Mercurial > hg > python
annotate newkey.py @ 69:157f012ffab7 default tip
from local
| author | Henry S Thompson <ht@inf.ed.ac.uk> |
|---|---|
| date | Fri, 17 Jan 2025 15:45:26 +0000 |
| parents | 59517f60826d |
| children |
| rev | line source |
|---|---|
| 39 | 1 #!/usr/bin/python3 |
| 2 '''Install a new ssh key on paul and in a list of hosts, | |
| 3 confirm success, and if so comment out any older versions | |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
4 Usage: newkey.py [-d] [-v intermediary] keytype [-i] [-c client | client list filename] |
| 39 | 5 client list filename defaults to /etc/sshclients _on Paul_ |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
6 If -d, add -v to ssh |
| 39 | 7 If -i, read tar with new key pair from stdin, otherwise from ~/.ssh/id_$keytype.pub |
| 8 | |
| 9 If run on a machine other than paul, will try to get it to Paul to distribute: | |
| 10 1) Using ssh-copy-id directly; | |
| 11 2) Using ssh-copy-id via intermediary (defaults to $DESKTOP) | |
| 12 [change this to maritain once it's worked for everbody''' # ' | |
| 13 | |
| 14 import sys, os | |
| 15 from socket import gethostname | |
| 41 | 16 from subprocess import run, PIPE |
| 39 | 17 |
| 18 hack=os.environ.copy() | |
| 19 hack['SSH_AUTH_SOCK']='/home/ht/.gnupg/S.gpg-agent.ssh' | |
| 20 | |
| 21 def ssh_copy_id(keyfile,client): | |
| 22 print(["ssh-copy-id","-i",keyfile,client],'...',sep='',end='') | |
| 41 | 23 res=run(["ssh-copy-id","-i",keyfile,client],env=hack,text=True, |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
24 capture_output=True) |
| 41 | 25 if res.returncode: |
| 26 print('failed %s'%res.returncode) | |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
27 print(res.stderr,res.stdout) |
| 41 | 28 else: |
| 29 print('succeeded') | |
| 39 | 30 |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
31 debug=False |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
32 if sys.argv[1]=='-d': |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
33 sys.argv.pop(1) |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
34 debug=True |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
35 |
| 39 | 36 ihost=None |
| 37 if sys.argv[1]=='-v': | |
| 38 sys.argv.pop(1) | |
| 39 ihost=sys.argv.pop(1).lower() | |
| 40 | |
| 41 keytype=sys.argv.pop(1) | |
| 42 | |
| 43 if len(sys.argv)>1 and sys.argv[1]=='-i': | |
| 44 # Working for some other client | |
| 45 sys.argv.pop(1) | |
| 46 res=os.system("cd /tmp ; rm -rf keys ; tar -xzf -") | |
| 47 if res: | |
| 48 print("untar failed",res) | |
| 49 exit(res) | |
| 50 keydir="/tmp/keys" | |
| 51 else: | |
| 52 keydir=os.path.expanduser("~/.ssh") | |
| 53 | |
| 54 keyfile="%s/id_%s.pub"%(keydir,keytype) | |
| 55 | |
| 56 try: | |
| 57 clients=sys.argv.pop(1) | |
| 58 if clients=='-c': | |
| 59 clients="-c %s"%sys.argv.pop(1) | |
| 60 except: | |
| 61 clients='/etc/sshclients' | |
| 62 | |
| 63 host=gethostname().lower() | |
| 64 | |
| 65 print(keytype,keyfile,ihost,clients) | |
| 66 | |
| 67 if host!='paul': | |
| 68 if clients[0]!='-': | |
| 69 print("Note, %s will be dereferenced on paul, not locally"%clients, | |
| 70 file=sys.stderr) | |
|
40
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
71 cmd="/home/ht/bin/newkey.py %s -i %s"%(keytype, |
| 39 | 72 '%s'%clients if clients is not None else '') |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
73 res=os.system("mkdir -p /tmp/keys ; cd /tmp ; bash -c 'cp -aH %s keys' ; tar -czf keys.tar.gz keys"%os.path.expanduser("~/.ssh/id_%s{,.pub}"%keytype)) |
| 39 | 74 if res: |
| 75 print("tar failed",res) | |
| 76 exit(res) | |
| 77 with open("/tmp/keys.tar.gz","rb") as keytar: | |
|
40
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
78 if ihost is None: |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
79 res=run((['ssh','-v','paul',cmd] if debug else ['ssh','paul',cmd]), |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
80 stdin=keytar).returncode |
|
40
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
81 if res: |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
82 print("paul failed",res) |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
83 exit(res) |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
84 else: |
|
42
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
85 res=run(['ssh',ihost, |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
86 '/afs/inf.ed.ac.uk/user/h/ht/share/bin/goHome %s'%( |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
87 '-v' if debug else ''), |
|
59517f60826d
quiet working, -d to use ssh -v
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
41
diff
changeset
|
88 cmd],stdin=keytar).returncode |
|
40
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
89 if res: |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
90 print("going via %s failed"%ihost,res) |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
91 exit(res) |
|
f13017bb4502
works on markup with -v ecclerig...
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
39
diff
changeset
|
92 |
| 39 | 93 |
| 94 if clients[0]=='-': | |
| 95 ssh_copy_id(keyfile,clients[3:]) | |
| 96 else: | |
| 97 with open(clients) as cfile: | |
| 98 for l in cfile: | |
| 99 ssh_copy_id(keyfile,l.rstrip()) | |
| 100 | |
| 101 |