#!/bin/bash ### Add RSA keys to the authorized_keys file of a given user ### Copyright (C) 2015 Rafael Laboissiere ### ### This program is free software; you can redistribute it and/or modify it under ### the terms of the GNU General Public License as published by the Free Software ### Foundation; either version 3 of the License, or (at your option) any later ### version. ### ### This program is distributed in the hope that it will be useful, but WITHOUT ### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more ### details. ### ### You should have received a copy of the GNU General Public License along with ### this program; if not, see . ### Get the program name prog=${0##*/} usage () { local status=$1 echo "Usage: $prog [-h] [-r] user file" >&$(($status + 1)) echo "Options:" >&$(($status + 1)) echo " -h show this usage notice" >&$(($status + 1)) echo " -r force read-only access" >&$(($status + 1)) echo "Arguments:" >&$(($status + 1)) echo " user the Git user to act upon" >&$(($status + 1)) echo " file the RSA public key to be added" >&$(($status + 1)) exit $status } ### Default value readonly=no ### Parse arguments args=$(getopt rh $*) eval set -- "$args" while true ; do case "$1" in -h) usage 0 ; exit ;; -r) readonly=yes ; shift ;; --) shift ; break ;; esac done ### Ensure that the correct number of arguments are given if [ $# != 2 ] ; then usage 1 fi ### Get Git user name and check its sanity user=$1 ret=false id -u $user >/dev/null 2>&1 && ret=true if [ $ret = false ] ; then echo "$prog:E: User $user does not exist. Add it first." 1>&2 exit 1 fi ### Get RSA file name and check its sanity rsaid=$2 type="OpenSSH RSA public key" if [ "$(file --brief $rsaid)" != "$type" ] ; then echo "$prog:E: File $rsaid is not of type '$type'." 1>&2 exit 1 fi ### Install the key(s) tmp=$(tempfile) if [ "$readonly" = yes ] ; then echo -n "command=\"read-only\" " > $tmp fi cat $rsaid >> $tmp home=$(getent passwd $user | cut -f6 -d:) cat $tmp >> $home/.ssh/authorized_keys rm $tmp