#!/usr/bin/env bash # # Author: Georg Voell - georg.voell@standby.cloud # Version: @(#)get-authkeys 3.3.0 19.01.2026 (c)2026 Standby.cloud # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ # # This script can be used free of charge. Use it as is or customize as needed. It is not guaranteed to be # error free and you will not be reimbursed for any damage it may cause. # #@ This script is beeing called by AuthorizedKeysCommand from sshd_config. #@ If variable "keysfile" is set, the tool reads an JSON file and displays public ssh keys for the user. #@ The JSON could be in the instance metadata, on a webserver / objectstorge or in a local file. #@ JSON example: https://standby.cloud/download/samples/authorized_keys.json # # Update history: # # V 3.0.0 09.07.2020 New version # V 3.0.1 16.01.2021 Don't get original keys from instance metadata (because they can't be changed) # V 3.0.2 11.09.2021 By default - don't check keys in Instance Metadata # V 3.0.3 04.06.2023 Changed description # V 3.1.0 05.06.2023 New copyright # V 3.2.0 11.09.2024 New minor version # V 3.2.1 27.10.2025 Revised version # V 3.3.0 19.01.2026 Revised with support of Claude Code # # Exit codes: # 01: No admin scripts installed. # 02: No user specified. # 02: No jq installed. # 99: User interrupt. # # Find executable bash library and source it lib=$(command -v lib.bash 2>/dev/null) if [[ -n "$lib" ]]; then source "$lib" else progdir=$(dirname "$0") if [[ -r "${progdir}/lib.bash" ]]; then source "${progdir}/lib.bash" else echo "Unexpected error: Unable to locate bash library 'lib.bash'." exit 1 fi fi # Login user user="${1}" if [[ -z "$user" ]]; then exitcode=2 errormsg $exitcode "No user specified." exit $exitcode else if [[ "$user" = "ubuntu" ]]; then user="opc" fi fi # Preset metadata="instance/metadata" keysconfig="/etc/ssh/keys_config" # The file "keysconfig" defines where we get the keys from. Examples: # file:///etc/ssh/authorized_keys.json # Local file # http://169.254.169.254/opc/v2/instance/metadata # Instance metadata # https://standby.cloud/download/samples/authorized_keys.json # HTTP Server # https://frkzmjjrez4k.objectstorage.eu-frankfurt-1.oci.customer-oci.com/p/frhiTL_MDZAzDEQ5LIO2i96oPU6pgppMJVIXrhKSjf4lu4whaTiXBDMenVjQn1Sr/n/frkzmjjrez4k/b/Operations/o/Infra/authorized_keys.json # Main # Get keysfile from config file if [[ -s "$keysconfig" ]]; then keysfile=$(StripComment "$keysconfig" | grep -v '^$' | head -n 1) else keysfile="https://standby.cloud/download/samples/authorized_keys.json" fi # Only return keys if keysfile is defined if [[ "$keysfile" != "" ]]; then jq=$(command -v jq 2>/dev/null) if [[ "$jq" = "" ]]; then exitcode=3 errormsg $exitcode "Tool jq needs to be installed first." else if [[ "$keysfile" == *"$metadata"* ]]; then result="found" # Looking for instance metadata # sh -c "transfer --auth --quiet '"$keysfile"' | '"$jq"' .authorized_keys."'"${user}"'" > $scratchfile" transfer --auth --quiet "$keysfile" | "$jq" ".authorized_keys.\"${user}\"" > "$scratchfile" stat=$? else if [[ "$keysfile" == file://* ]]; then # Looking for keys in a local file keysfile="${keysfile#file://}" if [[ -s "$keysfile" ]]; then "$jq" ".authorized_keys.\"${user}\"" < "$keysfile" > "$scratchfile" stat=$? else stat=1 fi else # Looking for keys on a WebServer or ObjectStorage transfer --auth --quiet "$keysfile" | "$jq" ".authorized_keys.\"${user}\"" > "$scratchfile" stat=$? fi fi # Display keys if specified user was found if (( stat == 0 )) && [[ -s "$scratchfile" ]]; then result=$(head -n 1 "$scratchfile") if [[ "$result" != "null" ]]; then "$jq" -r '.[]' "$scratchfile" fi fi fi fi # Cleanup and exit with exitcode Cleanup exit $exitcode