Commit 86c3e17c authored by Michael Völske's avatar Michael Völske

update authorized-ssh-keys

parent a61e7fdd
......@@ -98,20 +98,20 @@ select_and_remove_keys() {
IN=$(mktemp)
OUT=$(mktemp)
I=0
awk -F: '/did not return/ { next; } { print $2; }' $KEY_LIST | sort | uniq -c \
awk -F: '/did not return/ { next; } { print $2; }' "$KEY_LIST" | sort | uniq -c \
| sed 's/^ *\([0-9]\+\) /\1\t/' > $IN
while IFS=$'\t' read -r -a ITEM ; do
N=${ITEM[0]}
KEY=$( echo ${ITEM[1]} | sed 's/^ *//' )
[[ ${#KEY} -gt 0 && ${KEY} != 'find' ]] || continue
KEY=$( echo -n "${ITEM[1]}" | sed 's/^ *//' )
[[ ${#KEY} -gt 0 && "${KEY}" != 'find' ]] || continue
printf "%3d) %s (%d hosts)\n" $I "$( brief_key $KEY )" "$N"
KEYS[$I]="$KEY"
I=$((I+1))
done < $IN > $OUT
pr -Tt -w $( tput cols ) --columns $(( $( tput cols ) / 50 )) $OUT
rm -f $IN
rm -f $OUT
rm -f "$IN"
rm -f "$OUT"
read -p 'Key numbers to remove, space separated: ' -a REM
......@@ -120,7 +120,7 @@ select_and_remove_keys() {
echo ${KEYS[$I]}
export KEY="${KEYS[$I]}"
yes_no_prompt "Proceed?" && {
KEY=$( echo $KEY | sed 's/^ *//;s/ *$//' | base64 -w0 )
KEY=$( echo -n "$KEY" | sed 's/^ *//;s/ *$//' | base64 -w0 )
timeout -k1 5 salt -t 5 '*' cmd.run "find /root /home -maxdepth 5 -path '*/.ssh/authorized_keys' -print0 | xargs -0 -n1 -I % bash -c 'TMP=\$(mktemp) && grep -Fxv -f <( echo $KEY | base64 -d ) \"%\" > \${TMP} && ( diff -q -c0 \${TMP} \"%\" || mv -v \${TMP} \"%\" ) ' "
}
done
......@@ -136,9 +136,9 @@ main() {
[[ ${FLAGS_report} = ${FLAGS_TRUE} ]] && key_report
[[ ${FLAGS_remove} = ${FLAGS_TRUE} ]] && select_and_remove_keys
rm -f $KEY_LIST
rm -f "$KEY_LIST"
echo "IMPORTANT NOTICE: Only hosts reachable via salt have been checked. Please check hosts not managed via salt manually (webis.uni-weimar.de, staff workstations) "
echo "IMPORTANT NOTICE: Only hosts reachable via salt have been checked. Please check hosts not managed via salt manually (webis.uni-weimar.de, staff workstations)"
}
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment