forked from henn/qubes-app-split-ssh
-
Notifications
You must be signed in to change notification settings - Fork 1
/
qubes.SshAgent
70 lines (54 loc) · 1.59 KB
/
qubes.SshAgent
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/sh
QUBES_SSH_DIRECTORY="$HOME/.qubes_ssh"
CLIENT="$QREXEC_REMOTE_DOMAIN"
if [ ! -d $QUBES_SSH_DIRECTORY ] ; then
echo "Directory '$QUBES_SSH_DIRECTORY' not found" 1>&2
exit 1
fi
TIMEOUT=10
DEFAULT_FILE="$QUBES_SSH_DIRECTORY/.$CLIENT.default"
DIALOG_TEXT="\"$CLIENT\" is requesting a ssh key"
# find_keys() finds all keys and
find_keys() {
KEYS_STRING=""
DEFAULT_KEY=$(cat $DEFAULT_FILE 2> /dev/null)
for KEY in $(find $QUBES_SSH_DIRECTORY -name '*.pub'); do
KEY_BASENAME=$(basename $KEY .pub)
# Default key will be already selected in prompt
if [ "$KEY_BASENAME" = "$DEFAULT_KEY" ] ; then
DEFAULT="True"
else
DEFAULT="False"
fi
KEYS_STRING="$KEYS_STRING $DEFAULT $KEY_BASENAME"
done
echo $KEYS_STRING
}
# Find keys, and exit if none found
KEYS=$(find_keys)
if [ -z "$KEYS" ] ; then
echo "No ssh keys found" 1>&2
exit 1
fi
# Prompt user for key selection
SELECTED=$(zenity --list --radiolist --title "SSH key selection" --text="$DIALOG_TEXT" --column=Select --column=Key $KEYS 2> /dev/null)
KEY_FILE=$QUBES_SSH_DIRECTORY/$SELECTED
# Exit if nothing selected
if [ -z $SELECTED ] ; then
exit 1
fi
# Save default key selection
echo $SELECTED > $DEFAULT_FILE
# Make sure ssh-add is happy with permissions
chmod 0700 $QUBES_SSH_DIRECTORY
chmod 0600 $QUBES_SSH_DIRECTORY/*
# Start ssh-agent, add key
eval $(umask 066; ssh-agent) > /dev/null
ssh-add $KEY_FILE > /dev/null
if [ $TIMEOUT -gt 0 ] ; then
timeout --foreground "$TIMEOUT" socat - UNIX-CONNECT:$SSH_AUTH_SOCK
else
socat - UNIX-CONNECT:$SSH_AUTH_SOCK
fi
# Clean up
kill $SSH_AGENT_PID 2> /dev/null