Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for specifying the lifetime with ssh-add #42

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Support for specifying the lifetime with ssh-add #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ccc59c8
feat: added support for specifying liftime
Jun 17, 2023
c947ead
Merge branch 'master' into lifetime-orig
cargocultprogramming Nov 27, 2023
61d3346
black formatted
cargocultprogramming Nov 27, 2023
5419091
black formatter defaults
cargocultprogramming Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,11 @@ Fetches SSH keys stored in Bitwarden vault and adds them to `ssh-agent`.
* `--customfield`/`-c` - Custom field name where private key filename is stored _(default: private)_
* `--passphrasefield`/`-p` - Custom field name where passphrase for the key is stored _(default: passphrase)_
* `--session`/`-s` - session key of bitwarden
* `--lifetime`/`-t` - Maximum sshd lifetime (e.g. 60s, 30m, 2h30m) of keys; defaults to 4h

## Setting up the Bitwarden CLI tool
Download the [Bitwarden CLI](https://bitwarden.com/help/cli/), extract the binary from the zip file, make it executable and add it to your path so that it can be found on the command line.

On linux you will likely want to move the executable to `~/.local/bin` and make it executable `chmod +x ~/.local/bin/bw`. `~/.local/bin` is likely already set as a path. You can confirm that by running `which bw`, which should return the path to the executable. You can use the same approach to turn `bw_add_sshkeys.py` into an executable.

If you want to build the Bitwarden CLI by yourself, see [these instructions on the bitwarden github page](https://contributing.bitwarden.com/getting-started/clients/cli).
If you want to build the Bitwarden CLI by yourself, see [these instructions on the bitwarden github page](https://contributing.bitwarden.com/getting-started/clients/cli).
31 changes: 25 additions & 6 deletions bw_add_sshkeys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ def add_ssh_keys(
session: str,
items: list[dict[str, Any]],
keyname: str,
lifetime: str,
pwkeyname: str,
) -> None:
"""
Expand All @@ -112,7 +113,9 @@ def add_ssh_keys(
continue
except KeyError as error:
logging.debug(
'No key "%s" found in item %s - skipping', error.args[0], item["name"]
'No key "%s" found in item %s - skipping',
error.args[0],
item["name"],
)
continue
logging.debug("Private key file declared")
Expand All @@ -127,7 +130,9 @@ def add_ssh_keys(
logging.warning('No "%s" field found for item %s', pwkeyname, item["name"])
except KeyError as error:
logging.debug(
'No key "%s" found in item %s - skipping', error.args[0], item["name"]
'No key "%s" found in item %s - skipping',
error.args[0],
item["name"],
)

try:
Expand All @@ -146,12 +151,14 @@ def add_ssh_keys(
logging.debug("Private key ID found")

try:
ssh_add(session, item["id"], private_key_id, private_key_pw)
ssh_add(session, item["id"], private_key_id, lifetime, private_key_pw)
except subprocess.SubprocessError:
logging.warning("Could not add key to the SSH agent")


def ssh_add(session: str, item_id: str, key_id: str, key_pw: str = "") -> None:
def ssh_add(
session: str, item_id: str, key_id: str, lifetime: str, key_pw: str = ""
) -> None:
"""
Function to get the key contents from the Bitwarden vault
"""
Expand Down Expand Up @@ -188,7 +195,7 @@ def ssh_add(session: str, item_id: str, key_id: str, key_pw: str = "") -> None:
logging.debug("Running ssh-add")
# CAVEAT: `ssh-add` provides no useful output, even with maximum verbosity
subprocess.run(
["ssh-add", "-"],
["ssh-add", "-t", lifetime, "-"],
input=ssh_key.encode("utf-8"),
# Works even if ssh-askpass is not installed
env=envdict,
Expand Down Expand Up @@ -234,6 +241,12 @@ def parse_args() -> argparse.Namespace:
default="",
help="session key of bitwarden",
)
parser.add_argument(
"-t",
"--lifetime",
default="4h",
help="maximum sshd lifetime (e.g. 60s, 30m, 2h30m) of keys; defaults to 4h",
)

return parser.parse_args()

Expand Down Expand Up @@ -263,7 +276,13 @@ def main() -> None:
items = folder_items(session, folder_id)

logging.info("Attempting to add keys to ssh-agent")
add_ssh_keys(session, items, args.customfield, args.passphrasefield)
add_ssh_keys(
session,
items,
args.customfield,
args.lifetime,
args.passphrasefield,
)
except subprocess.CalledProcessError as error:
if error.stderr:
logging.error('"%s" error: %s', error.cmd[0], error.stderr)
Expand Down