From 632716f908ee5f702c17e49751dfd519e87393ee Mon Sep 17 00:00:00 2001 From: Joao Jacome Date: Sat, 7 Mar 2020 17:22:01 +0000 Subject: [PATCH] Initial commit --- README.md | 31 +++++++++++++++++++++++++++ ssh.py | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ start.sh | 3 +++ 3 files changed, 98 insertions(+) create mode 100644 README.md create mode 100755 ssh.py create mode 100755 start.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..24ba3b8 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# Bitwarden SSH Agent + +## Requirements + +* You need to have the bitwarden cli `bw` installed +* ssh-agent must be running in the current session + +## What it does? + +* connects to bitwarden using the bitwarden cli +* looks for a folder called `ssh-agent` +* loads the ssh key for each item in that folder + +## How to use it + +`$ ./start.sh` + +Fill in you login information + + +## Storing the keys in BitWarden + +1. Create a folder called 'ssh-agent' +2. Add an new secure note to that folder +3. Upload the private_key as an attachment +4. add the custom field `private`, containing the private key filename + + +## Improvements to be made + +* Find a way to extract the attachment from bitwarden in memory, instead of creating a file for it diff --git a/ssh.py b/ssh.py new file mode 100755 index 0000000..8e85dd3 --- /dev/null +++ b/ssh.py @@ -0,0 +1,64 @@ +import subprocess +import os +import sys +import json +from urllib.parse import urlparse, urlencode +from urllib.request import urlopen, Request +from urllib.error import HTTPError + +try: + subprocess.check_output(['bw', 'logout']) +except: + pass + +try: + session = subprocess.check_output(['bw', '--raw', 'login']) + session = ['--session', session] +except: + print('Couldnt login!') + sys.exit(1) + +try: + folders = subprocess.check_output(['bw','list', 'folders', '--search', 'ssh-agent'] + session) + folders = json.loads(folders) + if not folders: + raise AttributeError + if len(folders) != 1: + raise ValueError +except AttributeError: + print('Couldnt find ssh-agent folder!') + sys.exit(1) +except ValueError: + print('More than one ssh-agent folder found!') + sys.exit(1) +except: + print('Error retrieving folders.') + sys.exit(1) + +folder = folders[0]['id'] + +try: + items = subprocess.check_output(['bw', 'list', 'items', '--folderid', folder, 'ssh-agent'] + session) + items = json.loads(items) +except Exception as e: + print('Cant fint items.') + print(e) + sys.exit(1) + +keys = [] +try: + for item in items: + private_key_file = [k['value'] for k in item['fields'] if k['name'] == 'private' and k['type'] == 0][0] + + private_key_id = [k['id'] for k in item['attachments'] if k['fileName'] == private_key_file][0] + + # would be nice if there was an option to retrieve the attachment file directly to the stdout + subprocess.check_output(['bw', 'get', 'attachment', private_key_id, '--itemid', item['id'], '--output', './private_key'] + session) + private_key = open('private_key', 'r').read() + os.remove('./private_key') + keys.append({'private_key': private_key}) +except: + print('Something happened.') + sys.exit(1) + +print(';'.join([k['private_key'] for k in keys])) diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..f98a366 --- /dev/null +++ b/start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +KEYS=$(/usr/bin/env python ssh.py) +ssh-add - <<< "${KEYS}"