install-scripts/ssh/install_altinea_pubkey.sh

#!/bin/sh

RSA_FINGERPRINT="2048 SHA256:pBz+GiWLvh9uccTB50HTQOCXhD9FZPFin/tfGKAZApQ"
RSA_KEYURL="https://gitlab.altinea.fr/altinea/install-scripts/raw/branch/master/ssh/altinea-rsa.pub"
ED25519_FINGERPRINT="256 SHA256:TagxgsBxZhHFWiThYwe/hZSYjLBOHWBY2Ss0QsipmTw noc@altinea.fr"
ED25519_KEYURL="https://gitlab.altinea.fr/altinea/install-scripts/raw/branch/master/ssh/altinea-ed25519.pub"
RSAFALLBACK_FINGERPRINT="4096 SHA256:JnvBDtH6kqtno8GpjmZtppwqPGZYJJ0s/+1czIMdeiM"
RSAFALLBACK_URL="https://gitlab.altinea.fr/altinea/install-scripts/raw/branch/master/ssh/support@altinea.fr.pub"

if [ -x "$(which curl)" ] ; then
	COMMAND="curl -s "
	echo "Found curl, using it"
elif [ -x "$(which wget)" ]; then
	COMMAND="wget -q -O - "
	echo "Found wget, fallback to that"
else
	echo "Could not find curl or wget, please install one." >&2
	exit 3;
fi

if [ ! -d ~/.ssh ]; then
	mkdir ~/.ssh
	chmod 700 ~/.ssh
fi

if [ -w ~/.ssh/authorized_keys2 ]
then
	echo "It seems you're still relying on authorized_keys2, this is (almost) deprecated."
	exit 1;
else
	touch ~/.ssh/authorized_keys
	if [ $(ssh-keygen -E sha256 -lf ~/.ssh/authorized_keys 2>/dev/null |grep -c "$RSA_FINGERPRINT") -ne 0 ]
	then
		echo "Altinea RSA CA fingerprint found in authorized_keys file, not adding"
	else
		$COMMAND $RSA_KEYURL >> ~/.ssh/authorized_keys
		echo "Altinea RSA CA key deployed on account" `whoami`
	fi
	if [ $(ssh-keygen -E sha256 -lf ~/.ssh/authorized_keys 2>/dev/null |grep -c "$ED25519_FINGERPRINT") -ne 0 ]
	then
		echo "Altinea ED25519 CA fingerprint found in authorized_keys file, not adding"
	else
		$COMMAND $ED25519_KEYURL >> ~/.ssh/authorized_keys
		echo "Altinea ED25519 CA key deployed on account" `whoami`
	fi
	if [ $(ssh-keygen -E sha256 -lf ~/.ssh/authorized_keys 2>/dev/null |grep -c "$RSAFALLBACK_FINGERPRINT") -ne 0 ]
	then
		echo "Altinea fallback RSA fingerprint found in authorized_keys file, not adding"
	else
		$COMMAND $RSAFALLBACK_URL >> ~/.ssh/authorized_keys
	fi
fi

exit 0;