-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathfgt-pubkey-upload.py
executable file
·131 lines (117 loc) · 4.03 KB
/
fgt-pubkey-upload.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
import paramiko
import argparse
from ConfigParser import SafeConfigParser
import time
import getpass
sleepTime = 0.2
recvSize = 1024 # max nr of bytes to read
def parseArgs():
# Parse arguments and display help
parser = argparse.ArgumentParser(description='Tool that copies You publickey to FortiGate devices')
# parser.add_argument('-d', help='IP address of configured device', action="store_const", const="192.168.1.99")
# parser.add_argument('-u', help='username', action='store_const', const="admin")
# parser.add_argument('-p', help='password', action='store')
# parser.add_argument('-c', help='config file', action='store')
parser.add_argument('-d', help='IP address of configured device', default="192.168.1.99")
parser.add_argument('-u', help='username', default="admin")
parser.add_argument('-p', help='password', default="")
parser.add_argument('-c', help='config file')
args = parser.parse_args()
return args
def configParser(parser, args, location):
if parser.has_option(location, 'device'):
device = parser.get(location, 'device')
else:
device = "192.168.1.99"
if parser.has_option(location, 'user'):
user = parser.get(location, 'user')
else:
user = "admin"
if parser.has_option(location, 'pass'):
password = parser.get(location, 'pass')
else:
password = ""
return (device, user, password)
def connect(device, user, passw):
# Connect to FGT device.
global ssh
global chan
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(device, username=user, password=passw)
chan = ssh.invoke_shell()
def disconnect():
# Disconnect from FGT device
chan.close()
ssh.close()
def exeCommand(command):
# Execute command on FGT device.
chan.send('%s\n' % command)
time.sleep(sleepTime)
resp = chan.recv(recvSize)
return resp
def checkVDOMs():
# Check if VDOMs are enabled
vdoms = 0
resp = exeCommand('conf global')
if "Command fail" not in resp:
vdoms = 1
return vdoms
def checkSSHkeys(user):
# Check if script can upload new SSH public key
keyNr = 0
exeCommand('config system admin')
exeCommand('edit %s' % user)
resp = exeCommand('show full-configuration | grep ssh-public-key')
if "unset ssh-public-key1" in resp:
keyNr = 1
elif "unset ssh-public-key2" in resp:
keyNr = 2
elif "unset ssh-public-key3" in resp:
keyNr = 3
return keyNr
def uploadKey(keyNr, user):
username = getpass.getuser()
try:
f = open('/home/%s/.ssh/id_rsa.pub' % username, 'r')
pubKey = f.readline()
f.close()
except:
print('Could not open file /home/%s/.ssh/id_rsa.pub' % username)
newKey = str('set ssh-public-key%s "%s"' % (keyNr, pubKey))
newKey = newKey.replace('\n', '')
resp = exeCommand(newKey)
if "Key value already exist" in resp:
print("Sorry, Your key is already added to admin account: %s" % user)
def main():
# Main function of this program.
args = parseArgs()
if args.c:
parser = SafeConfigParser()
parser.read('%s' % args.c)
for location in parser.sections():
device, user, password = configParser(parser, args, location)
print("===DEVICE: %s===" % location)
connect(device, user, password)
checkVDOMs()
keyNr = checkSSHkeys(user)
if keyNr == 0:
print("Sorry, there isn't any free key slot, I can't overwrite existing key")
else:
uploadKey(keyNr, user)
else:
device = args.d
user = args.u
password = args.p
connect(device, user, password)
checkVDOMs()
keyNr = checkSSHkeys(user)
if keyNr == 0:
print("Sorry, there isn't any free key slot, I can't overwrite existing key")
else:
uploadKey(keyNr, user)
disconnect()
if __name__ == "__main__":
main()