Update generate_ssh_Key_and_cert.sh

Allow for up to 3 tries of signing the cert in case of incorrect
password entry.
This commit is contained in:
Stephen Seo 2023-12-26 15:16:42 +09:00
parent f1ff72a66c
commit 105413e533

View file

@ -150,19 +150,33 @@ else
fi fi
if (( CA_KEY_THROUGH_SSH_AGENT )) && [[ -r "$CA_KEY_PATH" ]]; then if (( CA_KEY_THROUGH_SSH_AGENT )) && [[ -r "$CA_KEY_PATH" ]]; then
for ((i=0; i<3; ++i)); do
echo 'Signing certificate...'
(( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
ssh-keygen -Us "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}" ssh-keygen -Us "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
if (( $? != 0 )); then if (( $? != 0 )); then
echo "ERROR: Failed to sign certificate!" echo "ERROR: Failed to sign certificate!"
if (( i >= 2 )); then
exit 1 exit 1
fi fi
else
break
fi
done
elif [[ -r "$CA_KEY_PATH" ]]; then elif [[ -r "$CA_KEY_PATH" ]]; then
for ((i=0; i<3; ++i)); do
echo 'Signing certificate...'
(( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null (( GPG_AGENT_ENABLED )) && gpg-connect-agent updatestartuptty /bye >&/dev/null
ssh-keygen -s "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}" ssh-keygen -s "$CA_KEY_PATH" -I "$USER_KEY_IDENTIFIER" -V "$USER_KEY_EXPIRE_TIME" -n "$USER_KEY_USER_NAME" "${USER_PUBKEY_NAME}"
if (( $? != 0 )); then if (( $? != 0 )); then
echo "ERROR: Failed to sign certificate!" echo "ERROR: Failed to sign certificate!"
if (( i >= 2 )); then
exit 1 exit 1
fi fi
else
break
fi
done
else else
echo "ERROR: Invalid settings for CA key!" echo "ERROR: Invalid settings for CA key!"
exit 1 exit 1