[privacidea] Bash script to verify ssh-public-key delivery of privacyid3a and maybe more
21 views
Skip to first unread message
Der PCFreak
Mar 31, 2015, 9:33:38 AM3/31/15
to priva...@googlegroups.com
Hi all,
I wrote a simple bash script to test the delivery of ssh-public-keys via privacyid3a.
You can use it locally or on a remote machine to verify if the privacyid3a server acts as expected to your request.
With some little modifications (plausibility checks and security), this script might be used on remote machines (without privacyid3a installation) as a
replacement for 'privacyidea-authorizedkeys' in sshd_config to fetch public ssh-keys. It also might help on systems where it is not possible to install
all necessary python dependencies to use 'privacyidea-authorizedkeys'.
How to use it?
Open the script and edit this section to your needs (those are nearly identical with the ones in '/etc/privacyidea/authorizedkeyscommand':
#input parameters
server='privacyiedeaserver'
username='admin'
password='password'
hostname='hostname'
debug=0 # 0 or 1
For testing purpose you should enable debug (1).
Then use the script on a remote host that can reach the privacyid3a server on port 443 and you should get some results.
Of course on the privacyid3a side you have to configure ssh-keys for machine authentication first.
Feel free to modify this script or write feedback via the mailinglist.
Script is attached to this message.
Kind regards
Peter
P.S.
Sorry for any bugs, but this is how software evolves!
I wrote a simple bash script to test the delivery of ssh-public-keys via privacyid3a.
You can use it locally or on a remote machine to verify if the privacyid3a server acts as expected to your request.
With some little modifications (plausibility checks and security), this script might be used on remote machines (without privacyid3a installation) as a
replacement for 'privacyidea-authorizedkeys' in sshd_config to fetch public ssh-keys. It also might help on systems where it is not possible to install
all necessary python dependencies to use 'privacyidea-authorizedkeys'.
How to use it?
Open the script and edit this section to your needs (those are nearly identical with the ones in '/etc/privacyidea/authorizedkeyscommand':
#input parameters
server='privacyiedeaserver'
username='admin'
password='password'
hostname='hostname'
debug=0 # 0 or 1
For testing purpose you should enable debug (1).
Then use the script on a remote host that can reach the privacyid3a server on port 443 and you should get some results.
Of course on the privacyid3a side you have to configure ssh-keys for machine authentication first.
Feel free to modify this script or write feedback via the mailinglist.
Script is attached to this message.
Kind regards
Peter
P.S.
Sorry for any bugs, but this is how software evolves!
Cornelius Kölbel
Mar 31, 2015, 10:28:18 AM3/31/15
to priva...@googlegroups.com
Hi Peter,
looks good for clients, that do not run python but simple bash.
If you like to, you can add it to https://github.com/privacyidea/privacyidea/tree/master/tools and issue a pull request.
...or I will add it to the tools directory.
THanks a lot and kind regards
Cornelius
looks good for clients, that do not run python but simple bash.
If you like to, you can add it to https://github.com/privacyidea/privacyidea/tree/master/tools and issue a pull request.
...or I will add it to the tools directory.
THanks a lot and kind regards
Cornelius
--
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/551AA22F.10103%40pcfreak.de.
For more options, visit https://groups.google.com/d/optout.
Cornelius Kölbel
Apr 1, 2015, 2:39:01 AM4/1/15
to priva...@googlegroups.com
Hi,
I added it to the source tree.
https://github.com/privacyidea/privacyidea/blob/master/tools/privacyidea-fetchssh.sh
Kind regards
I added it to the source tree.
https://github.com/privacyidea/privacyidea/blob/master/tools/privacyidea-fetchssh.sh
Kind regards
Cornelius
Am 31.03.2015 um 15:33 schrieb Der
PCFreak:
Reply all
Reply to author
Forward
0 new messages