dynamicalsystem.com
homelab infrastructure services
1#!/bin/bash
2# tin key install - Install SSH key on NAS server
3
4set -euo pipefail
5
6# Get tinsnip root and source libraries
7SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
8TINSNIP_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
9source "$TINSNIP_ROOT/lib/core.sh"
10source "$TINSNIP_ROOT/lib/registry.sh"
11
12# Install public key on a NAS server
13install_key_on_nas() {
14 local nas_server="$1"
15 local nas_user="${2:-$(whoami)}"
16 check_tinsnip_station || return 1
17
18 local ssh_keys_dir="$NAS_CREDENTIALS_DIR/ssh-keys"
19 local key_path="$ssh_keys_dir/${nas_server}.key"
20 local pub_key_path="${key_path}.pub"
21
22 if [[ ! -f "$pub_key_path" ]]; then
23 error_with_prefix "Key Install" "No public key found for $nas_server"
24 echo "Generate one first with: tin key generate $nas_server" >&2
25 return 1
26 fi
27
28 log_with_prefix "Key Install" "Installing public key on $nas_server for user $nas_user..."
29
30 # Test basic SSH connectivity first
31 if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "$nas_user@$nas_server" "echo 'SSH test'" &>/dev/null; then
32 log_with_prefix "Key Install" "Cannot SSH to $nas_server with key-based auth, will need password..."
33 fi
34
35 # Install the key (may require password this one time)
36 log_with_prefix "Key Install" "Installing public key (you may be prompted for password):"
37 if ssh-copy-id -i "$pub_key_path" "$nas_user@$nas_server"; then
38 log_with_prefix "Key Install" "✅ Public key installed successfully on $nas_server"
39
40 # Test passwordless access
41 if ssh -o BatchMode=yes -i "$key_path" "$nas_user@$nas_server" "echo 'Passwordless test'" &>/dev/null; then
42 log_with_prefix "Key Install" "✅ Passwordless SSH confirmed working"
43 else
44 warn_with_prefix "Key Install" "❌ Passwordless SSH test failed - check key installation"
45 fi
46 else
47 error_with_prefix "Key Install" "Failed to install public key on $nas_server"
48 return 1
49 fi
50}
51
52show_help() {
53 cat << EOF
54tin key install - Install SSH key on NAS server
55
56USAGE:
57 tin key install <nas-server> [username]
58
59DESCRIPTION:
60 Install a previously generated SSH public key on a NAS server to enable
61 passwordless SSH access. The key must be generated first with 'tin key generate'.
62
63ARGUMENTS:
64 <nas-server> NAS server hostname or IP address
65 [username] SSH username on NAS (default: admin)
66
67EXAMPLES:
68 tin key install DS412plus.local # Install for 'admin' user
69 tin key install 192.168.0.206 simonhorrobin # Install for 'simonhorrobin' user
70 tin key install mynas root # Install for 'root' user
71
72NOTES:
73 - The SSH key must be generated first with 'tin key generate <nas-server>'
74 - You may be prompted for the NAS user's password during installation
75 - After installation, SSH access will be passwordless
76 - Default username 'admin' works for most Synology NAS systems
77
78EOF
79}
80
81# Handle help flags
82case "${1:-}" in
83 --help|-h|help)
84 show_help
85 exit 0
86 ;;
87esac
88
89# Main execution
90if [[ $# -eq 0 ]]; then
91 error_with_prefix "Key Install" "NAS server name required"
92 echo "Usage: tin key install <nas-server> [username]" >&2
93 exit 1
94fi
95
96nas_server="$1"
97nas_user="${2:-$(whoami)}"
98
99# Validate NAS server name
100if [[ -z "$nas_server" ]]; then
101 error_with_prefix "Key Install" "NAS server name cannot be empty"
102fi
103
104install_key_on_nas "$nas_server" "$nas_user"