[dundee] Pushing SSH Certs

Kris Davidson davidson.kris at gmail.com
Fri Nov 27 13:40:24 UTC 2009 

ssh-copy-id does something similar for single hosts:

------------------------------------------------------------
#!/bin/sh

# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/id_rsa.pub"

if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat ${ID_FILE}"
fi

if [ -z "`eval $GET_ID`" ]; then
  echo "$0: ERROR: No identities found" >&2
  exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
  exit 1
fi

{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir
.ssh ; cat >> .ssh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '${1%:}'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF
------------------------------------------------------------

I've always been meaning to modify it. Lets see bash snippets and
command lines I like:

Secure files and directories:

find -type f -exec chmod 600 {} \;
find -type d -exec chmod 711 {} \;

Commands I use the most often:

history | awk '{a[$2]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head

Connection graph:

netstat -an | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print
$1}' | sort | uniq -c | awk '{ printf("%s\t%s\t",$2,$1) ; for (i = 0;
i < $1; i++) {printf("*")}; print "" }'

The Matrix!

tr -c "[:digit:]" " " < /dev/urandom | dd cbs=$COLUMNS conv=unblock |
GREP_COLOR="1;32" grep --color "[^ ]"

I found this somewhere and  use this as an alarm clock especially if
my sleeping is messed up:

------------------------------------------------------------
#!/bin/sh

# Configuration
INDNUM=2
MAXFREQ=8000
MINFREQ=1000
STEP=500
LENGTH=25
DELAY=0
REPS=10

LOOP=0
while [ "$LOOP" -lt "$REPS" ]
    do
    I=$MAXFREQ
    while [ "$I" -gt "$MINFREQ" ]
        do
        beep -r $INDNUM -f $I -l $LENGTH -d $DELAY
        I=`expr "$I" - "$STEP"`
    done
    I=$MINFREQ
    while [ "$I" -lt "$MAXFREQ" ]
        do
        beep -r $INDNUM -f $I -l $LENGTH -d $DELAY
        I=`expr "$I" + "$STEP"`
    done
    LOOP=`expr "$LOOP" + 1`
    beep -r 5 -f 2000 -d 200
    beep -r 5 -f 2100 -d 200
    beep -r 5 -f 2000 -d 200
    beep -r 5 -f 2100 -d 200
    sleep 10
done
------------------------------------------------------------

Kris

More information about the dundee mailing list