4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/add-ssh-key.sh
Nicolas Cantu 74cd0050d8 readme
2026-03-21 17:43:45 +01:00

143 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Add SSH public key to ~/.ssh/authorized_keys on infrastructure hosts.
#
# Modes (pick one):
# ADD_KEY_LOCAL=1 — you are already SSH'd on the target host (e.g. 192.168.1.164): only
# update the current user's ~/.ssh/authorized_keys on this machine.
# LAN_DIRECT=1 — same LAN as hosts: ssh BACKEND_USER@192.168.1.x directly (no ProxyJump,
# no 4nk.myftp.biz). Host list includes proxy .100, backends, and .164.
# (default) — bastion JUMP then ProxyJump to each backend (Internet / standard doc).
#
# The key embedded below (desk@desk) is what gets appended remotely; client auth uses your
# existing keys (SSH_IDENTITY_FILE / agent).
#
# Run as the SSH user, not root: sudo uses /root/.ssh and causes Permission denied (publickey).
#
# Optional env:
# BACKEND_USER=ncantu
# JUMP=ncantu@4nk.myftp.biz # default jump host when LAN_DIRECT is unset
# SSH_IDENTITY_FILE=~/.ssh/id_ed25519
# SSH_VERBOSE=1
# EXTRA_LAN_IPS="192.168.1.42 ..." # space-separated, appended when LAN_DIRECT=1
# Usage:
# ADD_KEY_LOCAL=1 ./add-ssh-key.sh
# LAN_DIRECT=1 ./add-ssh-key.sh
set -euo pipefail
SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyLeCZh0tJ7rEp1sktpMlA2EaBBKBU5jNRMgboYAOsk desk@desk"
KEY_FINGERPRINT="AAAAC3NzaC1lZDI1NTE5AAAAIDyLeCZh0tJ7rEp1sktpMlA2EaBBKBU5jNRMgboYAOsk"
JUMP="${JUMP:-ncantu@4nk.myftp.biz}"
BACKEND_USER="${BACKEND_USER:-ncantu}"
BACKEND_IPS=(
"192.168.1.101" # test
"192.168.1.102" # pprod
"192.168.1.103" # prod
"192.168.1.104" # services
"192.168.1.105" # bitcoin
"192.168.1.173" # ia
)
LAN_IPS=(
"192.168.1.100" # proxy
"${BACKEND_IPS[@]}"
"192.168.1.164" # workstation / host 164 on LAN
)
SSH_OPTS=(
-o StrictHostKeyChecking=accept-new
)
if [ -n "${SSH_IDENTITY_FILE:-}" ]; then
idf="${SSH_IDENTITY_FILE/#\~/$HOME}"
SSH_OPTS+=(-i "$idf" -o IdentitiesOnly=yes)
fi
if [ -n "${SSH_VERBOSE:-}" ]; then
SSH_OPTS+=(-v)
fi
if [ "$(id -u)" -eq 0 ]; then
echo "Do not run this script with sudo/root: SSH will use /root/.ssh and fail with Permission denied (publickey)." >&2
exit 1
fi
add_key_to_current_user() {
local auth="${HOME}/.ssh/authorized_keys"
mkdir -p "${HOME}/.ssh"
chmod 700 "${HOME}/.ssh"
touch "${auth}"
chmod 600 "${auth}"
if ! grep -qF "${KEY_FINGERPRINT}" "${auth}" 2>/dev/null; then
printf '%s\n' "${SSH_KEY}" >> "${auth}"
echo "Key added (local user $(whoami)@$(hostname -f 2>/dev/null || hostname))"
else
echo "Key already present (local user $(whoami)@$(hostname -f 2>/dev/null || hostname))"
fi
}
run_add_key_remote() {
local -a ssh_cmd=("$@")
"${ssh_cmd[@]}" bash -s <<EOF
set -euo pipefail
KEY_FINGERPRINT='${KEY_FINGERPRINT}'
KEY_LINE='${SSH_KEY}'
AUTH="\${HOME}/.ssh/authorized_keys"
mkdir -p "\${HOME}/.ssh"
chmod 700 "\${HOME}/.ssh"
touch "\${AUTH}"
chmod 600 "\${AUTH}"
if ! grep -qF "\${KEY_FINGERPRINT}" "\${AUTH}" 2>/dev/null; then
printf '%s\n' "\${KEY_LINE}" >> "\${AUTH}"
echo "Key added"
else
echo "Key already present"
fi
EOF
}
if [ "${ADD_KEY_LOCAL:-0}" = "1" ]; then
echo "ADD_KEY_LOCAL=1: updating authorized_keys for current user only."
echo "Key: $SSH_KEY"
echo "Host: $(hostname) (${USER})"
add_key_to_current_user
exit 0
fi
if [ "${LAN_DIRECT:-0}" = "1" ]; then
echo "LAN_DIRECT=1: direct SSH on LAN (no ProxyJump / no bastion hostname)."
echo "Key: $SSH_KEY"
echo "User: ${BACKEND_USER}"
if [ -n "${EXTRA_LAN_IPS:-}" ]; then
# shellcheck disable=SC2206
extra_ips=( ${EXTRA_LAN_IPS} )
LAN_IPS+=( "${extra_ips[@]}" )
fi
for ip in "${LAN_IPS[@]}"; do
echo ""
echo "Processing: ${BACKEND_USER}@${ip}"
run_add_key_remote ssh "${SSH_OPTS[@]}" "${BACKEND_USER}@${ip}"
done
echo ""
echo "SSH key addition completed (LAN direct)."
exit 0
fi
echo "Adding SSH key to all servers (bastion + ProxyJump)..."
echo "Key: $SSH_KEY"
echo "Jump: $JUMP"
echo ""
echo "Processing bastion (proxy): ${JUMP}"
run_add_key_remote ssh "${SSH_OPTS[@]}" "$JUMP"
echo ""
for ip in "${BACKEND_IPS[@]}"; do
echo "Processing backend: ${BACKEND_USER}@${ip} (via ${JUMP})"
run_add_key_remote ssh "${SSH_OPTS[@]}" -J "$JUMP" "${BACKEND_USER}@${ip}"
echo ""
done
echo "SSH key addition completed for bastion and all listed backends."
Reference in New Issue View Git Blame Copy Permalink