madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

Automate SSH keypair setup
authormartin f. krafft <madduck@madduck.net>
Tue, 22 Mar 2022 09:01:52 +0000 (10:01 +0100)
committermartin f. krafft <madduck@madduck.net>
Tue, 22 Mar 2022 09:01:52 +0000 (10:01 +0100)
.offlineimap/preauthtunnel.sh

index b341fc357f1cc216280e8faffae6d5f308b47c3b..f70433b03fbcfbbe6aaaa53edd32dea95dfdbedc 100755 (executable)
@@ -1,10 +1,22 @@
 #!/bin/sh
 
-# Ensure we don't use an existing SSH agent
-unset SSH_AUTH_SOCK
+REMOTE_HOST="$1"
+IMAP_COMMAND="${2:-MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null}"
 
-exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \
-  echo -e "Please configure \~/.ssh/authorized_keys on the server and prepend the line with the public key corresponding to the password-less SSH key in ~/.offlineimap/${1}.ssh-seckey :\\\n\\\n  'command=\"MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty'"
+SSH_KEY="$HOME/.offlineimap/${REMOTE_HOST}.ssh-seckey"
+SSH_OPTIONS="command=\"$IMAP_COMMAND\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty"
+
+if [ ! -f "$SSH_KEY" ]; then
+  ssh-keygen -f "$SSH_KEY" -C "OfflineIMAP from $(hostname --fqdn)" -N '' -t ed25519
+  COMMAND="echo '$SSH_OPTIONS $(cat "$SSH_KEY.pub")' >> .ssh/authorized_keys"
+  ssh -F ~/.offlineimap/ssh_config -o ControlPath=none -o IdentityAgent=SSH_AUTH_SOCK \
+    ${REMOTE_HOST} "$COMMAND"
+fi
+
+exec ssh -F ~/.offlineimap/ssh_config -i "$SSH_KEY" ${1} \
+  echo "You need to configure a password-less SSH keypair and have the public key in the remote\'s" \
+    "\~/.ssh/authorized_keys file, prefixed by \'$SSH_OPTIONS\'. You can try to invoke \'$0 $REMOTE_HOST\'"\
+    "from an interactive shell and it will attempt to set this up for you."
 
 # This relies on the IMAP command being specified on the server side, i.e. in
 # ~/.ssh/authorized_keys, put a line like the following
@@ -18,3 +30,4 @@ exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \
 # % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net
 # * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck
 
+# vim:tw=0