Merge pull request #28 from vst/21-report-authorized-ssh-keys

Report Authorized SSH Keys
vst · Mar 25, 2024 · 966828d · 966828d
2 parents 76b612f + 8cba4d2
commit 966828d
Show file tree

Hide file tree

Showing 8 changed files with 108 additions and 3 deletions.
diff --git a/src/Lhp/Remote.hs b/src/Lhp/Remote.hs
@@ -41,6 +41,7 @@ compileReport [email protected] {..} = do
   _reportKernel <- _mkKernel _hostName kvs
   _reportDistribution <- _mkDistribution _hostName kvs
   _reportDockerContainers <- _fetchHostDockerContainers _hostName
+  _reportSshAuthorizedKeys <- _fetchHostSshAuthorizedKeys _hostName
   pure Types.Report {..}
 
 
@@ -104,6 +105,19 @@ _fetchHostDockerContainers h =
         Right sv -> pure sv
 
 
+-- | Attempts to find and return all SSH authorized keys on the remote
+-- host.
+_fetchHostSshAuthorizedKeys
+  :: MonadIO m
+  => MonadError LhpError m
+  => Z.Ssh.Destination
+  -> m [T.Text]
+_fetchHostSshAuthorizedKeys h =
+  filter (not . T.null . T.strip) . T.lines . Z.Text.unsafeTextFromBL <$> prog
+  where
+    prog = _toSshError h (Z.Ssh.runScript h $(embedStringFile "src/scripts/ssh-keys.sh") ["bash"])
+
+
 -- | Smart constructor for remote host cloud information.
 _mkCloud
   :: MonadError LhpError m

diff --git a/src/Lhp/Types.hs b/src/Lhp/Types.hs
@@ -50,6 +50,7 @@ data Report = Report
   , _reportKernel :: !Kernel
   , _reportDistribution :: !Distribution
   , _reportDockerContainers :: !(Maybe [DockerContainer])
+  , _reportSshAuthorizedKeys :: ![T.Text]
   }
   deriving (Eq, Generic, Show)
   deriving (Aeson.FromJSON, Aeson.ToJSON) via (ADC.Autodocodec Report)
@@ -68,6 +69,7 @@ instance ADC.HasCodec Report where
             <*> ADC.requiredField "kernel" "Kernel information." ADC..= _reportKernel
             <*> ADC.requiredField "distribution" "Distribution information." ADC..= _reportDistribution
             <*> ADC.requiredField "dockerContainers" "List of Docker containers if the host is a Docker host." ADC..= _reportDockerContainers
+            <*> ADC.requiredField "sshAuthorizedKeys" "List of SSH authorized keys found on host." ADC..= _reportSshAuthorizedKeys
 
 
 -- * Cloud Information

diff --git a/src/scripts/ssh-keys.sh b/src/scripts/ssh-keys.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env sh
+
+###################
+# SHELL BEHAVIOUR #
+###################
+
+# Stop on errors:
+set -e
+
+#############
+# PROCEDURE #
+#############
+
+find \
+    /etc/ssh/authorized_keys.d/* \
+    $(cut -f6 -d ':' /etc/passwd | sort | uniq | xargs -I{} echo "{}/.ssh/authorized_keys") \
+    $(cut -f6 -d ':' /etc/passwd | sort | uniq | xargs -I{} echo "{}/.ssh/authorized_keys2") \
+    2>/dev/null |
+    sort -u |
+    xargs -I{} cat {} |
+    xargs -L1 echo |
+    grep -vE "^#" |
+    sort -u |
+    tr -s ' '
diff --git a/website/package-lock.json b/website/package-lock.json
diff --git a/website/package.json b/website/package.json
@@ -17,7 +17,8 @@
     "next": "14.1.3",
     "purify-ts": "^2.0.3",
     "react": "^18",
-    "react-dom": "^18"
+    "react-dom": "^18",
+    "react-toastify": "^10.0.5"
   },
   "devDependencies": {
     "@types/node": "^20",

diff --git a/website/src/app/page.tsx b/website/src/app/page.tsx
@@ -1,5 +1,8 @@
 import { AppMain } from '@/components/app';
 import Header from '@/components/header';
+import { ToastContainer } from 'react-toastify';
+
+import 'react-toastify/dist/ReactToastify.css';
 
 export default function Home() {
   return (
@@ -9,6 +12,8 @@ export default function Home() {
       <div className="flex w-full flex-grow">
         <AppMain />
       </div>
+
+      <ToastContainer autoClose={2000} />
     </main>
   );
 }
diff --git a/website/src/components/app/-app.tsx b/website/src/components/app/-app.tsx
@@ -6,6 +6,7 @@ import Image from 'next/image';
 import Link from 'next/link';
 import { Just, Maybe, Nothing } from 'purify-ts/Maybe';
 import { useState } from 'react';
+import { toast } from 'react-toastify';
 import { LhpData } from './-data';
 import { KVBox } from './-ui';
 
@@ -125,6 +126,9 @@ export function TabulateHosts({ hosts, onHostSelect }: { hosts: LhpData[]; onHos
           <TableColumn key="docker" align="center">
             Docker
           </TableColumn>
+          <TableColumn key="sshkeys" align="end">
+            SSH Keys
+          </TableColumn>
           <TableColumn key="tags">Tags</TableColumn>
         </TableHeader>
         <TableBody items={hosts}>
@@ -170,6 +174,7 @@ export function TabulateHosts({ hosts, onHostSelect }: { hosts: LhpData[]; onHos
                   ? '❌'
                   : `${host.dockerContainers.filter((x) => x.running).length} / ${host.dockerContainers.length}`}
               </TableCell>
+              <TableCell>{host.sshAuthorizedKeys.length}</TableCell>
               <TableCell className="space-x-1">
                 {(host.host.tags || []).map((x) => (
                   <Chip key={x} size="sm" color="primary" variant="flat" radius="sm">
@@ -186,6 +191,8 @@ export function TabulateHosts({ hosts, onHostSelect }: { hosts: LhpData[]; onHos
 }
 
 export function HostDetails({ host }: { host: LhpData }) {
+  const sshkeys = host.sshAuthorizedKeys.map((x) => [x, ...x.split(' ')]);
+
   return (
     <div>
       <h1 className="flex flex-row justify-between border-b border-gray-200 bg-white p-4 text-xl font-bold">
@@ -251,6 +258,32 @@ export function HostDetails({ host }: { host: LhpData }) {
         />
       </div>
 
+      <div className="p-4">
+        <Card radius="sm" shadow="sm">
+          <CardHeader className="text-lg font-bold">Authorized SSH Keys</CardHeader>
+
+          <CardBody>
+            <Listbox
+              items={sshkeys}
+              emptyContent={<span className="text-orange-400">No authorized SSH keys are found. Sounds weird?</span>}
+            >
+              {([sshkey, sshkeyType, _sshkeyContent, ...sshkeyComment]) => (
+                <ListboxItem
+                  key={sshkey}
+                  description={sshkey}
+                  onPress={() => {
+                    navigator.clipboard.writeText(sshkey);
+                    toast('SSH Key is copied to clipboard.');
+                  }}
+                >
+                  {`${sshkeyType} ${sshkeyComment.join(' ') || '<NO COMMENT>'}`}
+                </ListboxItem>
+              )}
+            </Listbox>
+          </CardBody>
+        </Card>
+      </div>
+
       <div className="p-4">
         <Card radius="sm" shadow="sm">
           <CardHeader className="text-lg font-bold">Docker Containers</CardHeader>

diff --git a/website/src/components/app/-data.tsx b/website/src/components/app/-data.tsx
@@ -120,8 +120,13 @@ export const LHP_PATROL_REPORT_SCHEMA = {
       required: ['os', 'machine', 'version', 'release', 'name', 'node'],
       type: 'object',
     },
+    sshAuthorizedKeys: {
+      $comment: 'List of SSH authorized keys found on host.',
+      items: { type: 'string' },
+      type: 'array',
+    },
   },
-  required: ['dockerContainers', 'distribution', 'kernel', 'hardware', 'cloud', 'host'],
+  required: ['sshAuthorizedKeys', 'dockerContainers', 'distribution', 'kernel', 'hardware', 'cloud', 'host'],
   type: 'object',
 } as const satisfies JSONSchema;