Add pam_exec-ssh

2021-04-30 21:10:21 +01:00 · 2021-04-30 21:10:21 +01:00 · 7c0a4af2c8
commit 7c0a4af2c8
parent a684435199
2 changed files with 51 additions and 3 deletions
--- a/.config/ssh-agent/pam_exec-ssh
+++ b/.config/ssh-agent/pam_exec-ssh
@ -0,0 +1,35 @@
+#!/bin/sh
+
+agent_add_key () {
+    expect << EOF
+        log_user 0
+
+        spawn ssh-add $1
+        expect "Enter passphrase for $1" {
+            send "$2\r"
+            expect {
+                "Identity added: $1" {
+                    send "$2\r"
+                    exit 0
+                }
+                "Bad passphrase, try again" {
+                    exit 1
+                }
+            }
+        }
+EOF
+}
+
+read -r PAM_PASS
+PAM_PASS=$(echo "$PAM_PASS" | sed 's/\$/\\\$/')
+
+SSH_AUTH_SOCK=/run/user/$(id -u "$PAM_USER")/ssh-agent.socket
+export SSH_AUTH_SOCK
+
+if [ -d /home/"$PAM_USER"/.ssh/unlock.d/ ]; then
+    find /home/"$PAM_USER"/.ssh/unlock.d/ -maxdepth 1 ! -wholename "/home/$PAM_USER/.ssh/unlock.d/" ! -name "config" ! -name "known_hosts" ! -name "*.pub" | while read -r key; do
+        agent_add_key "$key" "$PAM_PASS" &
+    done
+fi
+
+exit 0
--- a/19
+++ b/19
@ -1,10 +1,10 @@
 #!/bin/sh -e

+repo_dir=$(readlink -f $(dirname "$0"))
+
 link() {
  [ -L "~/.config" ] || return 0

-  repo_dir=$(readlink -f $(dirname "$0"))
-
  for file in ".profile" ".zprofile" ".config"; do
    ln -sf "$repo_dir/$file" "~/$file"
  done
@ -59,6 +59,19 @@ install() {
  [ -d "/usr/share/themes/Nova" ] || sudo git clone \
    https://git.vimium.com/jordan/gtk-nova-theme.git \
    /usr/share/themes/Nova
+
+  [ -x "/usr/bin/pam_exec-ssh" ] || {
+    sudo install -m755 \
+      "$repo_dir/.config/ssh-agent/pam_exec-ssh" \
+      /usr/bin/pam_exec-ssh
+      mkdir ~/.ssh/unlock.d
+      ln -s ~/.ssh/id_ed25519 ~/.ssh/unlock.d/id_ed25519
+    }
 }

-install && link
+configure() {
+  systemctl --user enable ssh-agent
+  systemctl --user enable sway
+}
+
+install && link && configure