[privacidea] Bash script to verify ssh-public-key delivery of privacyid3a and maybe more

Hi all,

I wrote a simple bash script to test the delivery of ssh-public-keys via
privacyid3a.

You can use it locally or on a remote machine to verify if the
privacyid3a server acts as expected to your request.

With some little modifications (plausibility checks and security), this
script might be used on remote machines (without privacyid3a
installation) as a
replacement for ‘privacyidea-authorizedkeys’ in sshd_config to fetch
public ssh-keys. It also might help on systems where it is not possible
to install
all necessary python dependencies to use ‘privacyidea-authorizedkeys’.

How to use it?

Open the script and edit this section to your needs (those are nearly
identical with the ones in ‘/etc/privacyidea/authorizedkeyscommand’:

#input parameters
server='privacyiedeaserver
username='admin
password='password
hostname='hostname
debug=0 # 0 or 1

For testing purpose you should enable debug (1).

Then use the script on a remote host that can reach the privacyid3a
server on port 443 and you should get some results.

Of course on the privacyid3a side you have to configure ssh-keys for
machine authentication first.

Feel free to modify this script or write feedback via the mailinglist.

Script is attached to this message.

Kind regards

Peter

P.S.
Sorry for any bugs, but this is how software evolves!

Hi Peter,

looks good for clients, that do not run python but simple bash.

If you like to, you can add it to
https://github.com/privacyidea/privacyidea/tree/master/tools and issue a
pull request.
…or I will add it to the tools directory.

THanks a lot and kind regards
CorneliusAm 31.03.2015 um 15:33 schrieb Der PCFreak:

Hi all,

I wrote a simple bash script to test the delivery of ssh-public-keys
via privacyid3a.

You can use it locally or on a remote machine to verify if the
privacyid3a server acts as expected to your request.

With some little modifications (plausibility checks and security),
this script might be used on remote machines (without privacyid3a
installation) as a
replacement for ‘privacyidea-authorizedkeys’ in sshd_config to fetch
public ssh-keys. It also might help on systems where it is not
possible to install
all necessary python dependencies to use ‘privacyidea-authorizedkeys’.

How to use it?

Open the script and edit this section to your needs (those are nearly
identical with the ones in ‘/etc/privacyidea/authorizedkeyscommand’:

#input parameters
server='privacyiedeaserver
username='admin
password='password
hostname='hostname
debug=0 # 0 or 1

For testing purpose you should enable debug (1).

Then use the script on a remote host that can reach the privacyid3a
server on port 443 and you should get some results.

Of course on the privacyid3a side you have to configure ssh-keys for
machine authentication first.

Feel free to modify this script or write feedback via the mailinglist.

Script is attached to this message.

Kind regards

Peter

P.S.
Sorry for any bugs, but this is how software evolves!


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/551AA22F.10103%40pcfreak.de
https://groups.google.com/d/msgid/privacyidea/551AA22F.10103%40pcfreak.de?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi,
I added it to the source tree.

https://github.com/privacyidea/privacyidea/blob/master/tools/privacyidea-fetchssh.sh

Kind regards
CorneliusAm 31.03.2015 um 15:33 schrieb Der PCFreak:

Hi all,

I wrote a simple bash script to test the delivery of ssh-public-keys
via privacyid3a.

You can use it locally or on a remote machine to verify if the
privacyid3a server acts as expected to your request.

With some little modifications (plausibility checks and security),
this script might be used on remote machines (without privacyid3a
installation) as a
replacement for ‘privacyidea-authorizedkeys’ in sshd_config to fetch
public ssh-keys. It also might help on systems where it is not
possible to install
all necessary python dependencies to use ‘privacyidea-authorizedkeys’.

How to use it?

Open the script and edit this section to your needs (those are nearly
identical with the ones in ‘/etc/privacyidea/authorizedkeyscommand’:

#input parameters
server='privacyiedeaserver
username='admin
password='password
hostname='hostname
debug=0 # 0 or 1

For testing purpose you should enable debug (1).

Then use the script on a remote host that can reach the privacyid3a
server on port 443 and you should get some results.

Of course on the privacyid3a side you have to configure ssh-keys for
machine authentication first.

Feel free to modify this script or write feedback via the mailinglist.

Script is attached to this message.

Kind regards

Peter

P.S.
Sorry for any bugs, but this is how software evolves!


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/551AA22F.10103%40pcfreak.de
https://groups.google.com/d/msgid/privacyidea/551AA22F.10103%40pcfreak.de?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.