3Nza...ZVugJT user" admin;
The third part of the key (`user` in this example) is inherited as The third part of the key (`user` in this example) is inherited as
`key-owner` in RouterOS. `key-owner` in RouterOS. Also the `MD5` fingerprint is recorded, this helps
to audit and verify the available keys.
> **Info**: Use `ssh-keygen` to show a fingerprint of an existing public
> key file: `ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub`
### Import several keys from file ### Import several keys from file

2
global-functions.rsc
View file

@ -12,7 +12,7 @@
:local 0 "global-functions"; :local 0 "global-functions";
# expected configuration version # expected configuration version
:global ExpectedConfigVersion 111; :global ExpectedConfigVersion 112;
# global variables not to be changed by user # global variables not to be changed by user
:global GlobalFunctionsReady false; :global GlobalFunctionsReady false;

7
mod/ssh-keys-import.rsc
View file

@ -3,6 +3,8 @@
# Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de> # Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de>
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
# #
# requires RouterOS, version=7.12beta1
#
# import ssh keys for public key authentication # import ssh keys for public key authentication
# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md # https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md
@ -38,12 +40,15 @@
$LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true; $LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true;
} }
:local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ];
:local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub"); :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub");
/file/add name=$FileName contents=$Key; /file/add name=$FileName contents=($Key . ", md5=" . $FingerPrintMD5);
$WaitForFile $FileName; $WaitForFile $FileName;
:do { :do {
/user/ssh-keys/import public-key-file=$FileName user=$User; /user/ssh-keys/import public-key-file=$FileName user=$User;
$LogPrintExit2 info $0 ("Imported ssh public key (" . $KeyVal->2 . ", " . $KeyVal->0 . ", " . \
"MD5:" . $FingerPrintMD5 . ") for user '" . $User . "'.") false;
} on-error={ } on-error={
$LogPrintExit2 warning $0 ("Failed importing key.") true; $LogPrintExit2 warning $0 ("Failed importing key.") true;
} }

1
news-and-changes.rsc
View file

@ -25,6 +25,7 @@
109="Added support to send notifications via Ntfy (ntfy.sh)."; 109="Added support to send notifications via Ntfy (ntfy.sh).";
110="Dropped support for loading scripts from local storage."; 110="Dropped support for loading scripts from local storage.";
111="Modified 'dhcp-to-dns' to allow multiple records for one mac address."; 111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
}; };
# Migration steps to be applied on script updates # Migration steps to be applied on script updates