portable OpenSSH

Merge lp:~kirkland/openssh/ssh-import-id into lp:ubuntu/maverick/openssh

  1. ssh-import-id
  2. Merge into maverick
Proposed by Dustin Kirkland 
Status: Merged
Merged at revision: 3210
Proposed branch: lp:~kirkland/openssh/ssh-import-id
Merge into: lp:ubuntu/maverick/openssh
Diff against target: 217 lines (+163/-2)
7 files modified
debian/changelog (+18/-0)
debian/control (+2/-2)
debian/openssh-server.install (+1/-0)
debian/openssh-server.links (+2/-0)
debian/openssh-server.manpages (+1/-0)
debian/ssh-import-id (+122/-0)
debian/ssh-import-id.1 (+17/-0)
To merge this branch: bzr merge lp:~kirkland/openssh/ssh-import-id
Reviewer Review Type Date Requested Status
VCS imports Pending
Review via email: mp+30647@code.launchpad.net

Description of the change

Move ssh-import-lp-id from ssh-import to openssh-server, where it belongs.

To post a comment you must log in.
Revision history for this message
Martin Pool (mbp) wrote :

You probably want to requet review from ubuntu-reviewers

Revision history for this message
Martin Pool (mbp) wrote :

I don't know how this got to review by vcs-imports but we should change it.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-07-13 09:39:30 +0000
3+++ debian/changelog 2010-07-22 13:12:51 +0000
4@@ -1,8 +1,26 @@
5 openssh (1:5.5p1-4ubuntu3) UNRELEASED; urgency=low
6
7+ [ Colin Watson ]
8 * Use 'dh $@ --options' rather than 'dh --options $@', for
9 forward-compatibility with debhelper v8.
10
11+ [ Dustin Kirkland ]
12+ * debian/openssh-server.install, debian/ssh-import-id:
13+ - move the ssh-import-lp-id utility from the ssh-import
14+ package to openssh-server (which is the logical destination
15+ for this tool)
16+ - rename it from ssh-import-lp-id (clumsy) to ssh-import-id (nicer,
17+ more like 'ssh-copy-id')
18+ * debian/openssh-server.links:
19+ - add a symlink from ssh-import-lp-id (old name) to ssh-import-id
20+ (new name) to maintain compatibility with existing user scripts;
21+ link the manpage too
22+ * debian/control:
23+ - ensure that openssh-server replaces and conflicts ssh-import (which
24+ will be removed from the archive)
25+ * debian/ssh-import-id.1, debian/openssh-server.manpages:
26+ - add/install a manpage
27+
28 -- Colin Watson <cjwatson@ubuntu.com> Tue, 13 Jul 2010 10:38:57 +0100
29
30 openssh (1:5.5p1-4ubuntu2) maverick; urgency=low
31
32=== modified file 'debian/control'
33--- debian/control 2010-05-26 18:58:27 +0000
34+++ debian/control 2010-07-22 13:12:51 +0000
35@@ -46,8 +46,8 @@
36 Architecture: any
37 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), libssl0.9.8 (>= 0.9.8g-9), procps
38 Recommends: xauth
39-Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
40-Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
41+Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-import
42+Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5, ssh-import
43 Suggests: ssh-askpass, rssh, molly-guard, openssh-blacklist, openssh-blacklist-extra, ufw
44 Provides: ssh-server
45 Description: secure shell (SSH) server, for secure access from remote machines
46
47=== modified file 'debian/openssh-server.install'
48--- debian/openssh-server.install 2010-04-08 08:25:21 +0000
49+++ debian/openssh-server.install 2010-07-22 13:12:51 +0000
50@@ -4,3 +4,4 @@
51 usr/share/man/man5/sshd_config.5
52 usr/share/man/man8/sftp-server.8
53 usr/share/man/man8/sshd.8
54+debian/ssh-import-id usr/bin/
55
56=== modified file 'debian/openssh-server.links'
57--- debian/openssh-server.links 2010-04-07 12:56:13 +0000
58+++ debian/openssh-server.links 2010-07-22 13:12:51 +0000
59@@ -1,1 +1,3 @@
60 usr/lib/openssh/sftp-server usr/lib/sftp-server
61+usr/bin/ssh-import-id usr/bin/ssh-import-lp-id
62+usr/share/man/man1/ssh-import-id.1.gz usr/share/man/man1/ssh-import-lp-id.1.gz
63
64=== added file 'debian/openssh-server.manpages'
65--- debian/openssh-server.manpages 1970-01-01 00:00:00 +0000
66+++ debian/openssh-server.manpages 2010-07-22 13:12:51 +0000
67@@ -0,0 +1,1 @@
68+debian/ssh-import-id.1
69
70=== added file 'debian/ssh-import-id'
71--- debian/ssh-import-id 1970-01-01 00:00:00 +0000
72+++ debian/ssh-import-id 2010-07-22 13:12:51 +0000
73@@ -0,0 +1,122 @@
74+#!/bin/sh
75+#
76+# ssh-import-id - authorize a user by fetching their key
77+# from a public SSH keyserver; Launchpad.net
78+# by default
79+#
80+# Copyright (C) 2010 Canonical Ltd.
81+#
82+# Authors: Dustin Kirkland <kirkland@canonical.com>
83+# Scott Moser <smoser@canonical.com>
84+#
85+# All rights reserved.
86+#
87+# Redistribution and use in source and binary forms, with or without
88+# modification, are permitted provided that the following conditions
89+# are met:
90+# 1. Redistributions of source code must retain the above copyright
91+# notice, this list of conditions and the following disclaimer.
92+# 2. Redistributions in binary form must reproduce the above copyright
93+# notice, this list of conditions and the following disclaimer in the
94+# documentation and/or other materials provided with the distribution.
95+# 3. Neither the name of the University nor the names of its contributors
96+# may be used to endorse or promote products derived from this software
97+# without specific prior written permission.
98+#
99+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
100+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
101+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
102+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
103+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
104+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
105+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
106+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
107+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
108+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
109+# SUCH DAMAGE.
110+
111+# Abort on any unhandled error
112+set -e
113+
114+# The following URL *must* be an https address with a valid, signed certificate!!!
115+URL="https://launchpad.net/~%s/+sshkeys"
116+
117+usage() {
118+ echo
119+ echo "Usage:"
120+ echo " $0 [USER_ID_1] [USER_ID_2] ... [USER_ID_n]"
121+ echo
122+ exit 1
123+}
124+
125+[ -n "$1" ] || usage
126+
127+error() {
128+ printf "ERROR: %s\n" "$@" 1>&2
129+ exit 1
130+}
131+
132+warn() {
133+ printf "WARNING: %s\n" "$@" 1>&2
134+}
135+
136+info() {
137+ printf "INFO: %s\n" "$@"
138+}
139+
140+url_encode() {
141+ # from http://andy.wordpress.com/2008/09/17/urlencode-in-bash-with-perl/
142+ printf "%s" "$1" | perl -pe's/([^-_.~A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg'
143+}
144+
145+validate_keys() {
146+ # Prune blank lines, join lines that don't have a '= ',
147+ # remove invalid characters
148+ sed -i -e '/^$/d' \
149+ -e ':join /=[ ]/!{ N; s/\n// ; b join }' \
150+ -e 's/[^a-zA-Z0-9@: .\/=+-]//g' "$1"
151+ # Count lines
152+ lines=$(wc -l < "${1}")
153+ # Count valid keys
154+ keys=$(grep -c "^ssh-[dr]s[sa] [a-zA-Z0-9: .\/=+-]\+ " "$1")
155+ # Validate counts match, and >0
156+ [ $lines -gt 0 ] && [ $keys -eq $lines ]
157+}
158+
159+# Only support writing to this user's authorized_keys file
160+if [ -z "$HOME" ]; then
161+ uid=$(id -u) || error "Cannot determine user id"
162+ [ -n "$uid" ] || error "User id cannot be empty"
163+ pwline=$(getent passwd "$uid") || error "Cannot get passwd entry"
164+ HOME=$(echo "$pwline" | awk -F: '{print $6}') || error "Cannot determine home directory"
165+ [ -n "$HOME" ] || error "Home directory cannot be empty"
166+fi
167+
168+DIR="$HOME/.ssh"
169+FILE="$DIR"/authorized_keys
170+
171+mkdir -m 0700 "$DIR" 2>/dev/null || true
172+[ -d "$DIR" ] || error "Cannot create directory [$DIR]"
173+[ -w "$DIR" ] || error "Cannot write to directory [$DIR]"
174+[ -e "$FILE" ] || (umask 0177 && touch "$FILE") || error "Cannot create [$FILE]"
175+
176+rc=0
177+tmp=$(mktemp)
178+trap "rm -f $tmp" EXIT HUP INT QUIT TERM
179+for i in "$@"; do
180+ i=$(url_encode "$i") || error "Failed encoding [$i]"
181+ url=$(printf "$URL" "$i")
182+ if env -i wget --quiet -O- "$url" > "$tmp"; then
183+ echo >> "$tmp" # needed for wc
184+ if ! validate_keys "$tmp"; then
185+ warn "Invalid keys at [$url]"
186+ continue
187+ fi
188+ cat "$tmp" >> "$FILE" || error "Could not write to [$tmp]"
189+ info "Successfully authorized [$i]"
190+ else
191+ rc=$?
192+ warn "Failed to retrieve key for [$i] from [$url]"
193+ fi
194+done
195+exit $rc
196
197=== added file 'debian/ssh-import-id.1'
198--- debian/ssh-import-id.1 1970-01-01 00:00:00 +0000
199+++ debian/ssh-import-id.1 2010-07-22 13:12:51 +0000
200@@ -0,0 +1,17 @@
201+.TH ssh\-import\--id 1 "23 Feb 2010" ssh\-import "ssh\-import"
202+.SH NAME
203+ssh\-import\-id \- retrieve one or more public keys from a public keyserver (Launchpad.net by default) and append them to the current user's authorized_keys file
204+
205+.SH SYNOPSIS
206+.BI "ssh\-import\-id [launchpad_id_1] [launchpad_id_2] [launchpad_id_3] ...
207+
208+.SH DESCRIPTION
209+This utility will securely contact a public keyserver (Launchpad.net by default) and retrieve one or more user's public keys, and append these to the current user's \fI~/.ssh/authorized_keys\fP file.
210+
211+.SH SEE ALSO
212+\fIssh\fP(1)
213+
214+.SH AUTHOR
215+This manpage and the utility was written by Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the BSD License.
216+
217+On Debian systems, the complete text of the BSD License can be found in /usr/share/common-licenses/BSD.

Subscribers

People subscribed via source and target branches