BASH   82

ssh login ENG sh

Guest on 17th June 2022 01:21:09 AM

  1. #!/bin/sh
  2. #
  3. ############################################################
  4. # Making a SSH connection to one server.
  5. # The trust of the server will be checked during connection
  6. # by comparing fingerprints.
  7. #
  8. # Current script has been written by Edmund Laugasson.
  9. ############################################################
  10. #
  11. # Variables
  12. user=student
  13. host=
  14. port=22
  15. key=ecdsa
  16. hash=sha256
  17. url=/ssh-fingerprints.txt
  18. tmp=$(mkdir -p /tmp/$(echo $USER)_$host && echo /tmp/$(echo $USER)_$host)
  19. #
  20. # Query ECDSA fingerprint before first connection (change key algorithm if needed) in current moment:
  21. ssh-keyscan -t $key -p $port $host | ssh-keygen -lf - | cut -d':' -f2 | rev | cut -d' ' -f3 | rev > $tmp/var1_$host
  22. #
  23. # Query the same ECDSA fingerprint from trusted source, e.g. system administrator (change key algorithm if needed):
  24. wget -O- -q $url | grep -i $key | grep -i $hash | cut -d':' -f2 | rev | cut -d' ' -f18 | rev > $tmp/var2_$host
  25. #
  26. # Create temporary variables based on previously created files (effective only in current terminal session, erased by closing terminal but running script again will create also variables again) that contain queried data from server and trusted source:
  27. var1=$(cat $tmp/var1_$host)
  28. var2=$(cat $tmp/var2_$host)
  29. #
  30. # Real compare with conditional sentense of fingerprints through previously created variables.
  31. # Here are two variants: first one will announce about trusted moment, second one will login.
  32. #
  33. # Announcing about trusted moment
  34. #if [ $var1 = $var2 ]; then clear; printf "\nOffered $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var1)\n\n...CAN be trusted.\n\nYou MAY log in.\n\n"; rm -fr $tmp; else clear; printf "\nOffered $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var1)\n\n...CANNOT be trusted.\n\nTrusted $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var2)\n\nDO NOT suggest to log in.\n\n"; rm -fr; $tmp; fi
  35. #
  36. # Real login if fingerprints match
  37. if [ $var1 = $var2 ]; then clear; printf "\nOffered $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var1)\n\n...CAN be trusted.\n\nLogging in...\n\n"; ssh $user@$host -p $port; rm -fr $tmp; else clear; printf "\nOffered $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var1)\n\n...CANNOT be trusted.\n\nTrusted $(echo $key | tr [:lower:] [:upper:]) key $(echo $hash | tr [:lower:] [:upper:]) fingerprint:\n\n$(echo $var2)\n\nDO NOT suggest to log in.\n\n"; rm -fr $tmp; fi
  38. #
  39. # To make sure the temporary created directory with content will be deleted:
  40. rm -fr $tmp

Raw Paste


Login or Register to edit or fork this paste. It's free.