Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Directadmin API add Public SSH RSA Key
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Directadmin API add Public SSH RSA Key

yokowasisyokowasis Member
in General

So,
I have a reseller account and selling managed hosting. Every once in a while, I need to update my apps on all of my sub account. The update itself is just as simple as git pull , the problem lies within on how to gain ssh access to the sub account.

I could easily add the public ssh key using the old fashioned way of login as the client, and add the key manually using mouse and keyboard. But I want to automate it using the API.

The thing is, in this particular case, I can't find a decent documentation about this API.

The closest thing to this is :
https://www.directadmin.com/features.php?id=2203

it says something about authorize, which I am sure what I am looking for, but I can't find the complete command. I mean, Where should I put the username of my sub account ?

Comments

  • StZStZ Member

    isnt the answer but may be an option:

    https://github.com/git-ftp/git-ftp

  • yokowasisyokowasis Member

    Nobody ?

    Perhaps @DA_Mark can shed some light. At least make an example on the docs page. Is my only choice to reset all sub accounts password and login using password ?

    Is there any other more elegant way to do it ?

  • seriesnseriesn Member

    @yokowasis said:
    Nobody ?

    Perhaps @DA_Mark can shed some light. At least make an example on the docs page. Is my only choice to reset all sub accounts password and login using password ?

    Is there any other more elegant way to do it ?

    It is late at night and I might not be thinking straight, but maybe using skeleton?

    https://help.directadmin.com/item.php?id=278

  • yokowasisyokowasis Member

    @seriesn said:

    @yokowasis said:
    Nobody ?

    Perhaps @DA_Mark can shed some light. At least make an example on the docs page. Is my only choice to reset all sub accounts password and login using password ?

    Is there any other more elegant way to do it ?

    It is late at night and I might not be thinking straight, but maybe using skeleton?

    https://help.directadmin.com/item.php?id=278

    With some shenanigans php scripting backdooring, perhaps it could work. but it only works for new account.

    Directadmin has an API Specifically to do this. It's just the lack of documentation that is the problem.

    ================
AUTHORIZE:
This will add the given pub info to the ~/.ssh/authorized_keys, either from an existing id_rsa.pub, or pasted value.
action=authorize
-------
type=paste
text=ssh-rsa AADATAQ== [email protected]

----
or:

type=id
id=id
(option0=name%3DOPTNAME%26value%3DOPTVALUE)
(option1=name%3DOPTNAME)

Regarding the option0, option1, they are optional.
They specify the key's options such as IP or command restrctions. See man sshd(8) for info on the options/values.
Note the %3D is the encoding of = and %26 is the encoding of &.  The option0 entries are double-encoded in the final post string.
The options that do not have values must not have values set, and options that DO have values MUST have values set (again, 'man sshd')

eg:
json=yes&action=authorize&type=id&id=demo_rsa&option0=name%3Dfrom%26value%3d1.2.3.4

----
or (used by Enhanced)
action=select
authorize=<anything>
select0=e3:66:d5:37:f0:a8:35:a6:6c:55:d6:4b:56:68:0e:31
(select1=68:58:e9:08:76:91:f4:9e:28:1f:d2:39:eb:c2:bb:69)

    I think that API might works, if it's called by the end user. But what about reseller. Perhaps I am missing something here.

  • smtalksmtalk Member

    @yokowasis said:

    @seriesn said:

    @yokowasis said:
    Nobody ?

    Perhaps @DA_Mark can shed some light. At least make an example on the docs page. Is my only choice to reset all sub accounts password and login using password ?

    Is there any other more elegant way to do it ?

    It is late at night and I might not be thinking straight, but maybe using skeleton?

    https://help.directadmin.com/item.php?id=278

    With some shenanigans php scripting backdooring, perhaps it could work. but it only works for new account.

    Directadmin has an API Specifically to do this. It's just the lack of documentation that is the problem.

    ================
AUTHORIZE:
This will add the given pub info to the ~/.ssh/authorized_keys, either from an existing id_rsa.pub, or pasted value.
action=authorize
-------
type=paste
text=ssh-rsa AADATAQ== [email protected]

----
or:

type=id
id=id
(option0=name%3DOPTNAME%26value%3DOPTVALUE)
(option1=name%3DOPTNAME)

Regarding the option0, option1, they are optional.
They specify the key's options such as IP or command restrctions. See man sshd(8) for info on the options/values.
Note the %3D is the encoding of = and %26 is the encoding of &.  The option0 entries are double-encoded in the final post string.
The options that do not have values must not have values set, and options that DO have values MUST have values set (again, 'man sshd')

eg:
json=yes&action=authorize&type=id&id=demo_rsa&option0=name%3Dfrom%26value%3d1.2.3.4

----
or (used by Enhanced)
action=select
authorize=<anything>
select0=e3:66:d5:37:f0:a8:35:a6:6c:55:d6:4b:56:68:0e:31
(select1=68:58:e9:08:76:91:f4:9e:28:1f:d2:39:eb:c2:bb:69)

    I think that API might works, if it's called by the end user. But what about reseller. Perhaps I am missing something here.

    Reseller is also a user, so, the same commands would work. Evolution sends everything to json endpoint, so, if you inspect it in your browser - it’d provide you the information needed. If you miss anything specifically - just let us know. Thank you.

  • yokowasisyokowasis Member

    @smtalk said:

    @yokowasis said:

    @seriesn said:

    @yokowasis said:
    Nobody ?

    Perhaps @DA_Mark can shed some light. At least make an example on the docs page. Is my only choice to reset all sub accounts password and login using password ?

    Is there any other more elegant way to do it ?

    It is late at night and I might not be thinking straight, but maybe using skeleton?

    https://help.directadmin.com/item.php?id=278

    With some shenanigans php scripting backdooring, perhaps it could work. but it only works for new account.

    Directadmin has an API Specifically to do this. It's just the lack of documentation that is the problem.

    ================
AUTHORIZE:
This will add the given pub info to the ~/.ssh/authorized_keys, either from an existing id_rsa.pub, or pasted value.
action=authorize
-------
type=paste
text=ssh-rsa AADATAQ== [email protected]

----
or:

type=id
id=id
(option0=name%3DOPTNAME%26value%3DOPTVALUE)
(option1=name%3DOPTNAME)

Regarding the option0, option1, they are optional.
They specify the key's options such as IP or command restrctions. See man sshd(8) for info on the options/values.
Note the %3D is the encoding of = and %26 is the encoding of &.  The option0 entries are double-encoded in the final post string.
The options that do not have values must not have values set, and options that DO have values MUST have values set (again, 'man sshd')

eg:
json=yes&action=authorize&type=id&id=demo_rsa&option0=name%3Dfrom%26value%3d1.2.3.4

----
or (used by Enhanced)
action=select
authorize=<anything>
select0=e3:66:d5:37:f0:a8:35:a6:6c:55:d6:4b:56:68:0e:31
(select1=68:58:e9:08:76:91:f4:9e:28:1f:d2:39:eb:c2:bb:69)

    I think that API might works, if it's called by the end user. But what about reseller. Perhaps I am missing something here.

    Reseller is also a user, so, the same commands would work. Evolution sends everything to json endpoint, so, if you inspect it in your browser - it’d provide you the information needed. If you miss anything specifically - just let us know. Thank you.

    So, where should I put my sub account username? Let's say I have user John under my reseller account. Where should I put John if I want to add my public rsa key into his account?

  • smtalksmtalk Member

    @yokowasis said:

    So, where should I put my sub account username? Let's say I have user John under my reseller account. Where should I put John if I want to add my public rsa key into his account?

    It's a user-level feature, meaning you need to do it when logged in as a user. There are several ways to do it:
    1) API to login-as user (see login-as section in https://www.directadmin.com/api.html)
    2) use end-user login key (or generate one-time one: https://www.directadmin.com/features.php?id=2463)

    Thanked by 1coreflux
  • yokowasisyokowasis Member

    @smtalk said:

    @yokowasis said:

    So, where should I put my sub account username? Let's say I have user John under my reseller account. Where should I put John if I want to add my public rsa key into his account?

    It's a user-level feature, meaning you need to do it when logged in as a user. There are several ways to do it:
    1) API to login-as user (see login-as section in https://www.directadmin.com/api.html)
    2) use end-user login key (or generate one-time one: https://www.directadmin.com/features.php?id=2463)

    Thank you. Now, it makes sense.

Sign In or Register to comment.