-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathaccessdev-gadi-setup
executable file
·94 lines (73 loc) · 3.02 KB
/
accessdev-gadi-setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
check_return() {
retval=$?
message=$1
if [ $retval == 0 ]; then
echo -e "$message" "\x1b[32mSUCCESS\x1b[0m"
else
echo -e "$message" "\x1b[31mFAILED\x1b[0m"
if [ $# -gt 1 ]; then
fixer=$2
read -p "Attempt to fix? [y/N] " dofix
case $dofix in
[yY]* ) $fixer;;
* ) ;;
esac
fi
fi
}
setup_gadi_ssh() {
# Make a passphraseless ssh key
if [ ! -f ~/.ssh/id_rsa_cylc_restricted.pub ]; then
echo "Creating a passphraseless SSH key"
ssh-keygen -N '' -f ~/.ssh/id_rsa_cylc -C "Accessdev Cylc to Gadi"
echo "from=\"130.56.244.72\",no-agent-forwarding,no-port-forwarding $(cat ~/.ssh/id_rsa_cylc.pub)" > ~/.ssh/id_rsa_cylc_restricted.pub
cat >> ~/.ssh/config << EOF
Host gadi.nci.org.au gadi
IdentityFile ~/.ssh/id_rsa_cylc
EOF
fi
echo "Copying new key to Gadi (you may be prompted for your NCI password)"
export SSH_AUTH_SOCK=$OLD_SSH_AUTH_SOCK
ssh-copy-id -i ~/.ssh/id_rsa_cylc_restricted.pub gadi.nci.org.au
unset SSH_AUTH_SOCK
ssh -oBatchMode=true -i ~/.ssh/id_rsa_cylc gadi.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from accessdev to gadi (explicit key)"
ssh -oBatchMode=true gadi.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from accessdev to gadi (implicit key)"
}
setup_return_ssh() {
ssh gadi.nci.org.au /bin/bash <<EOS
# Make a passphraseless ssh key
if [ ! -f ~/.ssh/id_rsa_cylc_restricted.pub ]; then
echo "Creating a passphraseless SSH key"
ssh-keygen -N '' -f ~/.ssh/id_rsa_cylc -C "Gadi Cylc to Accessdev"
echo "no-agent-forwarding,no-port-forwarding \$(cat ~/.ssh/id_rsa_cylc.pub)" > ~/.ssh/id_rsa_cylc_restricted.pub
cat >> ~/.ssh/config << EOF
Host accessdev.nci.org.au
IdentityFile ~/.ssh/id_rsa_cylc
EOF
fi
EOS
echo "Copying new key to Accessdev"
ssh gadi.nci.org.au cat ~/.ssh/id_rsa_cylc_restricted.pub >> ~/.ssh/authorized_keys
ssh -oBatchMode=true gadi.nci.org.au ssh -oBatchMode=true accessdev.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from gadi to accessdev"
}
if [ "$HOSTNAME" != "accessdev.nci.org.au" ]; then
echo "Run this script on accessdev"
exit -1
fi
id -Gn | grep -w access &> /dev/null
check_return "Member of NCI 'access' group"
pgrep -U $USER gpg-agent &> /dev/null
check_return "'mosrs-setup' has been run and GPG agent is running" mosrs-setup
ssh -oBatchMode=true gadi.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from accessdev to gadi, with agent"
# Disable SSH agent
OLD_SSH_AUTH_SOCK=$SSH_AUTH_SOCK
unset SSH_AUTH_SOCK
ssh -oBatchMode=true gadi.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from accessdev to gadi, no agent" setup_gadi_ssh
ssh -oBatchMode=true gadi.nci.org.au ssh -oBatchMode=true accessdev.nci.org.au true &> /dev/null
check_return "Connecting in batch mode from gadi to accessdev, no agent" setup_return_ssh