2021-11-10 14:41:19 +00:00
|
|
|
function zssh_boot()
|
|
|
|
{
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "zssh is booting up ----------------------------"
|
2021-11-10 14:41:19 +00:00
|
|
|
typeset -g zssh_ssh_dotdir="${HOME}/.ssh"
|
|
|
|
typeset -g zssh_private_keys="${zssh_ssh_dotdir}/keystore"
|
|
|
|
typeset -g zssh_private_configs="${zssh_ssh_dotdir}/config.d"
|
|
|
|
typeset -g zssh_global_configs=${globaldots_path}/config/ssh
|
|
|
|
typeset -g zssh_global_pubkeys=${globaldots_path}/keys/ssh
|
|
|
|
zssh_configure
|
|
|
|
zssh_process
|
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_configure ()
|
|
|
|
{
|
|
|
|
if [[ -n "$zssh_host" ]]
|
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "zssh_host is set"
|
2021-11-10 14:41:19 +00:00
|
|
|
ztools_ensure -d $zssh_private_keys
|
|
|
|
ztools_ensure -d $zssh_private_configs
|
|
|
|
ztools_ensure -d ${zssh_global_configs}
|
|
|
|
ztools_ensure -d ${zssh_global_pubkeys}
|
|
|
|
zssh_enumeratenodes
|
|
|
|
if [[ ${#zssh_host_config_accesses} -gt 0 ]]
|
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "zssh_host_config_accesses is set"
|
|
|
|
zshlibs_log zssh "global our pubkey directory is $(zssh_host_info -K)"
|
|
|
|
zshlibs_log zssh "global our config directory is $(zssh_host_info -c)"
|
2021-11-10 14:41:19 +00:00
|
|
|
typeset -g zssh_global_config_hostdir="${zssh_global_configs}/${zssh_host}"
|
|
|
|
typeset -g zssh_global_pubkey_hostdir="${zssh_global_pubkeys}/${zssh_host}"
|
2021-11-22 15:41:59 +00:00
|
|
|
ztools_ensure -d $(zssh_host_info -K) #"${zssh_global_pubkey_hostdir}"
|
|
|
|
ztools_ensure -d $(zssh_host_info -C) # "${zssh_global_config_hostdir}"
|
2021-11-10 14:41:19 +00:00
|
|
|
else
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "zssh_host_config_accesses is NOT set, not going to bother accepting keys"
|
2021-11-10 14:41:19 +00:00
|
|
|
fi
|
|
|
|
else
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "zssh_host is NOT set, which means we cannot neither publish keys nor accept them"
|
2021-11-10 14:41:19 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-11-22 15:41:59 +00:00
|
|
|
function zssh_host_info()
|
|
|
|
{
|
|
|
|
local=ssh_node=${zssh_host}
|
|
|
|
zssh_node_info ${zssh_host} $@
|
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_node_info()
|
|
|
|
{
|
|
|
|
local ssh_node=$1
|
|
|
|
shift
|
|
|
|
while getopts 'kKcCM:E:' opt
|
|
|
|
do
|
|
|
|
case $opt in
|
|
|
|
(s)
|
|
|
|
# private privkey
|
|
|
|
echo "$zssh_private_keys/${ssh_node}.key"
|
|
|
|
;;
|
|
|
|
(k)
|
|
|
|
# private pubkey
|
|
|
|
echo "$zssh_private_keys/${ssh_node}.key.pub"
|
|
|
|
;;
|
|
|
|
(M)
|
|
|
|
# public pubkey mail file
|
|
|
|
echo "$zssh_global_pubkeys/${ssh_node}/${OPTARG}.key.pub"
|
|
|
|
;;
|
|
|
|
(K)
|
|
|
|
# public pubkey bucket
|
|
|
|
echo "$zssh_global_pubkeys/${ssh_node}"
|
|
|
|
;;
|
|
|
|
(c)
|
|
|
|
# private ssh hostconfig
|
|
|
|
echo "$zssh_private_configs/${ssh_node}.sshconf"
|
|
|
|
;;
|
|
|
|
(C)
|
|
|
|
# public config bucket
|
|
|
|
echo "$zssh_global_configs/${ssh_node}"
|
|
|
|
;;
|
|
|
|
(E)
|
|
|
|
# public config bucket piece
|
|
|
|
echo "$zssh_global_configs/${ssh_node}/${OPTARG}.sshconf"
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2021-11-10 14:41:19 +00:00
|
|
|
function zssh_process()
|
|
|
|
{
|
|
|
|
if [[ -n "$zssh_host" ]]
|
|
|
|
then
|
|
|
|
if [[ ${#zssh_host_config_accesses} -gt 0 ]]
|
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "processing ssh server setup"
|
2021-11-22 15:41:59 +00:00
|
|
|
if [[ "${HOME}/.config/zsh/local.config.zsh" -nt $(zssh_host_info -c) ]]
|
2021-11-10 14:41:19 +00:00
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "publishing our configs …"
|
2021-11-10 14:41:19 +00:00
|
|
|
zssh_publish_configs
|
|
|
|
else
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "no need to publish our configs"
|
2021-11-10 14:41:19 +00:00
|
|
|
fi
|
2021-11-22 15:41:59 +00:00
|
|
|
zssh_check_pubkeys
|
2021-11-10 14:41:19 +00:00
|
|
|
fi
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "processing ssh client setup"
|
2021-11-10 14:41:19 +00:00
|
|
|
zssh_install_peers
|
|
|
|
zssh_publish_pubkeys
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-11-22 15:41:59 +00:00
|
|
|
function zssh_check_pubkeys()
|
|
|
|
{
|
|
|
|
[[ ${#zssh_host_config_accesses} -gt 0 ]] || return 62
|
|
|
|
}
|
|
|
|
|
2021-11-10 14:41:19 +00:00
|
|
|
function zssh_install_peers()
|
|
|
|
{
|
|
|
|
[[ -n $zssh_host ]] || return 63
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "installing peers"
|
2021-11-10 14:41:19 +00:00
|
|
|
for ssh_node in $zssh_nodes
|
|
|
|
do
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "installing peer $ssh_node …"
|
2021-11-10 14:41:19 +00:00
|
|
|
zssh_generate_privkey4 $ssh_node
|
|
|
|
zssh_generate_config4 $ssh_node
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_publish_pubkeys()
|
|
|
|
{
|
|
|
|
for ssh_node in $zssh_nodes
|
|
|
|
do
|
|
|
|
zssh_mail_pubkey2 $ssh_node
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_mail_pubkey2()
|
|
|
|
{
|
|
|
|
[[ -n $zssh_host ]] || return 63
|
|
|
|
ssh_node="$1"
|
2021-11-22 15:41:59 +00:00
|
|
|
if ! [[ $(zssh_node_info ${ssh_node} -k) -ot "$(zssh_node_info ${ssh_node} -K)/$zssh_host.key.pub" ]]
|
|
|
|
then
|
2021-12-20 15:07:07 +00:00
|
|
|
ztools_ensure -d $(zssh_node_info ${ssh_node} -K)
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "sending '$(zssh_node_info ${ssh_node} -k) to '$(zssh_node_info ${ssh_node} -K ${zssh_host})'"
|
2021-11-22 15:41:59 +00:00
|
|
|
cp $(zssh_node_info ${ssh_node} -k) (zssh_node_info ${ssh_node} -K ${zssh_host})
|
|
|
|
else
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "'$(zssh_node_info ${ssh_node} -K ${zssh_host})' already mailed"
|
2021-11-22 15:41:59 +00:00
|
|
|
fi
|
2021-11-10 14:41:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_publish_configs()
|
|
|
|
{
|
2021-12-04 21:34:16 +00:00
|
|
|
[[ "${#zssh_host_config_accesses}" -gt 0 ]] || return 62
|
2021-11-10 14:41:19 +00:00
|
|
|
for sshmatch in ${(k)zssh_host_config_accesses}
|
|
|
|
do
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "generating our server access config '$(zssh_host_info -E ${sshmatch})'" # '${hostaccessconfig_file}'"
|
2021-11-22 15:41:59 +00:00
|
|
|
zssh_generate_hostaccessconfig $sshmatch > "$(zssh_host_info -E ${sshmatch})" # "$hostaccessconfig_file"
|
2021-11-10 14:41:19 +00:00
|
|
|
done
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "updating mtime for $(zssh_host_info -C)"
|
2021-11-22 15:41:59 +00:00
|
|
|
touch "$(zssh_host_info -C)"
|
2021-11-10 14:41:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_generate_hostaccessconfig()
|
|
|
|
{
|
|
|
|
sshmatch="${1}"
|
|
|
|
sshcontents=${zssh_host_config_accesses[$sshmatch]}
|
|
|
|
sshmatch_user=${sshmatch%%@*}
|
|
|
|
sshmatch_host=${sshmatch##*@}
|
|
|
|
if [[ "$sshmatch_host" == "$sshmatch_user" ]]
|
|
|
|
then
|
|
|
|
sshmatch_user=''
|
|
|
|
fi
|
|
|
|
<< HERE
|
|
|
|
Match ${sshmatch_host:+host $sshmatch_host,} ${sshmatch_user:+user $sshmatch_user,}
|
|
|
|
${sshcontents}
|
|
|
|
${zssh_host_config}
|
|
|
|
HERE
|
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_generate_config4
|
|
|
|
{
|
|
|
|
ssh_node="$1"
|
|
|
|
dst="$zssh_private_configs/$ssh_node.sshconf"
|
|
|
|
srcs="$zssh_global_configs/$ssh_node"
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "checking configs for $ssh_node …"
|
2021-11-10 14:41:19 +00:00
|
|
|
if [[ -d "$srcs" ]] && ! [[ $dst -nt $srcs ]]
|
|
|
|
then
|
|
|
|
sshkey="$zssh_private_keys/$ssh_node.key"
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "found fresh configs directory for $ssh_node"
|
|
|
|
zshlibs_log zssh "config destination is '$dst'"
|
|
|
|
zshlibs_log zssh "tied ssh key is '$sshkey'"
|
2021-11-10 14:41:19 +00:00
|
|
|
rm "$dst" 2> /dev/null
|
|
|
|
for src in "$srcs"/*.sshconf(N)
|
|
|
|
do
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "sourcing $src"
|
2021-11-10 14:41:19 +00:00
|
|
|
cat "$src" >> "$dst"
|
|
|
|
printf "\n IdentityFile %s\n\n" "$sshkey" >> "$dst"
|
|
|
|
done
|
|
|
|
fi
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "done with $ssh_node"
|
2021-11-10 14:41:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function zssh_generate_privkey4
|
|
|
|
{
|
|
|
|
ssh_node="$1"
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "checking keys for peer $ssh_node …"
|
2021-11-10 14:41:19 +00:00
|
|
|
local newkey=$zssh_private_keys/$ssh_node.key
|
|
|
|
if ! [[ -s $newkey ]]
|
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "generate key for $ssh_node"
|
2021-11-10 14:41:19 +00:00
|
|
|
ssh-keygen -t ed25519 -N '' -C "$ssh_host($USER@$HOST) for $ssh_node" -f $newkey >> "${HOME}/.log/ssh-keygen.log"
|
|
|
|
if [[ "$ssh_node" == "$zssh_host" ]]
|
|
|
|
then
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "Self accepting key: $ssh_node"
|
2021-11-10 14:41:19 +00:00
|
|
|
cat "$newkey.pub" >> ${HOME}/.ssh/authorized_keys
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function zssh_enumeratenodes()
|
|
|
|
{
|
|
|
|
typeset -g -a zssh_nodes;
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "enumerating nodes"
|
2021-11-10 14:41:19 +00:00
|
|
|
if [[ -d $zssh_global_configs ]]
|
|
|
|
then
|
|
|
|
for __ssh_node in ${zssh_global_configs}/*(/)
|
|
|
|
do
|
|
|
|
zssh_nodes+=($(basename $__ssh_node))
|
|
|
|
done
|
|
|
|
fi
|
2022-01-11 14:35:56 +00:00
|
|
|
zshlibs_log zssh "got ${#zssh_nodes} nodes"
|
2021-11-10 14:41:19 +00:00
|
|
|
}
|