From c8500dddd01ef10128eca0e4176050ef087a3918 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 4 Apr 2023 16:27:23 +0200 Subject: mod/ssh-keys-import: make ssh-keys-import a module --- mod/ssh-keys-import.rsc | 84 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 mod/ssh-keys-import.rsc (limited to 'mod/ssh-keys-import.rsc') diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc new file mode 100644 index 0000000..6f47314 --- /dev/null +++ b/mod/ssh-keys-import.rsc @@ -0,0 +1,84 @@ +#!rsc by RouterOS +# RouterOS script: mod/ssh-keys-import +# Copyright (c) 2020-2023 Christian Hesse +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# requires RouterOS, version=7.9beta4 +# +# import ssh keys for public key authentication +# https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md + +:global SSHKeysImport; +:global SSHKeysImportFile; + +# import single key passed as string +:set SSHKeysImport do={ + :local Key [ :tostr $1 ]; + :local User [ :tostr $2 ]; + + :global GetRandom20CharAlNum; + :global LogPrintExit2; + :global MkDir; + :global WaitForFile; + + :if ([ :len $Key ] = 0 || [ :len $User ] = 0) do={ + $LogPrintExit2 warning $0 ("Missing argument(s), please pass key and user!") true; + } + + :if ([ :len [ /user/find where name=$User ] ] = 0) do={ + $LogPrintExit2 warning $0 ("User '" . $User . "' does not exist.") true; + } + + :if ([ $MkDir "tmpfs/ssh-keys-import" ] = false) do={ + $LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true; + } + + :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub"); + /file/add name=$FileName contents=$Key; + $WaitForFile $FileName; + + :do { + /user/ssh-keys/import public-key-file=$FileName user=$User; + } on-error={ + $LogPrintExit2 warning $0 ("Failed importing key.") true; + } +} + +# import keys from a file +:set SSHKeysImportFile do={ + :local FileName [ :tostr $1 ]; + :local User [ :tostr $2 ]; + + :global EitherOr; + :global LogPrintExit2; + :global ParseKeyValueStore; + :global SSHKeysImport; + + :if ([ :len $FileName ] = 0 || [ :len $User ] = 0) do={ + $LogPrintExit2 warning $0 ("Missing argument(s), please pass file name and user!") true; + } + + :local File [ /file/find where name=$FileName ]; + :if ([ :len $File ] = 0) do={ + $LogPrintExit2 warning $0 ("File '" . $FileName . "' does not exist.") true; + } + :local Keys ([ /file/get $FileName contents ] . "\n"); + + :do { + :local Continue false; + :local Line [ :pick $Keys 0 [ :find $Keys "\n" ] ]; + :set Keys [ :pick $Keys ([ :find $Keys "\n" ] + 1) [ :len $Keys ] ]; + :local Type [ :pick $Line 0 [ :find $Line " " ] ]; + :if ($Type = "ssh-rsa") do={ + $SSHKeysImport $Line $User; + :set Continue true; + } + :if ($Continue = false && $Type = "#") do={ + :set User [ $EitherOr ([ $ParseKeyValueStore [ :pick $Line 2 [ :len $Line ] ] ]->"user") $User ]; + :set Continue true; + } + :if ($Continue = false && [ :len $Type ] > 0) do={ + $LogPrintExit2 warning $0 ("SSH key of type '" . $Type . "' is not supported.") false; + } + } while=([ :len $Keys ] > 0); +} -- cgit v1.2.3-54-g00ecf