Merge pull request #2287 from dokku/u2mejc-ssh-keys

Add ssh-keys core plugin
2025-12-29 00:25:08 +01:00 · 2016-07-30 15:11:01 -04:00
parent 1cbdde748e fb2c7af9e1
commit 53fac6d5dd
12 changed files with 186 additions and 22 deletions
--- a/plugins/ssh-keys/commands
+++ b/plugins/ssh-keys/commands
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+[[ " help ssh-keys:help " == *" $1 "* ]] || exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+
+case "$1" in
+  help | ssh-keys:help)
+    help_content_func () {
+      declare desc="return ssh-keys plugin help content"
+      cat<<help_content
+    ssh-keys, Manage public ssh keys that are allowed to connect to Dokku
+    ssh-keys:list, List of all authorized dokku public ssh keys
+    ssh-keys:add <name> [/path/to/key], Add a new public key by pipe or path
+    ssh-keys:remove <name>, Remove SSH public key by name
+help_content
+    }
+
+    if [[ $1 = "ssh-keys:help" ]] ; then
+        echo -e 'Usage: dokku ssh-keys[:COMMAND]'
+        echo ''
+        echo 'Manage public ssh keys that are allowed to connect to Dokku'
+        echo ''
+        echo 'Additional commands:'
+        help_content_func | sort | column -c2 -t -s,
+    else
+        help_content_func
+    fi
+    ;;
+
+  *)
+    exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
+    ;;
+
+esac
--- a/plugins/ssh-keys/functions
+++ b/plugins/ssh-keys/functions
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+
+verify_ssh_key_file() {
+  declare desc="Test that public key is valid"
+  [[ -s ${DOKKU_ROOT}/.ssh/authorized_keys ]] || dokku_log_fail "No public keys found."
+  ssh-keygen -l -f "${DOKKU_ROOT}/.ssh/authorized_keys" &> /dev/null || dokku_log_fail "${DOKKU_ROOT}/.ssh/authorized_keys failed ssh-keygen check."
+}
+
+verify_ssh_key_exists() {
+  declare desc="Test that public key exists"
+  [[ -e ${DOKKU_ROOT}/.ssh/authorized_keys ]] || dokku_log_fail "No public keys found."
+}
--- a/plugins/ssh-keys/plugin.toml
+++ b/plugins/ssh-keys/plugin.toml
@@ -0,0 +1,4 @@
+[plugin]
+description = "dokku core ssh-keys plugin"
+version = "0.6.4"
+[plugin.config]
--- a/plugins/ssh-keys/subcommands/add
+++ b/plugins/ssh-keys/subcommands/add
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+source "$PLUGIN_AVAILABLE_PATH/ssh-keys/functions"
+
+add_keys() {
+  declare desc="add a new key via sshcommand"
+  local cmd="ssh-keys:add"
+  shift
+  local name="$1" key_file="$2" key_contents key_from_pipe
+  [[ -p /dev/stdin ]] && read -r key_from_pipe
+  if [[ -n "$key_from_pipe" ]]; then
+    ssh-keygen -lf /dev/stdin <<< "$key_from_pipe" &> /dev/null || dokku_log_fail "Key piped in is not a valid ssh public key"
+    key_contents="$key_from_pipe"
+  elif [[ -n "$key_file" ]]; then
+    key_contents="$(cat "$key_file")"
+  fi
+  [[ -n "$name" && -n "$key_contents" ]] || dokku_log_fail "Two arguments are required if not piping, ie: dokku ssh-keys:add <NAME> <KEY_FILE>"
+  verify_ssh_key_exists
+  echo "$key_contents" | sshcommand acl-add dokku "$name" || dokku_log_fail "sshcommand returned an error: $?"
+}
+
+add_keys "$@"
--- a/plugins/ssh-keys/subcommands/list
+++ b/plugins/ssh-keys/subcommands/list
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+source "$PLUGIN_AVAILABLE_PATH/ssh-keys/functions"
+
+list_ssh_keys() {
+  declare desc="List ssh key hashes"
+  local cmd="ssh-keys:list"
+  verify_ssh_key_file
+  sshcommand list dokku
+}
+
+list_ssh_keys "$@"
--- a/plugins/ssh-keys/subcommands/remove
+++ b/plugins/ssh-keys/subcommands/remove
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+source "$PLUGIN_AVAILABLE_PATH/ssh-keys/functions"
+
+remove_key() {
+  declare desc="Removes key from authorized_keys"
+  local cmd="ssh-keys:remove"
+  shift
+  local name="$1"
+  verify_ssh_key_file
+  [[ -z $1 ]] && dokku_log_fail "A name is required to remove a key, ie: dokku ssh-keys:remove <name>"
+  sshcommand acl-remove dokku "$name" || dokku_log_fail "sshcommand returned an error $?"
+}
+
+remove_key "$@"
--- a/plugins/ssh-keys/user-auth
+++ b/plugins/ssh-keys/user-auth
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
+source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
+
+check_ssh_keys_user() {
+  declare desc="check user running ssh-keys"
+  local SSH_USER=$1 SSH_NAME=$2
+  [[ "$SSH_USER" == "root" || "$SSH_NAME" == *admin* ]] || dokku_log_fail "You must be root, or a dokku admin, to execute this command"
+}
+
+if [[ "$3" == ssh-keys* ]]; then
+  check_ssh_keys_user "$@"
+fi