feat: add ability to remove an ssh key by fingerprint

- add tests for ssh-keys:remove - upgrade sshcommand
2026-02-23 19:50:34 +01:00 · 2020-12-19 16:43:32 -05:00
parent 89d6f0eb6e
commit 13dd8aa224
6 changed files with 81 additions and 10 deletions
--- a/2
+++ b/2
@@ -4,7 +4,7 @@ HEROKUISH_VERSION ?= 0.5.19
 PROCFILE_VERSION ?= 0.11.0
 PLUGN_VERSION ?= 0.5.1
 SIGIL_VERSION ?= 0.6.0
-SSHCOMMAND_VERSION ?= 0.11.0
+SSHCOMMAND_VERSION ?= 0.12.0
 SSHCOMMAND_URL ?= https://github.com/dokku/sshcommand/releases/download/v${SSHCOMMAND_VERSION}/sshcommand_${SSHCOMMAND_VERSION}_linux_x86_64.tgz
 PROCFILE_UTIL_URL ?= https://github.com/josegonzalez/go-procfile-util/releases/download/v${PROCFILE_VERSION}/procfile-util_${PROCFILE_VERSION}_linux_x86_64.tgz
 PLUGN_URL ?= https://github.com/dokku/plugn/releases/download/v${PLUGN_VERSION}/plugn_${PLUGN_VERSION}_linux_x86_64.tgz
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Version: 0.22.2
 Section: web
 Priority: optional
 Architecture: amd64
-Depends: locales, git, cpio, curl, man-db, netcat, sshcommand (>= 0.10.0), docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, net-tools, software-properties-common, procfile-util (>= 0.11.0), python-software-properties | python3-software-properties, rsyslog, dos2unix, jq
+Depends: locales, git, cpio, curl, man-db, netcat, sshcommand (>= 0.12.0), docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, net-tools, software-properties-common, procfile-util (>= 0.11.0), python-software-properties | python3-software-properties, rsyslog, dos2unix, jq
 Recommends: herokuish (>= 0.3.4), parallel, dokku-update, dokku-event-listener
 Pre-Depends: gliderlabs-sigil, nginx (>= 1.8.0) | openresty, dnsutils, cgroupfs-mount | cgroup-lite, plugn (>= 0.3.0), sudo, python3, debconf
 Maintainer: Jose Diaz-Gonzalez <dokku@josediazgonzalez.com>
--- a/docs/deployment/user-management.md
+++ b/docs/deployment/user-management.md
@@ -3,9 +3,9 @@
 > New as of 0.7.0

 ```
-ssh-keys:add <name> [/path/to/key]             # Add a new public key by pipe or path
-ssh-keys:list [<name>]                         # List of all authorized Dokku public ssh keys
-ssh-keys:remove <name>                         # Remove SSH public key by name
+ssh-keys:add <name> [/path/to/key]                 # Add a new public key by pipe or path
+ssh-keys:list [<name>]                             # List of all authorized Dokku public ssh keys
+ssh-keys:remove [--fingerprint fingerprint|<name>] # Remove SSH public key by name
 ```

 When pushing to Dokku, SSH key-based authorization is the preferred authentication method, for ease of use and increased security.
@@ -74,10 +74,16 @@ cat ~/.ssh/id_rsa.pub | make vagrant-acl-add

 As key names are unique, they can be used to remove a public SSH key.

-```SHELL
+```shell
 dokku ssh-keys:remove KEY_NAME
 ```

+An SSH Key can also be removed by fingerprint.
+
+```shell
+dokku ssh-keys:remove --fingerprint FINGERPRINT
+```
+
 ## Scoping commands to specific users

 Support for scoping commands to specific users can be added through plugins that take advantage of the [user-auth](/docs/development/plugin-triggers.md#user-auth) plugin trigger to handle command authorization.
--- a/plugins/ssh-keys/subcommands/remove
+++ b/plugins/ssh-keys/subcommands/remove
@@ -8,11 +8,20 @@ cmd-ssh-keys-remove() {
  declare desc="Removes key from authorized_keys"
  declare cmd="ssh-keys:remove"
  [[ "$1" == "$cmd" ]] && shift 1
-  declare NAME="$1"
+  declare NAME="$1" FINGERPRINT="$2"

  verify_ssh_key_file
-  [[ -z "$NAME" ]] && dokku_log_fail "A name is required to remove a key, ie: dokku ssh-keys:remove <name>"
-  sshcommand acl-remove dokku "$NAME" || dokku_log_fail "sshcommand returned an error $?"
+  if [[ "$NAME" == "--fingerprint" ]]; then
+    [[ -z "$FINGERPRINT" ]] && dokku_log_fail "A fingerprint is required to remove a key, ie: dokku ssh-keys:remove --fingerprint FINGERPRINT"
+  elif [[ -z "$NAME" ]]; then
+    dokku_log_fail "A name is required to remove a key, ie: dokku ssh-keys:remove <name>"
+  fi
+
+  if [[ "$NAME" == "--fingerprint" ]]; then
+    sshcommand acl-remove-by-fingerprint dokku "$FINGERPRINT" || dokku_log_fail "sshcommand returned an error $?"
+  else
+    sshcommand acl-remove dokku "$NAME" || dokku_log_fail "sshcommand returned an error $?"
+  fi
 }

 cmd-ssh-keys-remove "$@"
--- a/rpm.mk
+++ b/rpm.mk
@@ -44,7 +44,7 @@ endif
 		--depends 'plugn' \
 		--depends 'procfile-util >= 0.11.0' \
 		--depends '/usr/bin/python3' \
-		--depends 'sshcommand >= 0.10.0' \
+		--depends 'sshcommand >= 0.11.0' \
 		--depends 'sudo' \
 		--after-install rpm/dokku.postinst \
 		--url "https://github.com/$(DOKKU_REPO_NAME)" \
--- a/tests/unit/ssh_keys.bats
+++ b/tests/unit/ssh_keys.bats
@@ -173,6 +173,62 @@ teardown() {
  assert_failure
 }

+@test "(ssh-keys) ssh-keys:remove" {
+  run /bin/bash -c "dokku ssh-keys:add new-user /tmp/testkey.pub"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku ssh-keys:list new-user | wc -l"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+  assert_equal "$output" "1"
+
+  run /bin/bash -c "dokku ssh-keys:remove new-user"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku ssh-keys:list new-user | wc -l"
+  echo "output: $output"
+  echo "status: $status"
+  assert_equal "$output" "0"
+
+  run /bin/bash -c "dokku ssh-keys:remove new-user"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku ssh-keys:add new-user /tmp/testkey.pub"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku ssh-keys:list new-user | wc -l"
+  echo "output: $output"
+  echo "status: $status"
+  assert_equal "$output" "1"
+
+  run /bin/bash -c "dokku ssh-keys:list new-user | cut -d' ' -f1"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+  assert_output_exists
+
+  local fingerprint="$output"
+  run /bin/bash -c "dokku ssh-keys:remove --fingerprint ${fingerprint}"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku ssh-keys:list new-user | wc -l"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+  assert_equal "$output" "0"
+}
+
@test "(ssh-keys) ssh-keys:list" {
  run /bin/bash -c "dokku ssh-keys:list"
  echo "output: $output"