UNPKG

ssh-locksmith

Version:

Script to manage (add or delete) ssh keys for different users

github.com/smartprix/ssh-lockmith

smartprix/ssh-lockmith

75 lines (61 loc) 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
const {File, System, cfg, Vachan} = require('sm-utils'); const fs = require('fs'); // required for reading directory const nodemailer = require('nodemailer'); const authorizedKeysDir = cfg('authorizedKeysDir'); const transporter = nodemailer.createTransport({ sendmail: true, newline: 'unix', path: '/usr/sbin/sendmail', }); async function sendMail(email, user, pathToPrivateKey) { console.log(`Sending private key for ${user}@${cfg('hostname')} (will take some time...)`); return transporter.sendMail({ from: 'admin@smartprix.com', to: email, subject: `SSH Key to Login as ${user} user on ${cfg('hostname')}`, text: `This mail has your private SSH key attached with it. You can use it to login to ${cfg('hostname')} as "${user}".\n\nThe key is meant to be used by you and only you. Sharing or misusing of this key is strictly prohibited.`, attachments: [ { path: pathToPrivateKey, }, ], }); } async function addUserKeyFor(user, email) { const keyName = `${cfg('hostname', 'server')}_${user}`; await new File(`./${keyName}.pub`).rmrf(); await new File(`./${keyName}`).rmrf(); // generate key pair await System.exec(`ssh-keygen -t rsa -f ${keyName} -C "${email}" -N ""`); console.log('New key pair generated'); // copy public key to authorized_keys for const file = new File(`${authorizedKeysDir}/${user}`); const pubKey = new File(`./${keyName}.pub`); const priKey = new File(`./${keyName}`); await file.append(await pubKey.read()); console.log('Added key for user', user); await pubKey.rm(); // send private key to user via email await sendMail(email, user, priKey.realpathSync()); console.log('Sent mail to email', email); await priKey.rm(); } async function deleteUserKeyFor(user, email) { // delete authorized_keys entry in the given user for the given email await System.exec(`sed -i '/${email}/d' ${authorizedKeysDir}/${user}`); console.log(`Deleted keys for ${user} associated with ${email}`); } async function deleteAllKeysFor(email) { // delete authorized_keys entries in all users for the given email const existingUsers = fs.readdirSync(authorizedKeysDir); const result = await Vachan.promiseMap(existingUsers, async user => deleteUserKeyFor(user, email) ); console.log(`Deleted all keys associated with ${email}`); return result; } module.exports = { addUserKeyFor, deleteUserKeyFor, deleteAllKeysFor, };