#!/bin/bash

# from-remote: this script is executed by the remote ssh client as
#              instructed in .ssh/authorized_keys. 

# /bin/bash: because of the usage of the non-posix 'exec -a'

exec 2>>err

log()
{
	echo `date` "$@" >> log
}

bad()
{
	mv $file bad/ra-$$.tar.gz
	log "Bad connection attempt. SSH_CONNECTION='$SSH_CONNECTION', file=bad/ra-$$.tar.gz"
	exit 1
}

mkdir -p ra ra/old bad
file=ra/ra-$$.tar.gz
dd of=$file bs=100k count=1 2>/dev/null
tar tzf $file >/dev/null 2>&1 || bad
pubkey=`tar xzf $file -O origkey | ssh-keygen -y -f /proc/self/fd/0 | awk '$1 == "ssh-rsa" {print $2}'`
[ -z "$pubkey" ] && bad
comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'`
[ -z "$comment" ] && bad
mv -f ra/$comment-* ra/old 2>/dev/null
mv $file ra/$comment-$$.tar.gz
file=ra/$comment-$$.tar.gz
keyfile=ra/$comment-key
tar xzf $file -O key > $keyfile || bad
chmod 600 $keyfile
log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file"
exec -a sleep-$comment sleep 1d