SSH-Key generation for helpers/borg.helper

Generating a RSA 4096 key pair for Borgbackup with ssh-keygen and a custom location for the keypair including input for a comment.

Change-Id: I944117307cc2408a2aece2506424844f0417d9de
Signed-off-by: Emil Breiner <emil.breiner@krumedia.com>

handlers/borg.helper.in

@@ -79,13 +79,15 @@ do_borg_dest() {
 
    set -o noglob
    REPLY=
-   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" -o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_archive" -o -z "$borg_compression" ]
+   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" \
+   -o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_id_file" -o -z "$borg_archive" -o -z "$borg_compression" ]
    do
      formBegin "$borg_title - destination"
         formItem "directory" "$borg_directory"
         formItem "host" "$borg_host"
         formItem "port" "$borg_port"
         formItem "user" "$borg_user"
+        formItem "id_file" "$borg_id_file"
         formItem "archive_name" "$borg_archive"
         formItem "compression" "$borg_compression"
 
@@ -96,8 +98,9 @@ do_borg_dest() {
      borg_host=${tmp_array[1]}
      borg_port=${tmp_array[2]}
      borg_user=${tmp_array[3]}
-     borg_archive=${tmp_array[4]}
-     borg_compression=${tmp_array[5]}
+     borg_id_file=${tmp_array[4]}
+     borg_archive=${tmp_array[5]}
+     borg_compression=${tmp_array[6]}
   done
   set +o noglob
 
@@ -170,36 +173,43 @@ do_borg_ssh_con() {
       msgBox "$borg_title: error" "You must first configure the destination host."
       return 1
    else
-      booleanBox "$borg_title" "This step will create a ssh key for the local root user with no passphrase (if one does not already exist), and attempt to copy root's public ssh key to authorized_keys file of $borg_user@$borg_host. This will allow the local root to make unattended backups to $borg_user@$borg_host.\n\n\nAre you sure you want to continue?"
+      msg='This step will create a ssh key for the local root user with no passphrase (if one does not already exist), '\
+'and attempt to copy '"${borg_user}'s"' public ssh key to authorized_keys file of '"$borg_user@$borg_host"'. '\
+'This will allow the local root to make unattended backups to '"$borg_user@$borg_host.\n\n\n"\
+'Specify an optional comment for the keypair:'
+      inputBox "$borg_title" "${msg}"
       [ $? = 0 ] || return 1
+      key_comment=$REPLY
    fi
-
-   if [ ! -f /root/.ssh/id_dsa.pub -a ! -f /root/.ssh/id_rsa.pub ]; then
-      echo "Creating local root's ssh key"
-      ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
-      echo "Done. hit return to continue"
-      read
+   if [ $? -eq 0 ]; then
+      echo "Creating local rsa keypair for user..."
+      if [ ! -f "$borg_id_file" ]; then
+        if [ "$key_comment" = "" ]; then
+            ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N ""
+        else
+            ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N "" -C "$key_comment"
+        fi
+      fi
    fi
 
-   ssh -o PreferredAuthentications=publickey $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
+   ssh -o PreferredAuthentications=publickey -i $borg_id_file $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
    if [ $? -ne 0 ]; then
       echo "Copying root's public ssh key to authorized_keys of $borg_user@$borg_host. When prompted, specify the password for user $borg_user@$borg_host."
-      pubkeys=( /root/.ssh/id_[rd]sa.pub )
-      if ! ssh-copy-id -i ${pubkeys[0]} -p $borg_port $borg_user@$borg_host; then
+      if ! ssh-copy-id -i "${borg_id_file}.pub" -p $borg_port $borg_user@$borg_host ; then
          echo "FAILED: Couldn't copy root's public ssh key to authorized_keys of $borg_user@$borg_host."
          ssh -p $borg_port $borg_user@$borg_host 'test -w .ssh || test -w .'
          result=$?
          echo "Hit return to continue."
          read
          case $result in
-            0 )   msgBox "$borg_title: error" "Directories are writable: Probably just a typo the first time." ;;
+            0 )   msgBox "$borg_title: success" "Directories are writable." ;;
             1 )   msgBox "$borg_title: error" "Connected successfully to $borg_user@$borg_host, but unable to write. Check ownership and modes of ~$borg_user on $borg_host." ;;
             255 ) msgBox "$borg_title: error" "Failed to connect to $borg_user@$borg_host. Check hostname, username, and password. Also, make sure sshd is running on the destination host." ;;
             * )   msgBox "$borg_title: error" "Unexpected error (return code ${result})." ;;
          esac
          return
       else
-         echo "Done. hit return to continue"
+         echo "Done. Hit return to continue"
          read
       fi
    else
@@ -210,9 +220,9 @@ do_borg_ssh_con() {
 
    # test to see if the remote borg backup directory exists and is writable
    echo "Testing to see if remote borg backup directory exists and is writable"
-   ssh -p $borg_port $borg_user@$borg_host "test -d ${borg_directory}"
+   ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -d ${borg_directory}"
    if [ $? = 0 ]; then
-      ssh -p $borg_port $borg_user@$borg_host "test -w $borg_directory"
+      ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -w $borg_directory"
       if [ $? != 0 ]; then
          msgBox "destination directory is not writable!" "The remote destination directory is not writable by the user you specified. Please fix the permissions on the directory and then try again."
          remote_status=failed
@@ -220,7 +230,7 @@ do_borg_ssh_con() {
    else
       booleanBox "Remote directory does not exist" "The destination backup directory does not exist, do you want me to create it for you?"
       if [ $? = 0 ]; then
-         ssh -p $borg_port $borg_user@$borg_host "mkdir -p ${borg_directory}"
+         ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "mkdir -p ${borg_directory}"
          result=$?
          case $result in
             0) msgBox "$borg_title: success" "Creation of the remote destination directory was a success!";;
@@ -320,6 +330,7 @@ directory = $borg_directory
 host = $borg_host
 port = $borg_port
 user = $borg_user
+id_file = $borg_id_file
 archive = $borg_archive
 compression = $borg_compression
 encryption = $borg_encryption
@@ -377,6 +388,7 @@ borg_wizard() {
    borg_user=root
    borg_host=localhost
    borg_port=22
+   borg_id_file=/root/.ssh/id_rsa
    borg_archive='{now:%Y-%m-%dT%H:%M:%S}'
    borg_compression=lz4
    borg_encryption=none

handlers/borg.in

@@ -38,13 +38,14 @@ getconf user
 getconf host
 getconf port 22
 getconf directory
+getconf id_file /root/.ssh/id_rsa
 # strip trailing /
 directory=${directory%/}
 getconf archive {now:%Y-%m-%dT%H:%M:%S}
 getconf compression lz4
 getconf encryption none
 getconf passphrase
-
+export BORG_RSH="ssh -i $id_file"
 export BORG_PASSPHRASE="$passphrase"
 
 ### CHECK CONFIG ###
@@ -75,8 +76,8 @@ fi
 # check the connection at the source and destination
 [ -n "$test" ] || test=0
 if [ "$host" != "localhost" ] && ([ "$testconnect" = "yes" ] || [ "${test}" -eq 1 ]); then
-   debug "ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1'"
-   local ret=$(ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1')
+   debug "ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1'"
+   local ret=$(ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1')
    if [ "$ret" = 1 ]; then
       debug "Connected to $host as $user successfully"
    else
@@ -182,5 +183,6 @@ if [ "$prune" == "yes" ]; then
 fi
 
 unset BORG_PASSPHRASE
+unset BORG_RSH
 
 return 0