diff options
-rwxr-xr-x | bin/ssh-list-authorized-keys | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/bin/ssh-list-authorized-keys b/bin/ssh-list-authorized-keys index 5364ac2..9b2d795 100755 --- a/bin/ssh-list-authorized-keys +++ b/bin/ssh-list-authorized-keys @@ -1,7 +1,8 @@ #!/usr/bin/env ruby # Usage: ssh-list-authorized-keys [username] -# Copyright 2014, 2016 Luke Shumaker <lukeshu@sbcglobal.net>. +# Copyright 2014, 2016 Luke Shumaker <lukeshu@sbcglobal.net> +# Copyright 2019 bill-auger <bill-auger@programmer.net> # # This is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as @@ -17,25 +18,30 @@ # License along with this manual; if not, see # <http://www.gnu.org/licenses/>. + load "#{File.dirname(__FILE__)}/common.rb" -all_users = load_all_users.values -groupnames = ARGV & cfg["ssh_pseudo_users"] -usernames = ARGV & all_users.map{|u|u["username"]} +all_users = load_all_users.values +shared_logins = cfg['ssh_pseudo_users'] +query_logins = ARGV & (all_users .map { | user | user['username'] }) +query_groups = ARGV & (shared_logins.reject { | login | query_logins.include? login }) +authorized_keys = '' # Buffer the output to avoid EPIPE when the reader hangs up early +ssh_users = all_users.select do | user | + user_login = user['username'] + user_groups = user['groups' ] + user_keys = user['ssh_keys'] + has_shell_access = query_logins.include? user_login + has_push_access = ! (query_groups & user_groups).empty? + has_ssh_key = ! user_keys.nil? -users = all_users.find_all{|u| - # [ username was listed ] or [ the user is in a listed group ] - usernames.include?(u["username"]) or not (u["groups"] & groupnames).empty? -} + (has_shell_access || has_push_access) && has_ssh_key +end -# Buffer the output to avoid EPIPE when the reader hangs up early -output="" -users.each do |user| - if user["ssh_keys"] - user["ssh_keys"].each do |addr,key| - output+="#{key} #{user["fullname"]} (#{user["username"]}) <#{addr}>\n" - end - end +ssh_users.each do | user | + user['ssh_keys'].each_pair do | email , ssh_key | + authorized_keys += "#{ssh_key} #{user['fullname']} (#{user['username']}) <#{email}>\n" + end end -print output + +print authorized_keys |