#!/bin/sh ####################################################################### # Script Name: sshkey.sh # Version: 1.2 # Description: Script to creat new ssh keys every year. # Last Modify Date: 01132022 # Author:Brent Dacus # Email:brent[at]thedacus[dot]net ####################################################################### # Variables # ####################################################################### os=$(uname) server_list="172.20.0.1 172.20.10.53 172.20.10.54 172.20.20.2 172.20.20.4 172.20.20.7 172.20.20.10 172.20.20.11 172.20.30.40 154.12.224.183 5.78.96.30 5.161.68.140 209.145.52.110 209.126.81.64 207.244.226.26 144.91.108.77 88.99.32.217 66.94.114.179 66.94.111.166" if [ "$os" = "FreeBSD" ] || [ "$os" = "Darwin" ]; then lstyear=$(date -v -1y +%Y) else lstyear=$(date --date "1 year ago" +%Y) fi year=$(date +%Y) host=$(hostname -s) ####################################################################### # Main # ####################################################################### bkupkeys() { echo "Backing up old keys" if grep "$lstyear$host"_id /etc/ssh/ssh_config; then echo "Old keys from $lstyear present" mkdir -p ~/.ssh/"$lstyear" cp -Rf ~/.ssh/"$lstyear""$host"_id_* ~/.ssh/"$lstyear" else echo "All old keys from $lstyear backed up" echo "Old backup key directories deleted" find ~/.ssh/* -maxdepth 1 -type d -mtime +365 -exec rm -rf {} + fi } newkeys() { #make new keys for the year if ls ~/.ssh/"$year""$host"_id_* 1>/dev/null 2>&1; then echo "Keys still Valid" else echo "Creating new keys" ssh-keygen -C "$year-$host" -f ~/.ssh/"$year""$host"_id_ecdsa -a 100 -t ecdsa -b 521 -N '' ssh-keygen -C "$year-$host" -f ~/.ssh/"$year""$host"_id_ed25519 -a 100 -t ed25519 -N '' ssh-keygen -C "$year-$host" -f ~/.ssh/"$year""$host"_id_rsa -a 100 -t rsa -b 4096 -N '' fi } checkclntssh() { #check client config if grep "$year$host"_id /etc/ssh/ssh_config; then echo "Config present" else echo IdentityFile ~/.ssh/"$year""$host"_id_rsa | sudo tee -a /etc/ssh/ssh_config echo IdentityFile ~/.ssh/"$year""$host"_id_ecdsa | sudo tee -a /etc/ssh/ssh_config echo IdentityFile ~/.ssh/"$year""$host"_id_ed25519 | sudo tee -a /etc/ssh/ssh_config fi } printf "Do we need to create new ssh keys? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) bkupkeys newkeys checkclntssh ;; [Nn]*) ;; esac printf "Do we need to run ssh key install? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) printf "What server ips seprated by space? (y/n)? " read -r server_list printf "what ssh port key? (14,22)? " read -r sshport for server in $server_list; do echo "Adding ssh $year rsa key to ip $server" ssh -p 14 root@"$server" "mkdir -p ~/.ssh && grep -E -v $host ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.temp" cat ~/.ssh/"$year""$host"_id_rsa.pub | ssh -p "$sshport" root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Adding ssh $year ecdsa key to ip $server" cat ~/.ssh/"$year""$host"_id_ecdsa.pub | ssh -p "$sshport" root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Adding ssh $year ed25519 key to ip $server" cat ~/.ssh/"$year""$host"_id_ed25519.pub | ssh -p "$sshport" root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Moving auth key file on server: $server" ssh -p "$sshport" root@"$server" "mv -f ~/.ssh/authorized_keys.temp ~/.ssh/authorized_keys && rm -f ~/.ssh/authorized_keys.temp" done echo "Removing old Keys from $lstyear" rm -f ~/.ssh/"$lstyear""$host"_id_* #check client config if grep "$lstyear$host"_id /etc/ssh/ssh_config; then echo "Old Config present. Removing.." sudo sed -i -e /"$lstyear""$host"/d /etc/ssh/ssh_config else echo "Currrent config in place." fi ;; [Nn]*) ;; esac printf "Do we need to run mass ssh key update? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) for server in $server_list; do echo "Adding ssh $year rsa key to ip $server" ssh -p 14 root@"$server" "mkdir -p ~/.ssh && grep -E -v $host ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.temp" cat ~/.ssh/"$year""$host"_id_rsa.pub | ssh -p 14 root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Adding ssh $year ecdsa key to ip $server" cat ~/.ssh/"$year""$host"_id_ecdsa.pub | ssh -p 14 root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Adding ssh $year ed25519 key to ip $server" cat ~/.ssh/"$year""$host"_id_ed25519.pub | ssh -p 14 root@"$server" "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys.temp" done for server in $server_list; do echo "Moving auth key file on server: $server" ssh -p 14 root@"$server" "mv -f ~/.ssh/authorized_keys.temp ~/.ssh/authorized_keys && rm -f ~/.ssh/authorized_keys.temp" done echo "Removing old Keys from $lstyear" rm -f ~/.ssh/"$lstyear""$host"_id_* #check client config if grep "$lstyear$host"_id /etc/ssh/ssh_config; then echo "Old Config present. Removing.." sudo sed -i -e /"$lstyear""$host"/d /etc/ssh/ssh_config else echo "Currrent config in place." fi ;; [Nn]*) ;; esac