#!/bin/bash PROGNAME=`basename $0` DEFAULT_PATH="/usr/local/bin/" AUX_SCRIPT_PATH="/usr/local/bin/" LOCAL=`hostname` KEYTYPE=rsa # ============================= Functions ============================ ############################## Debugging Functions ###################### function BUGPAUSE { echo " " echo "-----------------------------------------------------------" echo " MANUAL BUG CHECK!" echo " Is the program doing what you expect? Please " echo " review preceeding output for correctness. Thank you." echo "-----------------------------------------------------------" echo " " echo "Args so far:" echo "KEYTYPE: $KEYTYPE " echo "DEFAULT_PATH: $DEFAULT_PATH " echo "AUX_SCRIPT_PATH: $AUX_SCRIPT_PATH" echo "GETHOST: $GETHOST " echo " " ask "Continue? [Y/n]" y if [ $? -ne 0 ]; then { exit 100 } fi } #### #### # # Error Handler. # #### #### function ERROR { echo " " echo " " echo "----------------" echo "| ABEND: Code $1 |" echo "--------------------------------------------------------------------------" echo "| Bummer! An error occurred!" echo "| Don't you just hate it when..." echo "|${2}?" echo "|_________________________________________________________________________" } #### #### # # - SYNTAX -------- Bet you cannot guess what this does. # #### #### function SYNTAX { MORE "Do you wish to view the Syntax for `VERSION`" y echo "SYNTAX: Program $PROGNAME" echo " " MORE "Do you wish to continue?" y echo "NOTES: " echo " " MORE "Do you wish to continue?" y echo "NOTES:" echo " " echo "**** End of help. Don't you wish there was more? ****" echo "Strike a key to exit help." read DUMMY return } #### #### # # MORE # #### #### function MORE() { ask "$1 [y/n]" $2 if [ $? -eq 0 ]; then return else exit 0 fi } #### #### # # - CHECKCMD --------- Locates the system cammands used by this script.------- # This makes sure the commands we need exist. If a command is missing, # this function will cause the script to abort. # #### #### function CHECKCMD { # Check for required *NIX executable commands. echo "---->In CHECKCMD...." for i in id seq echo hostname touch cp mv rm rsync do_massdo ask; do which $i; if [ $? -ne 0 ]; then ERROR 1 "the command $i is missing from the system: Error in CHECKCMD" exit 1 fi; done ## Check for individual specifically required files if [ -f ${AUX_SCRIPT_PATH}do_ssh_hosts ]; then echo "${AUX_SCRIPT_PATH}do_ssh_hosts found. Proceeding." else ERROR 2 "the ${AUX_SCRIPT_PATH}do_ssh_hosts file is missing: Error 2 in CHECKCMD" exit 2 fi if [ -f ${DEFAULT_PATH}do_massdo ]; then echo "${DEFAULT_PATH}do_massdo found. Proceeding." else ERROR 3 "the ${DEFAULT_PATH}do_massdo file is missing: Error 3 in CHECKCMD" exit 3 fi } #### #### # # CHECK_HOST ----Aborts the program if the hostname keyfile is missing. # #### #### function CHECK_HOST() { AUTHORIZED_BACKUP_HOST=`cat /root/bin/authorized_hostkey` if [ $AUTHORIZED_BACKUP_HOST = `hostname` ]; then { echo "Host $AUTHORIZED_BACKUP_HOST validated." } else { ERROR 20 "you try to run Snapback on an unauthorized backup host: Error 20 in CHECK_HOST" exit 20 } fi } #### #### # # - R_U_ROOT ----- Aborts the program if the person running it is not root. # #### #### function R_U_ROOT { ID=`id -u` if [ $ID -ne 0 ]; then { echo "$PROGNAME is a potentially dangerous program." echo "Therefore it is only to be run by the root user." echo "You appear to be running it as `id -nu`." echo "Please try again as root or have the system administrator run" echo "$PROGNAME for you." ERROR 10 "you forget to log in as root first: Error 10 in R_U_ROOT" exit 10 } fi } #### #### # # - GETARGS ----------- Converts command-line args to appropriate parameters. Otherwise, # it prompts for the necessary arguments. # #### #### function GETARGS { echo "IN GETARGS...." if [ -z $1 ]; then { ask "Do you wish a DSA key? (default is RSA) [y/N]" n if [ $? -eq 0 ]; then KEYTYPE=dsa else KEYTYPE=rsa fi } else { case "$1" in dsa|DSA|-d|-D|d|D|-dsa|-DSA|--dsa|--DSA) KEYTYPE=dsa ;; *) KEYTYPE=rsa ;; esac } fi } #### #### # # Reports the version for this program. # #### #### function VERSION { echo "$PROGNAME Version 11192k3-a, NEWSCRIPT Version 11132k3-a" } #### #### # # SSH2 Key Generation and Acquisition. # #### #### function SSH_KEY_GENERATION { echo "====================================" echo " SSH2 KEY GENERATION AND AQUISITION" echo "====================================" i=0 for GETHOST in `cat ${AUX_SCRIPT_PATH}do_ssh_hosts`; do { clear i=`expr $i + 1` echo "Iteration #: $i: Processing: $GETHOST" ask "Do you REALLY want to generate a new key for $GETHOST [y/N]?" n if [ $? -eq 0 ]; then { echo "Generating key..." ssh $GETHOST ssh-keygen -t $KEYTYPE } else echo "Will use existing key from $GETHOST." fi echo "Acquiring public key from $GETHOST..." scp $GETHOST:~/.ssh/id_${KEYTYPE}.pub ~/.ssh/$GETHOST.id_${KEYTYPE}_pub } done } #### #### # # MASTER_KEY_FILE_COMPILATION # #### #### function COMPILE_MASTERKEYS { echo "===============================" echo " COMPILING MASTER KEYS" echo "===============================" echo "Nuking old masterkey file of name $MASTER_AUTHKEYS2" rm ~/.ssh/$MASTER_AUTHKEYS2 for FILE in `echo *.id_${KEYTYPE}_pub`; do { cat ~/.ssh/$FILE >>~/.ssh/$MASTER_AUTHKEYS2 if [ $? -ne 0 ]; then ERROR 50 "compilation of $MASTER_AUTHKEYS2 fails: Error 50 in COMPILE_MASTERHOSTS()" exit 50 fi } done } #### #### # # DISSEMINATE_NEW_MASTERKEYS_FILES # #### #### function DISSEMINATE_MASTERKEYS { echo "=================================================================" echo " DISSEMINATING MASTER KEYS" echo " Populating cluster with new masterkeys file for user `whoami`." echo " Optionally removing existing known_hosts file. . ." echo "=================================================================" echo "This will disseminate copies of the $MASTER_AUTHKEYS2 file to each" echo "node specified in the ${AUX_SCRIPT_PATH}do_ssh_hosts file" i=0 ask "Do you wish to proceed? [Y/n]" y if [ $? -eq 0 ]; then { for GETHOST in `cat ${AUX_SCRIPT_PATH}do_ssh_hosts`; do { clear i=`expr $i + 1` echo "Iteration #: $i: Sending master keys to $GETHOST:" scp ~/.ssh/$MASTER_AUTHKEYS2 $GETHOST:~/.ssh/authorized_keys2 echo "This will remove the existing .ssh/known_hosts." ask "Do you wish to proceed [Y/n]?" y if [ $? -eq 0 ]; then { echo "Removing .ssh/known_hosts on $GETHOST." ssh $GETHOST rm ~/.ssh/known_hosts } else echo "I am not touching .ssh/known_hosts on $GETHOST." fi echo "======>>> RESTARTING SSH on $GETHOST. <<<======" ssh $GETHOST "test -f /etc/debian_version" if [ $? -eq 0 ]; then { echo " " echo "======================================" echo "DEBIAN SSH DAEMON RESTART in PROGRESS!" echo "======================================" ssh root@$GETHOST /etc/init.d/ssh restart if [ $? -ne 0 ]; then ERROR 60 "we couldn't restart ssh on $GETHOST (Error 60 in DISSEMINATE_MASTERKEYS()" fi } else { echo " " echo "=========================================" echo "RPM-based SSH DAEMON RESTART in PROGRESS!" echo "=========================================" ssh root@$GETHOST /etc/init.d/sshd restart if [ $? -ne 0 ]; then ERROR 61 "we couldn't restart sshd on $GETHOST (error 61 in DISSEMINATE_MASTERKEYS()" fi } fi ask "Continue with the next host [Y/n]?" y if [ $? -eq 0 ]; then echo "Proceeding...." else { echo "Aborting per your request at host $GETHOST." exit 62 } fi } done } else { echo "Cancelling Dissemination of Master Keys at your request." echo "NO master keys file was replicated." exit 63 } fi } #### #### # # ACQUAINTING--REGISTERING HOSTS WITH EACH OTHER. # #### #### function ACQUAINT { echo "=====================================================================" echo " ACQUAINT" echo "Many thanks to Peter Cordes for his suggestion that I use ssh-keyscan" echo "to automate what was once an annoyingly manual procedure." echo " " echo "This process will \"register\" each host with all the others so that " echo "it becomes possible to log in to them without being prompted to add " echo "each host to the known_hosts file." echo " " echo "This process will update both /etc/ssh/ssh_known_hosts" echo "and the local ~/.ssh/known_hosts on each machine." echo "=====================================================================" echo " " ask "Shall I proceed with the updates to /etc/ssh/ssh_known_hosts [Y/n]" y if [ $? -eq 0 ]; then { do_massdo "ssh-keyscan -t dsa,rsa -f ${AUX_SCRIPT_PATH}do_ssh_hosts | sort -u > /etc/ssh/ssh_known_hosts2" do_massdo "ssh-keyscan -t $KEYTYPE -f ${AUX_SCRIPT_PATH}do_ssh_hosts | sort -u > ~/.ssh/known_hosts" } fi } #======================================= No more functions. ========== ############################################################################# ################################# #################################### ################################# MAIN #################################### ################################# #################################### ############################################################################# case "$1" in v|V|-v|-V|--version|--VERSION|--Version|-version|-Version|-VERSION--ver|--Ver|--VER|-ver|-Ver|-VER) VERSION exit 0 ;; h|H|-h|-H|--help|--HELP|--Help|HELP|help|Help|-help|-HELP|-Help) SYNTAX exit 0 ;; esac #CHECK_HOST R_U_ROOT VERSION CHECKCMD GETARGS $1 echo "IN MAIN-------->>>>>>>" echo "What would you like to name the masterkeys template file?" read MASTER_AUTHKEYS2 cd ~/.ssh touch ~/.ssh/$MASTER_AUTHKEYS2 echo "We are working with ~/.ssh/$MASTER_AUTHKEYS2." SSH_KEY_GENERATION COMPILE_MASTERKEYS DISSEMINATE_MASTERKEYS ACQUAINT echo "End run--------------<<<<<<<".