1 files changed, 49 insertions, 0 deletions

diff --git a/roles/git/files/git-shell-commands/addkey b/roles/git/files/git-shell-commands/addkey
new file mode 100644
index 0000000..670fd94
--- /dev/null
+++ b/roles/git/files/git-shell-commands/addkey
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# ~/git-shell-commands/addkey
+#
+# An interactive command to add a new SSH public key to the authorized
+# key list.  To ensure the integrity of the authorized_keys file, the
+# script makes sure you've entered a valid key (which must be entered
+# all on one line).  For security, the script also disables some SSH
+# options for the key when it adds it. 
+#
+# NOTE:
+# This interactive command is NOT allowed through a SSH connection,
+# use `sudo su - git` from other (admin) user instead.
+#
+# Credit:
+# * Hosting an admin-friendly git server with git-shell
+#   http://planzero.org/blog/2012/10/24/hosting_an_admin-friendly_git_server_with_git-shell
+#
+# Aaron LI
+# 2017-06-18
+#
+
+if [ -n "${SSH_CONNECTION}" ]; then
+    echo "Sorry, this command is not allowed through a SSH connection"
+    exit 1
+fi
+
+# Read in the SSH key
+echo "Input the SSH public key to be added (ED25519/RSA):"
+read key
+
+# Generate a fingerprint
+fingerprint=$(echo "${key}" | ssh-keygen -lf -)
+
+# Check for errors
+if [ $(echo "${fingerprint}" | egrep -c '(ED25519|RSA)') -eq 0 ]; then
+    # Display the fingerprint error and clean up
+    echo "Invalid key: ${fingerprint}"
+    exit 1
+fi
+
+# Add the key to the authorized keys file and clean up
+[ ! -d "${HOME}/.ssh" ] && mkdir -m 0700 ${HOME}/.ssh
+echo ${key} >> ${HOME}/.ssh/authorized_keys
+chmod 0600 ${HOME}/.ssh/authorized_keys
+
+# Display the fingerprint for reference
+echo "Success! Added a key with the following fingerprint:"
+echo ${fingerprint}