infra
/
pass-sshkeys
mirror of https://github.com/malarinv/pass-sshkeys.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: pass connect command

main
Malar Invention 2025-03-24 01:06:41 +05:30
parent f42e8b5901
commit 0ee5b71b64
1 changed files with 78 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
sshkeys.bash
View File

@ -9,7 +9,10 @@ PASS_DIR="$PASSWORD_STORE_DIR"
VERBOSE=0 VERBOSE=0
# Helper functions # Helper functions
die() { echo "Error: $*" >&2; exit 1; } die() {
echo "Error: $*" >&2
exit 1
}
debug() { [[ $VERBOSE -eq 1 ]] && echo "DEBUG: $*" >&2; } debug() { [[ $VERBOSE -eq 1 ]] && echo "DEBUG: $*" >&2; }
yesno() { yesno() {
local answer local answer
@ -95,7 +98,8 @@ cmd_import_with_deps() {
local identity_files=() local identity_files=()
local identity_paths=() local identity_paths=()
for line in "${host_block[@]}"; do for line in "${host_block[@]}"; do
if [[ "$line" =~ ^[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then debug "Checking line for IdentityFile: $line"
if [[ "$line" =~ ^[[:space:]]*[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then
identity_file="${BASH_REMATCH[1]}" identity_file="${BASH_REMATCH[1]}"
debug "Found IdentityFile: $identity_file" debug "Found IdentityFile: $identity_file"
identity_files+=("$identity_file") identity_files+=("$identity_file")
@ -243,7 +247,7 @@ cmd_export() {
# Export IdentityFiles # Export IdentityFiles
local identity_files=() local identity_files=()
while IFS= read -r line; do while IFS= read -r line; do
if [[ "$line" =~ ^[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then if [[ "$line" =~ ^[[:space:]]*[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then
identity_files+=("${BASH_REMATCH[1]}") identity_files+=("${BASH_REMATCH[1]}")
fi fi
done <<<"$host_block" done <<<"$host_block"
@ -315,8 +319,14 @@ cmd_connect() {
# Create temporary directory for keys # Create temporary directory for keys
local tmp_dir=$(mktemp -d) local tmp_dir=$(mktemp -d)
debug "Created temporary directory: $tmp_dir"
trap 'rm -rf "$tmp_dir"' EXIT trap 'rm -rf "$tmp_dir"' EXIT
# Create empty temporary SSH config
local tmp_config="$tmp_dir/config"
touch "$tmp_config"
debug "Created temporary config: $tmp_config"
# Function to process a host and its ProxyJump dependencies # Function to process a host and its ProxyJump dependencies
process_host() { process_host() {
local host="$1" local host="$1"
@ -326,12 +336,15 @@ cmd_connect() {
local config_store="ssh/$host/config" local config_store="ssh/$host/config"
local host_block local host_block
host_block=$(pass show "$config_store" 2>/dev/null) || die "No config found for $host" host_block=$(pass show "$config_store" 2>/dev/null) || die "No config found for $host"
debug "Retrieved host block from $config_store:"
debug "$host_block"
# Append to temporary SSH config # Append to temporary SSH config
echo "$host_block" >>"$tmp_config" echo "$host_block" >>"$tmp_config"
# Extract and restore keys # Extract and restore keys
while IFS= read -r line; do while IFS= read -r line; do
debug "Processing config line: $line"
if [[ "$line" =~ ^[[:space:]]*[Pp][Rr][Oo][Xx][Yy][Jj][Uu][Mm][Pp][[:space:]]+([^[:space:]]+) ]]; then if [[ "$line" =~ ^[[:space:]]*[Pp][Rr][Oo][Xx][Yy][Jj][Uu][Mm][Pp][[:space:]]+([^[:space:]]+) ]]; then
debug "Found ProxyJump: ${BASH_REMATCH[1]}" debug "Found ProxyJump: ${BASH_REMATCH[1]}"
IFS=',' read -ra proxy_hosts <<<"${BASH_REMATCH[1]}" IFS=',' read -ra proxy_hosts <<<"${BASH_REMATCH[1]}"
@ -344,43 +357,55 @@ cmd_connect() {
process_host "$proxy" process_host "$proxy"
fi fi
done done
elif [[ "$line" =~ ^[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then elif [[ "$line" =~ ^[[:space:]]*[Ii][Dd][Ee][Nn][Tt][Ii][Tt][Yy][Ff][Ii][Ll][Ee][[:space:]]+([^[:space:]]+) ]]; then
local identity_file="${BASH_REMATCH[1]}" local identity_file="${BASH_REMATCH[1]}"
debug "Found IdentityFile: $identity_file"
local expanded_path="${identity_file/#\~/$HOME}" local expanded_path="${identity_file/#\~/$HOME}"
expanded_path=$(realpath -m "$expanded_path") expanded_path=$(realpath -m "$expanded_path")
debug "Expanded path: $expanded_path"
# Resolve relative to SSH_DIR if needed # Resolve relative to SSH_DIR if needed
if [[ "$expanded_path" != "$SSH_DIR"/* ]]; then if [[ "$expanded_path" != "$SSH_DIR"/* ]]; then
debug "Path not under SSH_DIR, adjusting"
expanded_path="$SSH_DIR/$identity_file" expanded_path="$SSH_DIR/$identity_file"
fi fi
debug "Final expanded path: $expanded_path"
local rel_path="${expanded_path#$SSH_DIR/}" local rel_path="${expanded_path#$SSH_DIR/}"
rel_path="${rel_path//../_dotdot_}" rel_path="${rel_path//../_dotdot_}"
local store_path="ssh/$host/$rel_path" local store_path="ssh/$host/$rel_path"
local tmp_key="$tmp_dir/$(basename "$identity_file")" local tmp_key="$tmp_dir/$(basename "$identity_file")"
debug "Store path: $store_path"
debug "Temporary key path: $tmp_key"
# Restore key to temporary location # Restore key to temporary location
if pass show "$store_path" >"$tmp_key" 2>/dev/null; then if pass show "$store_path" >"$tmp_key" 2>/dev/null; then
chmod 600 "$tmp_key" chmod 600 "$tmp_key"
debug "Restored key $store_path to $tmp_key" debug "Restored key $store_path to $tmp_key"
# Update config to use temporary key # Update config to use temporary key
debug "Updating config to use temporary key"
debug "Replacing: $identity_file"
debug "With: $tmp_key"
sed -i "s|${identity_file}|${tmp_key}|g" "$tmp_config" sed -i "s|${identity_file}|${tmp_key}|g" "$tmp_config"
else else
debug "Failed to retrieve key from $store_path"
echo "Warning: Key $store_path not found in pass" echo "Warning: Key $store_path not found in pass"
fi fi
fi fi
done <<<"$host_block" done <<<"$host_block"
}
# Create empty temporary SSH config debug "Finished processing host: $host"
local tmp_config="$tmp_dir/config" debug "Current temporary config contents:"
touch "$tmp_config" debug "$(cat "$tmp_config")"
}
# Process the main host and its dependencies # Process the main host and its dependencies
process_host "$hostname" process_host "$hostname"
# Execute SSH command with temporary config # Execute SSH command with temporary config
echo "Connecting to $hostname..." echo "Connecting to $hostname..."
debug "Running: ssh -F \"$tmp_config\" \"$hostname\""
ssh -F "$tmp_config" "$hostname" ssh -F "$tmp_config" "$hostname"
} }
@ -394,10 +419,25 @@ case "$1" in
esac esac
case "$1" in case "$1" in
import) shift; cmd_import_with_deps "$@" ;; import)
import-all) shift; cmd_import_all ;; shift
export) shift; cmd_export "$@" ;; cmd_import_with_deps "$@"
export-all) shift; cmd_export_all ;; ;;
connect) shift; cmd_connect "$@" ;; import-all)
shift
cmd_import_all
;;
export)
shift
cmd_export "$@"
;;
export-all)
shift
cmd_export_all
;;
connect)
shift
cmd_connect "$@"
;;
*) die "Usage: pass ssh [-v|--verbose] import|import-all|export|export-all|connect [hostname]" ;; *) die "Usage: pass ssh [-v|--verbose] import|import-all|export|export-all|connect [hostname]" ;;
esac esac