Added support for 'url: ssh://' line to the ssh extension

mijofa · Jul 27, 2022 · dbe5d12 · dbe5d12
1 parent eb03ae8
commit dbe5d12
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/ssh.bash b/ssh.bash
@@ -18,20 +18,37 @@ verify_file "$ssh_agent_helper"
 # All other arguments should go straight to SSH itself
 shift
 
-# FIXME: Allow for a "host: " or "^url: ssh" line
-ssh_host="${PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD##*/}"
+# Find a line that starts with 'url: ssh://' as openssh actually supports those URIs,
+# and 'url:' lines seem to be fairly standard in password-store GUIs and such.
+sshurl_meta="$(pass show "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" | grep --ignore-case --color=never --only-matching --perl-regexp '^url:\s+\Kssh://.*$')"
+if [[ -n "$sshurl_meta" ]] ; then
+    ssh_dest="$sshurl_meta"
+else
+    # We couldn't find a URL in the record itself, so we'll assume the filename matches the hostname
+    ssh_dest="${PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD##*/}"
+fi
+if [[ ! "$ssh_dest" =~ '@' ]] ; then
+    # There's no username in the url, so let's take it from the login: line
+    # NOTE: This takes the last login line to allow for a difference with the browser plugin taking the first login line.
+    #       Although you really should just put the username in the 'url: ssh://' line in that case
+    ssh_user="$(pass show "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" | grep --ignore-case --color=never --only-matching --perl-regexp '^login:\s+\K.*$' | tail -n1)"
+
+    ## NOTE: This adds the "@" on the end of the username so that I don't need to add any extra effort to deal with a non-existent 'login:' line
+    #ssh_user="$(pass show "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" | sed --quiet '/login:/ s/^.*:\s\+\(.*\)$/\1@/p')"
+fi
+
+# FIXME: Does *NOT* support spaces in $ssh_user, probably has issues with other special characters too
+ssh_cmd=('ssh' ${ssh_user:+-l} ${ssh_user} "$ssh_dest" "$@")
 
 first_line=$(pass show "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" | head -1) || exit $?
 if [[ "$first_line" =~ ^-----BEGIN.* ]] ; then
     # Entire file is an ssh key, create a temporary SSH agent and use it
     # FIXME: What if the there's an SSH key in the file *and* a password at the top?
-    "$ssh_agent_helper" "$@" ssh "$ssh_host"
+    "$ssh_agent_helper" "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" "${ssh_cmd[@]}"
 #elif [[ "$first_line" =~ ^otpauth:// ]] ; then
 #    # First line is an OTP URI, we actually don't need to do anything special here as it's handled in the askpass helper
 else
     # First line is a password or OTP URI, use it
-    # NOTE: This adds the "@" on the end of the username so that I don't need to add any extra effort to deal with a non-existent 'login:' line
-    ssh_user="$(pass show "$PASSWORD_STORE_SSH_ASKPASS_HELPER_RECORD" | sed --quiet '/login:/ s/^.*:\s\+\(.*\)$/\1@/p')"
 
-    ssh "${ssh_user}${ssh_host}" "$@"
+   "${ssh_cmd[@]}"
 fi
diff --git a/ssh.bash.sig b/ssh.bash.sig