Mercurial > hg > python

annotate newkey.py @ 40:f13017bb4502

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
works on markup with -v ecclerig...
author Henry S. Thompson <ht@inf.ed.ac.uk>
date Mon, 03 Jan 2022 19:19:20 +0000
parents a0b702a76872
children 900ff99ec749
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
39
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
1 #!/usr/bin/python3
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
2 '''Install a new ssh key on paul and in a list of hosts,
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
3 confirm success, and if so comment out any older versions
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
4 Usage: newkey.py [-v intermediary] keytype [-i] [-c client | client list filename]
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
5 client list filename defaults to /etc/sshclients _on Paul_
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
6 If -i, read tar with new key pair from stdin, otherwise from ~/.ssh/id_$keytype.pub
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
7
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
8 If run on a machine other than paul, will try to get it to Paul to distribute:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
9 1) Using ssh-copy-id directly;
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
10 2) Using ssh-copy-id via intermediary (defaults to $DESKTOP)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
11 [change this to maritain once it's worked for everbody''' # '
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
12
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
13 import sys, os
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
14 from socket import gethostname
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
15 from subprocess import run
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
16
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
17 hack=os.environ.copy()
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
18 hack['SSH_AUTH_SOCK']='/home/ht/.gnupg/S.gpg-agent.ssh'
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
19
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
20 def ssh_copy_id(keyfile,client):
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
21 print(["ssh-copy-id","-i",keyfile,client],'...',sep='',end='')
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
22 res=run(["ssh-copy-id","-i",keyfile,client],env=hack).returncode
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
23 print('failed %s'%res if res else 'succeeded')
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
24
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
25 ihost=None
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
26 if sys.argv[1]=='-v':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
27 sys.argv.pop(1)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
28 ihost=sys.argv.pop(1).lower()
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
29
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
30 keytype=sys.argv.pop(1)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
31
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
32 if len(sys.argv)>1 and sys.argv[1]=='-i':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
33 # Working for some other client
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
34 sys.argv.pop(1)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
35 res=os.system("cd /tmp ; rm -rf keys ; tar -xzf -")
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
36 if res:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
37 print("untar failed",res)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
38 exit(res)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
39 keydir="/tmp/keys"
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
40 else:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
41 keydir=os.path.expanduser("~/.ssh")
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
42
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
43 keyfile="%s/id_%s.pub"%(keydir,keytype)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
44
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
45 try:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
46 clients=sys.argv.pop(1)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
47 if clients=='-c':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
48 clients="-c %s"%sys.argv.pop(1)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
49 except:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
50 clients='/etc/sshclients'
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
51
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
52 host=gethostname().lower()
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
53
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
54 print(keytype,keyfile,ihost,clients)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
55
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
56 if host!='paul':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
57 if clients[0]!='-':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
58 print("Note, %s will be dereferenced on paul, not locally"%clients,
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
59 file=sys.stderr)
40
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
60 cmd="/home/ht/bin/newkey.py %s -i %s"%(keytype,
39
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
61 '%s'%clients if clients is not None else '')
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
62 print(cmd)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
63 res=os.system("mkdir -p /tmp/keys ; cd /tmp ; bash -c 'cp -a %s keys' ; tar -czf keys.tar.gz keys"%os.path.expanduser("~/.ssh/id_%s{,.pub}"%keytype))
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
64 if res:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
65 print("tar failed",res)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
66 exit(res)
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
67 with open("/tmp/keys.tar.gz","rb") as keytar:
40
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
68 if ihost is None:
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
69 res=run(['ssh','paul',cmd],stdin=keytar).returncode
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
70 if res:
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
71 print("paul failed",res)
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
72 exit(res)
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
73 else:
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
74 res=run(['ssh',ihost,'/afs/inf.ed.ac.uk/user/h/ht/share/bin/goHome',cmd],stdin=keytar).returncode
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
75 if res:
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
76 print("going via %s failed"%ihost,res)
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
77 exit(res)
f13017bb4502 works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 39
diff changeset
78
39
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
79
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
80 if clients[0]=='-':
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
81 ssh_copy_id(keyfile,clients[3:])
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
82 else:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
83 with open(clients) as cfile:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
84 for l in cfile:
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
85 ssh_copy_id(keyfile,l.rstrip())
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
86
a0b702a76872 works from maritain
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
87