| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- #!/usr/bin/env python3
- """
- Sync SSH public keys from database to /home/tunnel/.ssh/authorized_keys
- Run this script when devices register or keys change.
- """
- import asyncio
- from pathlib import Path
- from sqlalchemy import select
- from app.core.database import async_session_maker
- from app.models.device import Device
- AUTHORIZED_KEYS_PATH = Path("/home/tunnel/.ssh/authorized_keys")
- async def sync_ssh_keys():
- """Sync all device SSH keys to authorized_keys file."""
- async with async_session_maker() as session:
- # Get all devices with SSH public keys
- result = await session.execute(select(Device))
- devices = result.scalars().all()
- keys = []
- for device in devices:
- if device.config and 'ssh_public_key' in device.config:
- ssh_key = device.config['ssh_public_key'].strip()
- if ssh_key:
- # Add comment with device MAC
- keys.append(f"{ssh_key} # {device.mac_address}")
- print(f"Found {len(keys)} SSH keys in database")
- # Write to authorized_keys
- authorized_keys_content = "\n".join(keys) + "\n" if keys else ""
- # Need sudo to write
- import subprocess
- subprocess.run(
- ["sudo", "tee", str(AUTHORIZED_KEYS_PATH)],
- input=authorized_keys_content.encode(),
- stdout=subprocess.DEVNULL,
- check=True
- )
- # Set permissions
- subprocess.run(
- ["sudo", "chmod", "600", str(AUTHORIZED_KEYS_PATH)],
- check=True
- )
- subprocess.run(
- ["sudo", "chown", "tunnel:tunnel", str(AUTHORIZED_KEYS_PATH)],
- check=True
- )
- print(f"Synced {len(keys)} keys to {AUTHORIZED_KEYS_PATH}")
- return len(keys)
- if __name__ == "__main__":
- asyncio.run(sync_ssh_keys())
|
