From: Alex Dehnert <adehnert@mit.edu>
Date: Fri, 5 Mar 2010 00:34:55 +0000 (-0500)
Subject: Add sshroot --- krbroot for ssh-agent
X-Git-Url: https://www.dehnerts.com/gitweb/?p=user%2Falex%2Fsoftware%2Fmy-snippets.git;a=commitdiff_plain;h=abb8f2518cbbd4e02385170dcbabc0fc605d66f4

Add sshroot --- krbroot for ssh-agent

The goal here is to make it easy to have one set
of ssh keys that you use frequently and want to
be able to not expire and stuff, and have one
set that you use for root or otherwise sensitive
access.

This version has a bunch of issue --- prominently,
it doesn't try to unlock keys particularly --- but
does mostly work.
---

diff --git a/sshroot b/sshroot
new file mode 100755
index 0000000..75b1f98
--- /dev/null
+++ b/sshroot
@@ -0,0 +1,49 @@
+#!/bin/bash
+export KRB5CCNAME=/tmp/krb5cc_$(id -u).root
+export KRBTKFILE=/dev/null
+
+lifetime=900
+hostopt=""
+[ -z "$hostopt" ] && hostopt="${HOSTNAME}"
+[ -z "$hostopt" ] && hostopt=`uname -n 2>/dev/null || echo unknown`
+keys=~/.ssh/id_rsa_root
+
+function with-keys
+{
+    unset SSH_AUTH_SOCK SSH_AGENT_PID
+    eval $(keychain --eval --host "$hostopt-root")
+    exec "$@"
+}
+
+case $1 in
+    init)
+        shift;
+        unset SSH_AUTH_SOCK SSH_AGENT_PID
+        echo exec keychain --host "$hostopt-root" $keys
+        ;;
+    add)
+        with-keys ssh-add -t $lifetime "$@"
+        ;;
+    destroy)
+        with-keys ssh-add -D
+        ;;
+    shell)
+        HOSTNAME="`hostname` (sshroot)" with-keys $SHELL
+        ;;
+    ssh)
+        shift
+        with-keys ssh -l root "$@"
+        ;;
+    *)
+        if [ $# = 0 ]; then
+            echo "Usage: $0 init" >&2
+            echo "       $0 add" >&2
+            echo "       $0 destroy" >&2
+            echo "       $0 shell" >&2
+            echo "       $0 ssh [args]" >&2
+            echo "       $0 [cmd]" >&2
+        else
+            with-keys "$@"
+        fi
+        ;;
+esac