blob: 89d66232e42d73955ebdcff21e23f970fa95fcc3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
#!/bin/bash
# from-remote: this script is executed by the remote ssh client as
# instructed in .ssh/authorized_keys.
# /bin/bash: because of the usage of the non-posix 'exec -a'
exec 2>>err
log()
{
echo `date` "$@" >> log
}
bad()
{
mv $file bad/ra-$$.tar.gz
log "Bad connection attempt. SSH_CONNECTION='$SSH_CONNECTION', file=bad/ra-$$.tar.gz"
exit 1
}
mkdir -p ra ra/old bad
file=ra/ra-$$.tar.gz
dd of=$file bs=100k count=1 2>/dev/null
tar tzf $file >/dev/null 2>&1 || bad
pubkey=`tar xzf $file -O origkey | ssh-keygen -y -f /proc/self/fd/0 | awk '$1 == "ssh-rsa" {print $2}'`
[ -z "$pubkey" ] && bad
comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'`
[ -z "$comment" ] && bad
mv -f ra/$comment-* ra/old 2>/dev/null
mv $file ra/$comment-$$.tar.gz
file=ra/$comment-$$.tar.gz
keyfile=ra/$comment-key
tar xzf $file -O key > $keyfile || bad
chmod 600 $keyfile
log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file"
exec -a sleep-$comment sleep 1d
|
