diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index 1beaab2e2b..d691390725 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -276,4 +276,10 @@ Role Options: -key_bits Length of RSa dynamic key in bits. Optional for 'dynamic' type. Not applicable for 'otp' type. + + -install_script Script used to install and uninstall public keys in the target + machine. Required for 'dynamic' type. Not applicable for 'otp' + type. + [For Linux, refer https://github.com/hashicorp/vault/tree/master/ + builtin/logical/ssh/scripts/key-install-linux.sh] ` diff --git a/command/ssh.go b/command/ssh.go index b72a838fc2..8eba365ce9 100644 --- a/command/ssh.go +++ b/command/ssh.go @@ -75,7 +75,7 @@ func (c *SSHCommand) Run(args []string) int { c.Ui.Error(fmt.Sprintf("Error setting default role: %s", err)) return 1 } - c.Ui.Output(fmt.Sprintf("Vault SSH: Role: %s\n", role)) + c.Ui.Output(fmt.Sprintf("Vault SSH: Role: %s", role)) } data := map[string]interface{}{ @@ -105,7 +105,20 @@ func (c *SSHCommand) Run(args []string) int { sshCmdArgs = append(sshCmdArgs, []string{"-i", sshDynamicKeyFileName}...) } else if keySecret.Data["key_type"].(string) == ssh.KeyTypeOTP { - c.Ui.Output(fmt.Sprintf("OTP for the session is %s\n", string(keySecret.Data["key"].(string)))) + sshpassPath, err := exec.LookPath("sshpass") + if err == nil { + sshCmdArgs = append(sshCmdArgs, []string{"-p", string(keySecret.Data["key"].(string)), "ssh", "-p", port}...) + sshCmdArgs = append(sshCmdArgs, args...) + sshCmd := exec.Command(sshpassPath, sshCmdArgs...) + sshCmd.Stdin = os.Stdin + sshCmd.Stdout = os.Stdout + err = sshCmd.Run() + if err != nil { + c.Ui.Error(fmt.Sprintf("Error while running ssh command:%s", err)) + } + return 0 + } + c.Ui.Output(fmt.Sprintf("OTP for the session is %s\n[Note: Install 'sshpass' to automate typing in OTP]\n", string(keySecret.Data["key"].(string)))) } else { c.Ui.Error("Error creating key") }