Added code and stuff to the README

dmotte · Apr 23, 2022 · a082cca · a082cca
1 parent 903b65c
commit a082cca
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,2 +1,41 @@
 # sshkp
-Script to execute an SSH command using a password from a KeePass database
+
+:snake: Script to execute an **SSH command** using a password from a **KeePass database**.
+
+This project uses the [pykeepass](https://pypi.org/project/pykeepass/) library and the `sshpass` command line utility.
+
+Note that, for this to work, the title of your KeePass database entry should be written in a form that can be used with the `ssh` command, e.g. `user@hostname`.
+
+## Usage
+
+```bash
+export KP_FILENAME="/path/to/my/keepass/database.kdbx"
+read -p "Password: " -s KP_PASSWORD && export KP_PASSWORD
+sshkp user@hostname ls -la  # executes a command
+sshkp user@hostname .print  # just prints the SSH password
+```
+
+If you don't set the `KP_PASSWORD` environment variable before calling the script, the password will be asked at runtime.
+
+See `sshkp --help` for more information.
+
+It is advised to install the script in a directory under your `$PATH` (see [below](#installation)).
+
+## Installation
+
+To install _sshkp_ you need to execute the following commands as root:
+
+```bash
+apt update && apt install sshpass python3-pip
+pip3 install -r requirements.txt
+
+curl -Lo "/usr/local/bin/sshkp" \
+    https://github.com/dmotte/sshkp/releases/latest/download/sshkp
+chmod +x "/usr/local/bin/sshkp"
+```
+
+:information_source: For **user installation** (no root needed, will only work for current user) we recommend `~/.local/bin` instead of `/usr/local/bin`. If it's not in your `$PATH`, you can add the following to your `.bashrc` or `.zshrc`:
+
+```bash
+export PATH="~/.local/bin:$PATH"
+```
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+pykeepass==4.0.1
diff --git a/sshkp b/sshkp
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+
+import argparse
+import getpass
+import os
+
+from pykeepass import PyKeePass
+
+
+def main():
+    parser = argparse.ArgumentParser(description='''
+        Executes an SSH command with a password from a KeePass database.
+        This script supports two environment variables: KP_FILENAME (mandatory)
+        and KP_PASSWORD (optional)
+    ''')
+
+    parser.add_argument('entryname', metavar='ENTRYNAME', type=str,
+                        help='KeePass entry name')
+    parser.add_argument('command', metavar='COMMAND', nargs=argparse.REMAINDER,
+                        help='''SSH command. If the command equals to ".print",
+                        then it just prints the password without executing
+                        anything else''')
+
+    args = vars(parser.parse_args())
+
+    ############################################################################
+
+    entryname = args['entryname']
+    command = args['command']
+
+    kp_filename = os.getenv('KP_FILENAME')
+    kp_password = os.getenv('KP_PASSWORD')
+
+    if kp_filename is None:
+        raise Exception('KP_FILENAME environment variable not defined')
+    if kp_password is None:
+        kp_password = getpass.getpass('KeePass password: ')
+
+    ############################################################################
+
+    kp = PyKeePass(kp_filename, kp_password)
+
+    entry = kp.find_entries_by_title(entryname, first=True)
+
+    if entry is None:
+        raise Exception('KeePass entry not found')
+
+    ############################################################################
+
+    if len(command) >= 1 and command[0] == '.print':
+        print(entry.password)
+        return
+
+    os.execve(
+        '/usr/bin/sshpass',
+        ['sshpass', '-e', 'ssh', entryname] + command,
+        {'SSHPASS': entry.password},
+    )
+
+
+if __name__ == '__main__':
+    main()