[ { "path": ".travis.yml", "content": "os:\n - linux\n - osx\n\nscript: ./test.sh\n" }, { "path": "LICENSE.md", "content": "Copyright (c) 2017: Felipe Lavratti\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n" }, { "path": "README.md", "content": "**ssh-allow-friend**\n\nThis is a bash script to temporarily allow a ssh login using friends public key\nautomatically fetched from online servers.\n\nExample usage:\n```sh\n./ssh-allow-friend --github my-friend-user-name\n```\n\nThe script will fetch `my-friend-user-name`'s public key from github and add to\ncurrent user authorized keys. After running the command, in a machine where\n$USER is `fanl` and the local ip is `192.168.2.13`, the script will print:\n\n```\nAcquired key for user my-friend-user-name from github,\nyour friend is now able to login via ssh using:\n ssh fanl@192.168.2.13\n\nLogin authorization will be ceased after this\nprogram terminates.\nPress ^C to exit.\n```\n\nYour friend can now login with the command `fanl@192.168.2.13`.\n\nIf you need to select a different user to your friend ssh session, use:\n\n```sh\nsudo -H -u another_user ./ssh-allow-friend --github my-friend-user-name\n```\n" }, { "path": "ssh-allow-friend", "content": "#!/bin/bash\n\nprint_help () {\n echo \"\"\n echo \" Temporarily allow a ssh login using friends public key\"\n echo \" fetched from online servers.\"\n echo \"\"\n echo \"Usage:\"\n echo \" $0 [options] \"\n echo \"\"\n echo \"[options]\"\n echo \" -h | --help Print this help;\"\n echo \" -g | --github Select Github as public key server.\"\n echo \"\"\n echo \"\"\n echo \" It is the username used to download keys from selected\"\n echo \" server.\"\n echo \"\"\n echo \"Advanced example:\"\n echo \"\"\n echo \" Allow user \\`john-doe\\` from Github to login as user\"\n echo \" \\`myself\\`:\"\n echo \" sudo -H -u myself $0 --github john-doe\"\n echo \"\"\n}\n\nprint_usage () {\n echo \"Usage example: $0 --github \"\n}\n\n#\n# Configuration vars\nGITHUB=0\nUSERNAME=''\nUSERKEY=''\nSERVICENAME=''\nLOCALIPADDRESS=''\n\n#\n# Test dependencies\ngetopt --test > /dev/null\nif [[ $? -ne 4 ]]; then\n echo \"$0: \\`getopt --test\\` failed in this environment.\"\n exit 1\nfi\n\ncurl --help > /dev/null\nif [[ $? -ne 0 ]]; then\n echo \"$0: \\`curl --help\\` failed in this environment.\"\n exit 1\nfi\n\nIP_CMD=$(which ip 2> /dev/null)\nif [[ $? -ne 0 ]]; then\n echo \"$0: ip command not available.\"\n exit 1\nfi\n\nSSH_KEYGEN_CMD=$(which ssh-keygen 2> /dev/null)\nif [[ $? -ne 0 ]]; then\n echo \"$0: ssh-keygen command not available.\"\n exit 1\nfi\n\n#\n# Parse arguments\nSHORT=gh\nLONG=github,help\n\nPARSED=`getopt --options $SHORT --longoptions $LONG --name \"$0\" -- \"$@\"`\nif [[ $? -ne 0 ]]; then\n # e.g. $? == 1\n echo \"$0: Invalid parameters.\"\n print_usage\n exit 2\nfi\neval set -- \"$PARSED\"\n\nwhile true; do\n case \"$1\" in\n -h|--help)\n print_help\n exit 0\n ;;\n -g|--github)\n GITHUB=1\n shift\n ;;\n --)\n shift\n break\n ;;\n *)\n echo \"Programming error\"\n exit 3\n ;;\n esac\ndone\n\nif [[ $# -ne 1 ]]; then\n echo \"$0: A single user name is required.\"\n print_usage\n exit 4\nfi\n\nUSERNAME=$1\n\n#\n# Get user keys from server\ngithub_download_key () {\n SERVICENAME='github'\n USERKEY=`curl -s https://github.com/$USERNAME.keys`\n\n if [[ -z $USERKEY ]]; then\n echo \"User $USERNAME has no keys in Github.\"\n exit 5\n fi\n\n if [[ \"$USERKEY\" == \"Not Found\" ]]; then\n echo \"User $USERNAME not found in Github.\"\n exit 5\n fi\n}\n\nif [[ $GITHUB -eq 1 ]]; then\n github_download_key\nelse\n echo \"$0: No service selected.\"\n print_usage\n exit 5\nfi\n\n#\n# Check keys integrity\nTMP_KEY_FILE=/tmp/.ssh-allow-friend.$USERNAME-$USER-$SERVICENAME.keys\necho $USERKEY > $TMP_KEY_FILE\nssh-keygen -l -f $TMP_KEY_FILE > /dev/null\nif [[ $? -ne 0 ]]; then\n echo \"$0: Downloaded key is invalid.\"\n exit 6\nfi\nrm -f $TMP_KEY_FILE\n\n\n#\n# Get local ip address\nLOCALIPADDRESS=$($IP_CMD -o addr show scope global | awk '{gsub(/\\/.*/,\"\",$4); print $4}')\n\necho \"Acquired key for user $USERNAME from $SERVICENAME,\"\necho \"your friend is now able to login via ssh using:\"\necho \"$LOCALIPADDRESS\" | while read a; do echo \" ssh $USER@$a\"; done\necho \"\"\necho \"Login authorization will be ceased after this program\"\necho \"terminates.\"\necho \"Press ^C to exit.\"\n\nsetup () {\n (\n flock 200\n\n mkdir -p $HOME/.ssh/\n echo \"$USERKEY\" >> $HOME/.ssh/authorized_keys\n ) 200>/tmp/.ssh-allow-friend.$USER.lock\n}\n\nteardown () {\n (\n flock 200\n\n # remove key from file, or the entire file if empty\n if grep -v \"$USERKEY\" $HOME/.ssh/authorized_keys > $HOME/.ssh/tmp; then\n cat $HOME/.ssh/tmp > $HOME/.ssh/authorized_keys && rm $HOME/.ssh/tmp;\n else\n rm $HOME/.ssh/authorized_keys && rm $HOME/.ssh/tmp;\n fi\n ) 200>/tmp/.ssh-allow-friend.$USER.lock\n}\n\ntrap \"teardown; exit 0\" SIGHUP SIGINT SIGTERM\nsetup\nsleep infinity &\nwait\n" }, { "path": "test.sh", "content": "#!/bin/bash\nset -e\n\n./ssh-allow-friend -g flplv &\nsleep 10\ncat $HOME/.ssh/authorized_keys\nkill $!\n" } ]