blob: c9674af353d68498ed8e4d83331cfbc9d54341fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/bin/bash
user=$1
pub_file=$2
if [ "$user" == "" ]; then
echo "Invalid User";
exit 1;
fi
if [ "$pub_file" == "" ]; then
echo "Invalid pub file";
exit 1;
fi
home_dir=`getent passwd $user | cut -d ':' -f 6`;
if [ "$home_dir" == "" ]; then
echo "Invalid home dir";
exit 1;
fi
authorized_keys_file=$(cat /etc/ssh/sshd_config | \
grep -e "^AuthorizedKeysFile" | \
awk '{print $2}' | tail -1);
# If not set, use default location
if [ "x$authorized_keys_file" == "x" ]; then
authorized_keys_file="%h/.ssh/authorized_keys"
fi
# If default location
if [ "$authorized_keys_file" == ".ssh/authorized_keys" ]; then
authorized_keys_file="%h/$authorized_keys_file"
fi
# Replace %u with user name (ex: /etc/ssh/keys/%u/authorized_keys)
authorized_keys_file="${authorized_keys_file//%u/$user}";
# Replace %h with home dir (ex: %h/.ssh/authorized_keys)
authorized_keys_file="${authorized_keys_file//%h/$home_dir}";
ssh_dir=$(dirname $authorized_keys_file);
if [ ! -d $ssh_dir ]; then
mkdir $ssh_dir;
chmod 700 $ssh_dir;
chown $user: $ssh_dir;
fi
if [ ! -d $authorized_keys_file ]; then
touch $authorized_keys_file;
chmod 600 $authorized_keys_file;
chown $user: $authorized_keys_file;
fi
# Restore SELinux security contexts. This is required
# for passwdless SSH to work.
if type restorecon >/dev/null 2>&1; then
restorecon -F $ssh_dir $authorized_keys_file;
fi
# Add to authorized_keys file only if not exists already
while read line
do
grep -Fxq "$line" $authorized_keys_file;
[ $? -ne 0 ] && echo "$line" >> $authorized_keys_file;
done < "$GLUSTERD_WORKDIR"/$pub_file;
exit 0;
|
