Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Tree: e10852f001
Branches Tags
ffho-salt-pu...
/
install-server
/
nacl
/
register_ssh_keys

register_ssh_keys 2.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. #!/usr/bin/python3
    2. 

  2. #
    3. 

  3. # Maximilian Wilhelm <max@rfc2324.org>
    4. 

  4. #  --  Sun 17 Feb 2019 09:51:48 PM CET
    5. 

  5. #
    6. 

  6. 

  7. import argparse
    8. 

  8. import netifaces
    9. 

  9. import os
    10. 

  10. import os.path
    11. 

  11. import requests
    12. 

  12. import sys
    13. 

  13. 

  14. 

  15. key_types = [
    16. 

  16. 	'ssh_host_ecdsa_key',
    17. 

  17. 	'ssh_host_ecdsa_key.pub',
    18. 

  18. 	'ssh_host_ed25519_key',
    19. 

  19. 	'ssh_host_ed25519_key.pub',
    20. 

  20. 	'ssh_host_rsa_key',
    21. 

  21. 	'ssh_host_rsa_key.pub',
    22. 

  22. ]
    23. 

  23. 

  24. def get_active_interface() -> str:
    25. 

  25. 	try:
    26. 

  26. 		# netifaces.gateway() will return a dict with multiple keys:
    27. 

  27. 		# 'default'          -> dict with default route information (AF -> (ip, iface))
    28. 

  28. 		# netifaces.AF_INET  -> list of IPv4 next-hop tuples (IP, iface, default yes/no)
    29. 

  29. 		# netifaces.AF_INET6 -> list of IPv6 next-hop tuples (see above)
    30. 

  30. 		def_gw = netifaces.gateways()['default']
    31. 

  31. 

  32. 		# The 'default' dict should contain an IPv6 default gw (we need IPv6 to reach NACL),
    33. 

  33. 		# and if so we care about the interface name
    34. 

  34. 		return def_gw[netifaces.AF_INET6][1]
    35. 

  35. 	except KeyError:
    36. 

  36. 		return None
    37. 

  37. 

  38. def get_interface_mac(ifname: str) -> str:
    39. 

  39. 	iface_addrs = netifaces.ifaddresses(ifname)
    40. 

  40. 	try:
    41. 

  41. 		# We care about the MAC of the 1st entry in the AF_LINK addresses (from right to left)
    42. 

  42. 		return iface_addrs[netifaces.AF_LINK][0]['addr']
    43. 

  43. 	except KeyError:
    44. 

  44. 		return None
    45. 

  45. 	except IndexError:
    46. 

  46. 		return None
    47. 

  47. 

  48. def upload_key(nacl_url: str, key_type: str, mac: str):
    49. 

  49. 	print (f"Registering key '{key_type}'... ", end = '')
    50. 

  50. 

  51. 	try:
    52. 

  52. 		with open (f"/etc/ssh/{key_type}", "r") as key_fh:
    53. 

  53. 			data = {
    54. 

  54. 				'key_type' : key_type,
    55. 

  55. 				'key' : "".join (key_fh.readlines ()),
    56. 

  56. 			}
    57. 

  57. 

  58. 		if mac is not None:
    59. 

  59. 			data['mac'] = mac
    60. 

  60. 

  61. 		res = requests.post (f"{nacl_url}/node/register_ssh_key", data = data)
    62. 

  62. 		if res.status_code == 200:
    63. 

  63. 			print("already registered.")
    64. 

  64. 		elif res.status_code == 201:
    65. 

  65. 			print("done.")
    66. 

  66. 		else:
    67. 

  67. 			print(f"FAILED: {res.text}", file=sys.stderr)
    68. 

  68. 			sys.exit(3)
    69. 

  69. 	except Exception as e:
    70. 

  70. 		print(f"FAILED: {str(e)}", file=sys.stderr)
    71. 

  71. 		sys.exit(4)
    72. 

  72. 

  73. 

  74. parser = argparse.ArgumentParser(description = 'NACL SSH key registration tool')
    75. 

  75. parser.add_argument('--mac', '-m', help = 'Use MAC address from gateway interface rather than IP address to identify ourselves', action = 'store_true', default = False)
    76. 

  76. parser.add_argument('--url', help = "URL to reach NACL service, e.g http://nacl:2342", default = os.environ.get('NACL_URL', 'http://nacl'))
    77. 

  77. args = parser.parse_args()
    78. 

  78. 

  79. mac = None
    80. 

  80. if args.mac:
    81. 

  81. 	uplink_ifname = get_active_interface()
    82. 

  82. 	if uplink_ifname is None:
    83. 

  83. 		print("Failed to identify uplink interface!", file=sys.stderr)
    84. 

  84. 		sys.exit(1)
    85. 

  85. 

  86. 	mac = get_interface_mac(uplink_ifname)
    87. 

  87. 	if mac is None:
    88. 

  88. 		print(f"Failed to get MAC address of uplink interface {uplink_ifname}!", file=sys.stderr)
    89. 

  89. 		sys.exit(2)
    90. 

  90. 

  91. for key_type in key_types:
    92. 

  92. 	upload_key(args.url, key_type, mac)
    93.