SSH-Key generation for helpers/borg.helper

Generating a RSA 4096 key pair for Borgbackup with ssh-keygen and a custom location for the keypair including input for a comment. Change-Id: I944117307cc2408a2aece2506424844f0417d9de Signed-off-by: Emil Breiner <emil.breiner@krumedia.com>

SSH-Key generation for helpers/borg.helper
eea3cfad · Emil Breiner · 5fd29735 · eea3cfad · eea3cfad
Commit eea3cfad authored Aug 13, 2020 by Emil Breiner
--- a/handlers/borg.helper.in
+++ b/handlers/borg.helper.in
@@ -79,13 +79,15 @@ do_borg_dest() {
   set -o noglob
   REPLY=
-   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" -o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_archive" -o -z "$borg_compression" ]
+   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" \
+   -o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_id_file" -o -z "$borg_archive" -o -z "$borg_compression" ]
   do
     formBegin "$borg_title - destination"
        formItem "directory" "$borg_directory"
        formItem "host" "$borg_host"
        formItem "port" "$borg_port"
        formItem "user" "$borg_user"
+        formItem "id_file" "$borg_id_file"
        formItem "archive_name" "$borg_archive"
        formItem "compression" "$borg_compression"
@@ -96,8 +98,9 @@ do_borg_dest() {
     borg_host=${tmp_array[1]}
     borg_port=${tmp_array[2]}
     borg_user=${tmp_array[3]}
-     borg_archive=${tmp_array[4]}
+     borg_id_file=${tmp_array[4]}
-     borg_compression=${tmp_array[5]}
+     borg_archive=${tmp_array[5]}
+     borg_compression=${tmp_array[6]}
  done
  set +o noglob
@@ -170,36 +173,43 @@ do_borg_ssh_con() {
      msgBox "$borg_title: error" "You must first configure the destination host."
      return 1
   else
-      booleanBox "$borg_title" "This step will create a ssh key for the local root user with no passphrase (if one does not already exist), and attempt to copy root's public ssh key to authorized_keys file of $borg_user@$borg_host. This will allow the local root to make unattended backups to $borg_user@$borg_host.\n\n\nAre you sure you want to continue?"
+      msg='This step will create a ssh key for the local root user with no passphrase (if one does not already exist), '\
+'and attempt to copy '"${borg_user}'s"' public ssh key to authorized_keys file of '"$borg_user@$borg_host"'. '\
+'This will allow the local root to make unattended backups to '"$borg_user@$borg_host.\n\n\n"\
+'Specify an optional comment for the keypair:'
+      inputBox "$borg_title" "${msg}"
      [ $? = 0 ] || return 1
+      key_comment=$REPLY
+   fi
+   if [ $? -eq 0 ]; then
+      echo "Creating local rsa keypair for user..."
+      if [ ! -f "$borg_id_file" ]; then
+        if [ "$key_comment" = "" ]; then
+            ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N ""
+        else
+            ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N "" -C "$key_comment"
+        fi
      fi
-   if [ ! -f /root/.ssh/id_dsa.pub -a ! -f /root/.ssh/id_rsa.pub ]; then
-      echo "Creating local root's ssh key"
-      ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
-      echo "Done. hit return to continue"
-      read
   fi
-   ssh -o PreferredAuthentications=publickey $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
+   ssh -o PreferredAuthentications=publickey -i $borg_id_file $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
   if [ $? -ne 0 ]; then
      echo "Copying root's public ssh key to authorized_keys of $borg_user@$borg_host. When prompted, specify the password for user $borg_user@$borg_host."
-      pubkeys=( /root/.ssh/id_[rd]sa.pub )
+      if ! ssh-copy-id -i "${borg_id_file}.pub" -p $borg_port $borg_user@$borg_host ; then
-      if ! ssh-copy-id -i ${pubkeys[0]} -p $borg_port $borg_user@$borg_host; then
         echo "FAILED: Couldn't copy root's public ssh key to authorized_keys of $borg_user@$borg_host."
         ssh -p $borg_port $borg_user@$borg_host 'test -w .ssh || test -w .'
         result=$?
         echo "Hit return to continue."
         read
         case $result in
-            0 )   msgBox "$borg_title: error" "Directories are writable: Probably just a typo the first time." ;;
+            0 )   msgBox "$borg_title: success" "Directories are writable." ;;
            1 )   msgBox "$borg_title: error" "Connected successfully to $borg_user@$borg_host, but unable to write. Check ownership and modes of ~$borg_user on $borg_host." ;;
            255 ) msgBox "$borg_title: error" "Failed to connect to $borg_user@$borg_host. Check hostname, username, and password. Also, make sure sshd is running on the destination host." ;;
            * )   msgBox "$borg_title: error" "Unexpected error (return code ${result})." ;;
         esac
         return
      else
-         echo "Done. hit return to continue"
+         echo "Done. Hit return to continue"
         read
      fi
   else
@@ -210,9 +220,9 @@ do_borg_ssh_con() {
   # test to see if the remote borg backup directory exists and is writable
   echo "Testing to see if remote borg backup directory exists and is writable"
-   ssh -p $borg_port $borg_user@$borg_host "test -d ${borg_directory}"
+   ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -d ${borg_directory}"
   if [ $? = 0 ]; then
-      ssh -p $borg_port $borg_user@$borg_host "test -w $borg_directory"
+      ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -w $borg_directory"
      if [ $? != 0 ]; then
         msgBox "destination directory is not writable!" "The remote destination directory is not writable by the user you specified. Please fix the permissions on the directory and then try again."
         remote_status=failed
@@ -220,7 +230,7 @@ do_borg_ssh_con() {
   else
      booleanBox "Remote directory does not exist" "The destination backup directory does not exist, do you want me to create it for you?"
      if [ $? = 0 ]; then
-         ssh -p $borg_port $borg_user@$borg_host "mkdir -p ${borg_directory}"
+         ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "mkdir -p ${borg_directory}"
         result=$?
         case $result in
            0) msgBox "$borg_title: success" "Creation of the remote destination directory was a success!";;
@@ -320,6 +330,7 @@ directory = $borg_directory
 host = $borg_host
 port = $borg_port
 user = $borg_user
+id_file = $borg_id_file
 archive = $borg_archive
 compression = $borg_compression
 encryption = $borg_encryption
@@ -377,6 +388,7 @@ borg_wizard() {
   borg_user=root
   borg_host=localhost
   borg_port=22
+   borg_id_file=/root/.ssh/id_rsa
   borg_archive='{now:%Y-%m-%dT%H:%M:%S}'
   borg_compression=lz4
   borg_encryption=none

--- a/handlers/borg.in
+++ b/handlers/borg.in
@@ -38,13 +38,14 @@ getconf user
 getconf host
 getconf port 22
 getconf directory
+getconf id_file /root/.ssh/id_rsa
 # strip trailing /
 directory=${directory%/}
 getconf archive {now:%Y-%m-%dT%H:%M:%S}
 getconf compression lz4
 getconf encryption none
 getconf passphrase
+export BORG_RSH="ssh -i $id_file"
 export BORG_PASSPHRASE="$passphrase"
 ### CHECK CONFIG ###
@@ -75,8 +76,8 @@ fi
 # check the connection at the source and destination
 [ -n "$test" ] || test=0
 if [ "$host" != "localhost" ] && ([ "$testconnect" = "yes" ] || [ "${test}" -eq 1 ]); then
-   debug "ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1'"
+   debug "ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1'"
-   local ret=$(ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1')
+   local ret=$(ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1')
   if [ "$ret" = 1 ]; then
      debug "Connected to $host as $user successfully"
   else
@@ -182,5 +183,6 @@ if [ "$prune" == "yes" ]; then
 fi
 unset BORG_PASSPHRASE
+unset BORG_RSH
 return 0