You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
2.7 KiB
83 lines
2.7 KiB
#!/bin/bash
|
|
# info: add user sftp key
|
|
# options: USER [TTL]
|
|
#
|
|
# This function creates and updates SSH keys for used with the File Manager.
|
|
|
|
#----------------------------------------------------------#
|
|
# Variables & Functions #
|
|
#----------------------------------------------------------#
|
|
|
|
# Argument definition
|
|
user=$1
|
|
ttl=$2
|
|
|
|
# Includes
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
|
source /etc/hestiacp/hestia.conf
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
|
source $HESTIA/func/main.sh
|
|
# load config file
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '1' "$#" 'USER [TTL]'
|
|
is_format_valid 'user' 'ttl'
|
|
is_object_valid 'user' 'USER' "$user"
|
|
|
|
# Perform verification if read-only mode is enabled
|
|
check_hestia_demo_mode
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
PRVKEY_FILE="$HOMEDIR/$user/.ssh/hst-filemanager-key"
|
|
PUBKEY_FILE="$HOMEDIR/$user/.ssh/hst-filemanager-key.pub"
|
|
AUTHKEY_FILE="$HOMEDIR/$user/.ssh/authorized_keys"
|
|
|
|
[ -z "$(readlink -f "$PRVKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result "$E_FORBIDEN" "Invalid private key file path"
|
|
[ -z "$(readlink -f "$PUBKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result "$E_FORBIDEN" "Invalid public key file path"
|
|
[ -z "$(readlink -f "$AUTHKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result "$E_FORBIDEN" "Invalid authorized keys path"
|
|
|
|
if [ ! -f "${PRVKEY_FILE}" ]; then
|
|
ssh-keygen -q -t rsa-sha2-512 -b 4096 -f "${PRVKEY_FILE}" -N ""
|
|
rm "${PUBKEY_FILE}"
|
|
new_privkey=true
|
|
fi
|
|
|
|
if [ ! -f "${AUTHKEY_FILE}" ] || [ "$new_privkey" = true ]; then
|
|
pubkey_str="$(ssh-keygen -y -f ${PRVKEY_FILE})"
|
|
pubkey_desc="filemanager.ssh.key"
|
|
|
|
if grep --quiet --no-messages -F "$pubkey_desc" "${AUTHKEY_FILE}"; then
|
|
sed -i "/filemanager\.ssh\.key\$/d" "${AUTHKEY_FILE}"
|
|
fi
|
|
|
|
# make sure authorized_keys is ending with EOL
|
|
[ -f "${AUTHKEY_FILE}" ] && sed -i '$a\' "${AUTHKEY_FILE}"
|
|
|
|
expire=0
|
|
if [[ "$ttl" -gt 0 ]]; then
|
|
expire=$(date +%s -d "+${ttl} min")
|
|
echo "rm ${PRVKEY_FILE}" | at "now +${ttl} minute" > /dev/null 2>&1
|
|
fi
|
|
echo "from=\"127.0.0.1\",command=\"internal-sftp\",restrict ${pubkey_str} TS:${expire} ${pubkey_desc}" >> "${AUTHKEY_FILE}"
|
|
fi
|
|
|
|
#
|
|
chown ${user}: "${AUTHKEY_FILE}"
|
|
chown admin: "${PRVKEY_FILE}"
|
|
|
|
#----------------------------------------------------------#
|
|
# Hestia #
|
|
#----------------------------------------------------------#
|
|
|
|
# Logging
|
|
log_event "$OK" "$ARGUMENTS"
|
|
|
|
exit
|