#!/bin/sh set -e set -u cmd_http_get="curl ${CURL_OPTS:-} --max-time 15 --proto =https --tlsv1.2 -fsS" if ! command -v curl > /dev/null; then cmd_http_get="wget ${WGET_OPTS:-} --secure-protocol=TLSv1_2 --secure-protocol=TLSv1_3 --timeout=15 -o /dev/null -O -" fi fn_init_authorized_keys() { ( if ! test -e ~/.ssh/; then mkdir -p ~/.ssh/ fi chmod 0700 ~/.ssh/ if ! test -e ~/.ssh/authorized_keys; then touch ~/.ssh/authorized_keys fi chmod 0600 ~/.ssh/authorized_keys ); } fn_ssh_keys() { ( my_key_uri="${1:-}" # Handle keys as a URL, a file, or string my_keys="${my_key_uri}" case "${my_key_uri}" in http:*) echo "please use 'https://' for ssh public key urls" return 1 ;; https:*) my_keys="$( ${cmd_http_get} "${my_key_uri}" )" ;; *) if test -e "${my_key_uri}"; then my_keys="$( cat "${my_key_uri}" )" fi ;; esac # printf for proper whitespace handling printf '%s' "${my_keys}" ); } main() { ( my_keything="${1:-}" my_comment="${2:-}" fn_init_authorized_keys if test -z "${my_keything:-}"; then echo "" echo "USAGE" echo "" echo " ssh-authorize [comment]" echo "" echo "EXAMPLES" echo "" echo " ssh-authorize https://github.com/you.keys 'My GH Keys'" echo "" echo " ssh-authorize ./id_rsa.you@example.co.pub" echo "" echo " ssh-authorize 'ssh-rsa AAAA...example.co'" echo "" echo "LOCAL IDENTIFY FILES" echo "" for my_file in ~/.ssh/*.pub; do if test "${my_file}" = "$HOME/.ssh/*.pub"; then echo " (no files match ~/.ssh/*.pub)" break fi printf ' %s\n' "${my_file}" done echo "" return 1 fi my_pubkeys="" if test -n "${my_keything}"; then my_pubkeys="$( fn_ssh_keys "${my_keything}" )" else # if ! command -v ssh-pubkey > /dev/null; then # { # echo "" # echo "ERROR" # echo " no key string, file, or url was given," # echo " and 'ssh-pubkey' is not installed." # echo "" # echo "SOLUTION" # echo " provide a valid key string, file or url," # echo " or 'curl https://webi.sh/ssh-pubkey | sh'" # echo " to install 'ssh-pubkey'" # echo "" # } >&2 # # return 1 # fi # Get the default key (for authorizing self) my_pubkeys="$( ssh-pubkey 2> /dev/null )" fi # Clean up non-key lines, preserving comments and newlines my_pubkeys_safe="$( printf '%s' "${my_pubkeys}" | grep -E '^(#|\s*$|(ssh|ecdsa)-[a-zA-Z0-9-]+ AAA)' )" my_pubkeys_trimmed="$( printf '%s' "${my_pubkeys}" | grep -E '^(ssh|ecdsa)-[a-zA-Z0-9-]+ AAA' )" my_pubkeys_excluded="$( printf '%s' "${my_pubkeys}" | grep -v -E '^(#|\s*$|(ssh|ecdsa)-[a-zA-Z0-9-]+ AAA)' || true )" if test -z "${my_pubkeys_trimmed}"; then { echo "" echo "ERROR" echo " not a valid key string, file, or url:" echo " '${my_keything}'" echo "" echo "SOLUTION" echo " inspect the file / url / string, double" echo " check that you copied correctly, etc" echo "" } >&2 return 1 fi { if test -n "${my_comment}"; then printf '# %s\n' "${my_comment}" fi printf '%s\n' "${my_pubkeys_safe}" } | tee -a ~/.ssh/authorized_keys echo "" echo "Successfully copied the above ssh keys to ~/.ssh/authorized_keys" if test -n "${my_pubkeys_excluded}"; then { echo "" echo "WARNING: the following (invalid) lines were excluded:" echo "" echo "${my_pubkeys_excluded}" echo "" } >&2 fi ); } if test -z "${SSH_AUTHORIZE_UNIT_TEST:-}"; then main "${@:-}" fi