Initial commit
This commit is contained in:
parent
4f821ddd89
commit
b6d5f72979
5 changed files with 161 additions and 3 deletions
129
Connect-BitwardenSSH.ps1
Normal file
129
Connect-BitwardenSSH.ps1
Normal file
|
@ -0,0 +1,129 @@
|
|||
<#
|
||||
|
||||
.SYNOPSIS
|
||||
|
||||
PowerShell helper script to temporarily download a SSH Key stored in Bitwarden to make a SSH connection.
|
||||
|
||||
.DESCRIPTION
|
||||
|
||||
PowerShell helper script to temporarily download a SSH Key stored in Bitwarden to make a SSH connection.
|
||||
|
||||
.PARAMETER SSHUser
|
||||
Username used for the SSH Connection. Defaults to the current username.
|
||||
|
||||
.PARAMETER SSHDevice
|
||||
Device to connect via SSH
|
||||
|
||||
.PARAMETER SSHCommand
|
||||
Extra parameters to be used in the SSH command to allow additional options such as alternate ports, port forwards, etc... See OpenSSH docs for possible options.
|
||||
|
||||
.PARAMETER SearchString
|
||||
The name of the item/attachment in Bitwarden for the SSH key.
|
||||
|
||||
.NOTES
|
||||
Version: 1.0
|
||||
Author: Tyler Hale
|
||||
Creation Date: 2021.09.11
|
||||
|
||||
#>
|
||||
|
||||
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
[Parameter(Mandatory = $false)]
|
||||
[string]
|
||||
$SSHUser = [Environment]::UserName,
|
||||
[Parameter(Mandatory = $true)]
|
||||
[string]
|
||||
$SSHDevice,
|
||||
[Parameter(Mandatory = $false)]
|
||||
[string]
|
||||
$SSHCommand,
|
||||
[Parameter(Mandatory = $true)]
|
||||
[string]
|
||||
$SearchString
|
||||
)
|
||||
|
||||
begin {
|
||||
Write-Verbose "Generate a temp path for storing files"
|
||||
$TempPath = ([System.IO.Path]::GetTempPath()) + ([System.Guid]::NewGuid())
|
||||
Write-Verbose "TempPath: $TempPath"
|
||||
|
||||
# Setup default variables
|
||||
$TempArchive = ($TempPath + '.zip')
|
||||
$BwPath = ($TempPath + "\bw.exe")
|
||||
$Uri = "https://vault.bitwarden.com/download/?app=cli&platform=windows"
|
||||
|
||||
# Showing progress for iwr causes severe performance issues (28 sec download vs 2.5 sec)
|
||||
$InitialProgress = $ProgressPreference
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
}
|
||||
|
||||
process {
|
||||
Write-Verbose "Downloading Bitwarden CLI"
|
||||
Invoke-WebRequest -Uri $Uri -OutFile $TempArchive
|
||||
|
||||
Write-Verbose "Expanding archive to temp path"
|
||||
Expand-Archive -Path $TempArchive -DestinationPath $TempPath
|
||||
|
||||
Try {
|
||||
Write-Verbose "Login to Bitwarden"
|
||||
$SessionKey = & $BwPath login --raw
|
||||
|
||||
Write-Verbose "Check Bitwarden login status"
|
||||
$Status = & $BwPath status | ConvertFrom-Json
|
||||
|
||||
if ($Status.status -ne "unauthenticated") {
|
||||
Write-Verbose "Find the specified SSH Key"
|
||||
$SearchResults = & $BwPath list items --search "$SearchString" --session $SessionKey | ConvertFrom-Json
|
||||
|
||||
# Grab the file name of the attachment
|
||||
$FileName = $SearchResults.attachments.filename
|
||||
|
||||
# Setup the keypath based on the file name
|
||||
$KeyPath = ($TempPath + "\$FileName.key")
|
||||
|
||||
Write-Verbose "Created an encrypted placeholder for the key"
|
||||
(New-Item -Path "$KeyPath" -ItemType File).Encrypt()
|
||||
|
||||
Write-Verbose "Setup ACL for the key"
|
||||
$NewAcl = Get-Acl -Path "$KeyPath"
|
||||
$NewAcl.SetAccessRuleProtection($True, $False)
|
||||
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList (([System.Security.Principal.WindowsIdentity]::GetCurrent().Name), "FullControl", "Allow")
|
||||
$NewAcl.SetAccessRule($fileSystemAccessRule)
|
||||
Set-Acl -Path "$KeyPath" -AclObject $NewAcl
|
||||
|
||||
Write-Verbose "Download the key"
|
||||
& $BwPath get attachment "$FileName" --output "$KeyPath" --itemid "$($SearchResults.id)" --quiet --session $SessionKey
|
||||
|
||||
Write-Verbose "Connect to specified ssh location"
|
||||
if ($null -eq $SSHCommand) {
|
||||
Write-Verbose "SSH command: ssh.exe -i $KeyPath `"$SSHUser@$SSHDevice`""
|
||||
Start-Process -FilePath ssh.exe -ArgumentList "-i $KeyPath `"$SSHUser@$SSHDevice`"" -NoNewWindow -Wait
|
||||
}
|
||||
else {
|
||||
Write-Verbose "SSH command: ssh.exe -i $KeyPath $SSHCommand `"$SSHUser@$SSHDevice`""
|
||||
Start-Process -FilePath ssh.exe -ArgumentList "-i $KeyPath $SSHCommand `"$SSHUser@$SSHDevice`"" -NoNewWindow -Wait
|
||||
}
|
||||
}
|
||||
}
|
||||
Finally {
|
||||
Write-Verbose "Logging out of Bitwarden"
|
||||
Start-Process -FilePath $BwPath -NoNewWindow -Wait -ArgumentList "logout"
|
||||
|
||||
Write-Verbose "Cleaning up files"
|
||||
if (Test-Path -Path $TempPath -ErrorAction SilentlyContinue) {Remove-Item -Path $TempPath -Recurse -Force}
|
||||
if (Test-Path -Path $TempArchive -ErrorAction SilentlyContinue) {Remove-Item -Path $TempArchive -Recurse -Force}
|
||||
|
||||
Write-Verbose "Resetting ProgressPreference"
|
||||
$ProgressPreference = $InitialProgress
|
||||
|
||||
Write-Verbose "Checking that private key was removed"
|
||||
if ($null -ne $KeyPath) {
|
||||
if (Test-Path -Path $KeyPath -ErrorAction SilentlyContinue) {
|
||||
Write-Host "Warning Private Key was not removed at: $KeyPath" -ForegroundColor Red
|
||||
pause
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
BIN
Images/bitwarden-example-attachments.png
Normal file
BIN
Images/bitwarden-example-attachments.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 12 KiB |
BIN
Images/bitwarden-example-screenshot.png
Normal file
BIN
Images/bitwarden-example-screenshot.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 55 KiB |
BIN
Images/bitwarden-example.png
Normal file
BIN
Images/bitwarden-example.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.5 KiB |
35
README.md
35
README.md
|
@ -4,16 +4,45 @@ PowerShell helper script to temporarily download a SSH Key stored in Bitwarden t
|
|||
|
||||
## Requirements
|
||||
|
||||
In the desired Bitwarden account, a item will need to be created to store the SSH key.
|
||||
|
||||
![Bitwarden Example Item](Images/bitwarden-example.png?raw=true)
|
||||
|
||||
An attachment can then be added of the private SSH key.
|
||||
|
||||
![Bitwarden Example Attachment](Images/bitwarden-example-attachments.png?raw=true)
|
||||
|
||||
## Variables
|
||||
|
||||
| Variable | Required | Default | Choices | Description |
|
||||
| -------- | -------- | ------- | ------- | ----------- |
|
||||
| | | | | |
|
||||
| Variable | Required | Default | Description |
|
||||
| ------------ | -------- | ----------------------- | -------------------------------------------------------------------------------------- |
|
||||
| SSHUser | No | [Environment]::UserName | Username used for the SSH Connection |
|
||||
| SSHDevice | Yes | | Device to connect via SSH |
|
||||
| SSHCommand | No | | Extra parameters to be used in the SSH command - See OpenSSH docs for possible options |
|
||||
| SearchString | Yes | | The name of the item/attachment in Bitwarden for the SSH key |
|
||||
|
||||
## Example
|
||||
|
||||
### Example 1
|
||||
|
||||
This will download the SSH key named "ssh-bw" from Bitwarden. You will be prompted for the device at runtime.
|
||||
|
||||
```powershell
|
||||
Connect-BitwardenSSH.ps1 -SearchString "ssh-bw"
|
||||
```
|
||||
|
||||
### Example 2
|
||||
|
||||
This will download the SSH key named "ssh-bw" from Bitwarden. The SSH connection will setup a port forward from the remote machine's RDP (3389) port to so it can be accessed via 3390 on the machine running the script.
|
||||
|
||||
```powershell
|
||||
Connect-BitwardenSSH.ps1 -SSHUser thale -SSHDevice 10.1.1.1 -SSHCommand "-N -L 3390:127.0.0.1:3389" -SearchString "ssh-bw"
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
See LICENSE file for full license information.
|
||||
|
||||
## Screenshots
|
||||
|
||||
![Bitwarden Example Item](Images/bitwarden-example-screenshot.png?raw=true)
|
||||
|
|
Loading…
Reference in a new issue