forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathv-add-user-sftp-key
More file actions
executable file
·88 lines (63 loc) · 2.75 KB
/
v-add-user-sftp-key
File metadata and controls
executable file
·88 lines (63 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash
# info: add user sftp key
# options: USER [TTL]
# labels: hestia
#
# The script creates and updates ssh key for filemanager usage
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
ttl=$2
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'USER [TTL]'
is_format_valid 'user' 'ttl'
is_object_valid 'user' 'USER' "$user"
# Perform verification if read-only mode is enabled
check_hestia_demo_mode
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
PRVKEY_FILE="$HOMEDIR/$user/.ssh/hst-filemanager-key"
PUBKEY_FILE="$HOMEDIR/$user/.ssh/hst-filemanager-key.pub"
AUTHKEY_FILE="$HOMEDIR/$user/.ssh/authorized_keys"
[ -z "$(readlink -f "$PRVKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result $E_FORBIDEN "Invalid private key file path"
[ -z "$(readlink -f "$PUBKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result $E_FORBIDEN "Invalid public key file path"
[ -z "$(readlink -f "$AUTHKEY_FILE" | egrep "^$HOMEDIR/$user/.ssh/")" ] && check_result $E_FORBIDEN "Invalid authorized keys path"
if [ ! -f "${PRVKEY_FILE}" ]; then
ssh-keygen -q -b 1024 -t rsa -f "${PRVKEY_FILE}" -N ""
rm "${PUBKEY_FILE}"
new_privkey=true
fi
if [ ! -f "${AUTHKEY_FILE}" ] || [ "$new_privkey" = true ]; then
pubkey_str="$(ssh-keygen -y -f ${PRVKEY_FILE})"
pubkey_desc="filemanager.ssh.key"
if grep --quiet --no-messages -F "$pubkey_desc" "${AUTHKEY_FILE}"; then
sed -i "/filemanager\.ssh\.key\$/d" "${AUTHKEY_FILE}"
fi
# make sure authorized_keys is ending with EOL
[ -f "${AUTHKEY_FILE}" ] && sed -i '$a\' "${AUTHKEY_FILE}"
expire=0
if [[ "$ttl" -gt 0 ]]; then
expire=$(date +%s -d "+${ttl} min")
echo "rm ${PRVKEY_FILE}" | at "now +${ttl} minute" > /dev/null 2>&1
fi
echo "from=\"127.0.0.1\",command=\"internal-sftp\",restrict ${pubkey_str} TS:${expire} ${pubkey_desc}" >> "${AUTHKEY_FILE}"
fi
#
chown ${user}: "${AUTHKEY_FILE}"
chown admin: "${PRVKEY_FILE}"
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit