diff options
| author |  Christian Hesse <mail@eworm.de> | 2023-11-02 09:46:25 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2023-11-09 15:08:36 +0100 |
| commit | 1265caca60bf097d66ef9ef0814e8f04f9720170 (patch) | |
| tree | 2834fab4cf22b32bcf273e76efe4f6586be2cf15 | |
| parent | c3045f372350bd8dd0a8f10efb8a4b938e896145 (diff) | |
mod/ssh-keys-import: calculate fingerprint...routeros-7.12beta1-2change-112
... and store it in key-owner, which is descriptive only.
This requires RouterOS 7.12beta1 for the 'transform' property
for ':convert' command.
| -rw-r--r-- | doc/mod/ssh-keys-import.md | 8 | ||||
| -rw-r--r-- | global-functions.rsc | 2 | ||||
| -rw-r--r-- | mod/ssh-keys-import.rsc | 7 | ||||
| -rw-r--r-- | news-and-changes.rsc | 1 |
4 files changed, 15 insertions, 3 deletions
diff --git a/doc/mod/ssh-keys-import.md b/doc/mod/ssh-keys-import.md index cf28ee2..9f7f7ce 100644 --- a/doc/mod/ssh-keys-import.md +++ b/doc/mod/ssh-keys-import.md @@ -3,6 +3,8 @@ Import ssh keys for public key authentication [⬅️ Go back to main README](../../README.md) +[](https://mikrotik.com/download/changelogs/) + > ℹ️️ **Info**: This module can not be used on its own but requires the base > installation. See [main README](../../README.md) for details. @@ -35,7 +37,11 @@ been added: $SSHKeysImport "ssh-ed25519 AAAAC3Nza...ZVugJT user" admin; The third part of the key (`user` in this example) is inherited as -`key-owner` in RouterOS. +`key-owner` in RouterOS. Also the `MD5` fingerprint is recorded, this helps +to audit and verify the available keys. + +> ℹ️️ **Info**: Use `ssh-keygen` to show a fingerprint of an existing public +> key file: `ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub` ### Import several keys from file diff --git a/global-functions.rsc b/global-functions.rsc index e307560..7eb1ec5 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -12,7 +12,7 @@ :local 0 "global-functions"; # expected configuration version -:global ExpectedConfigVersion 111; +:global ExpectedConfigVersion 112; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc index fb6fee1..0e82785 100644 --- a/mod/ssh-keys-import.rsc +++ b/mod/ssh-keys-import.rsc @@ -3,6 +3,8 @@ # Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # +# requires RouterOS, version=7.12beta1 +# # import ssh keys for public key authentication # https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md @@ -38,12 +40,15 @@ $LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true; } + :local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ]; :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub"); - /file/add name=$FileName contents=$Key; + /file/add name=$FileName contents=($Key . ", md5=" . $FingerPrintMD5); $WaitForFile $FileName; :do { /user/ssh-keys/import public-key-file=$FileName user=$User; + $LogPrintExit2 info $0 ("Imported ssh public key (" . $KeyVal->2 . ", " . $KeyVal->0 . ", " . \ + "MD5:" . $FingerPrintMD5 . ") for user '" . $User . "'.") false; } on-error={ $LogPrintExit2 warning $0 ("Failed importing key.") true; } diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 5ee3030..babcec8 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -25,6 +25,7 @@ 109="Added support to send notifications via Ntfy (ntfy.sh)."; 110="Dropped support for loading scripts from local storage."; 111="Modified 'dhcp-to-dns' to allow multiple records for one mac address."; + 112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys."; }; # Migration steps to be applied on script updates |