Initial commit

2021-09-11 16:37:49 -06:00 · 2021-09-11 16:37:49 -06:00 · b6d5f72979
commit b6d5f72979
parent 4f821ddd89
5 changed files with 161 additions and 3 deletions
--- a/Connect-BitwardenSSH.ps1
+++ b/Connect-BitwardenSSH.ps1
@ -0,0 +1,129 @@
 <#
 .SYNOPSIS
 PowerShell helper script to temporarily download a SSH Key stored in Bitwarden to make a SSH connection.
 .DESCRIPTION
 PowerShell helper script to temporarily download a SSH Key stored in Bitwarden to make a SSH connection.
 .PARAMETER SSHUser
 Username used for the SSH Connection. Defaults to the current username.
 .PARAMETER SSHDevice
 Device to connect via SSH
 .PARAMETER SSHCommand
 Extra parameters to be used in the SSH command to allow additional options such as alternate ports, port forwards, etc... See OpenSSH docs for possible options.
 .PARAMETER SearchString
 The name of the item/attachment in Bitwarden for the SSH key.
 .NOTES
  Version:        1.0
  Author:         Tyler Hale
  Creation Date:  2021.09.11
 #>
 [CmdletBinding()]
 param (
    [Parameter(Mandatory = $false)]
    [string]
    $SSHUser = [Environment]::UserName,
    [Parameter(Mandatory = $true)]
    [string]
    $SSHDevice,
    [Parameter(Mandatory = $false)]
    [string]
    $SSHCommand,
    [Parameter(Mandatory = $true)]
    [string]
    $SearchString
 )
 begin {
    Write-Verbose "Generate a temp path for storing files"
    $TempPath = ([System.IO.Path]::GetTempPath()) + ([System.Guid]::NewGuid())
    Write-Verbose "TempPath: $TempPath"
    # Setup default variables
    $TempArchive = ($TempPath + '.zip')
    $BwPath = ($TempPath + "\bw.exe")
    $Uri = "https://vault.bitwarden.com/download/?app=cli&platform=windows"
    # Showing progress for iwr causes severe performance issues (28 sec download vs 2.5 sec)
    $InitialProgress = $ProgressPreference
    $ProgressPreference = 'SilentlyContinue'
 }
 process {
    Write-Verbose "Downloading Bitwarden CLI"
    Invoke-WebRequest -Uri $Uri -OutFile $TempArchive 
    Write-Verbose "Expanding archive to temp path"
    Expand-Archive -Path $TempArchive -DestinationPath $TempPath
    Try {
        Write-Verbose "Login to Bitwarden"
        $SessionKey = & $BwPath login --raw
        Write-Verbose "Check Bitwarden login status"
        $Status = & $BwPath status | ConvertFrom-Json
        if ($Status.status -ne "unauthenticated") {
            Write-Verbose "Find the specified SSH Key"
            $SearchResults = & $BwPath list items --search "$SearchString" --session $SessionKey | ConvertFrom-Json
            # Grab the file name of the attachment
            $FileName = $SearchResults.attachments.filename
            # Setup the keypath based on the file name
            $KeyPath = ($TempPath + "\$FileName.key")
            Write-Verbose "Created an encrypted placeholder for the key"
            (New-Item -Path "$KeyPath" -ItemType File).Encrypt()
            Write-Verbose "Setup ACL for the key"
            $NewAcl = Get-Acl -Path "$KeyPath"
            $NewAcl.SetAccessRuleProtection($True, $False)
            $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList (([System.Security.Principal.WindowsIdentity]::GetCurrent().Name), "FullControl", "Allow")
            $NewAcl.SetAccessRule($fileSystemAccessRule)
            Set-Acl -Path "$KeyPath" -AclObject $NewAcl
            Write-Verbose "Download the key"
            & $BwPath get attachment "$FileName" --output "$KeyPath" --itemid "$($SearchResults.id)" --quiet --session $SessionKey
            Write-Verbose "Connect to specified ssh location"
            if ($null -eq $SSHCommand) {
                Write-Verbose "SSH command: ssh.exe -i $KeyPath `"$SSHUser@$SSHDevice`""
                Start-Process -FilePath ssh.exe -ArgumentList "-i $KeyPath `"$SSHUser@$SSHDevice`"" -NoNewWindow -Wait
            }
            else {
                Write-Verbose "SSH command: ssh.exe -i $KeyPath $SSHCommand `"$SSHUser@$SSHDevice`""
                Start-Process -FilePath ssh.exe -ArgumentList "-i $KeyPath $SSHCommand `"$SSHUser@$SSHDevice`"" -NoNewWindow -Wait
            }
        }       
    }
    Finally {
        Write-Verbose "Logging out of Bitwarden"
        Start-Process -FilePath $BwPath -NoNewWindow -Wait -ArgumentList "logout"
        Write-Verbose "Cleaning up files"
        if (Test-Path -Path $TempPath -ErrorAction SilentlyContinue) {Remove-Item -Path $TempPath -Recurse -Force}
        if (Test-Path -Path $TempArchive -ErrorAction SilentlyContinue) {Remove-Item -Path $TempArchive -Recurse -Force}
        Write-Verbose "Resetting ProgressPreference"
        $ProgressPreference = $InitialProgress
        Write-Verbose "Checking that private key was removed"
        if ($null -ne $KeyPath) {
            if (Test-Path -Path $KeyPath -ErrorAction SilentlyContinue) {
                Write-Host "Warning Private Key was not removed at: $KeyPath" -ForegroundColor Red
                pause
            }
        }
    }
 }
--- a/Images/bitwarden-example-attachments.png
+++ b/Images/bitwarden-example-attachments.png
--- a/Images/bitwarden-example-screenshot.png
+++ b/Images/bitwarden-example-screenshot.png
--- a/Images/bitwarden-example.png
+++ b/Images/bitwarden-example.png
--- a/README.md
+++ b/README.md
@ -4,16 +4,45 @@ PowerShell helper script to temporarily download a SSH Key stored in Bitwarden t
 ## Requirements
 In the desired Bitwarden account, a item will need to be created to store the SSH key.
 ![Bitwarden Example Item](Images/bitwarden-example.png?raw=true)
 An attachment can then be added of the private SSH key.
 ![Bitwarden Example Attachment](Images/bitwarden-example-attachments.png?raw=true)
 ## Variables
-| Variable | Required | Default | Choices | Description |
+|   Variable   | Required |         Default         |                                      Description                                       |
-| -------- | -------- | ------- | ------- | ----------- |
+| ------------ | -------- | ----------------------- | -------------------------------------------------------------------------------------- |
-|          |          |         |         |             |
+| SSHUser      | No       | [Environment]::UserName | Username used for the SSH Connection                                                   |
 | SSHDevice    | Yes      |                         | Device to connect via SSH                                                              |
 | SSHCommand   | No       |                         | Extra parameters to be used in the SSH command - See OpenSSH docs for possible options |
 | SearchString | Yes      |                         | The name of the item/attachment in Bitwarden for the SSH key                           |
 ## Example
 ### Example 1
 This will download the SSH key named "ssh-bw" from Bitwarden. You will be prompted for the device at runtime.
 ```powershell
 Connect-BitwardenSSH.ps1 -SearchString "ssh-bw"
 ```
 ### Example 2
 This will download the SSH key named "ssh-bw" from Bitwarden. The SSH connection will setup a port forward from the remote machine's RDP (3389) port to so it can be accessed via 3390 on the machine running the script.
 ```powershell
 Connect-BitwardenSSH.ps1 -SSHUser thale -SSHDevice 10.1.1.1 -SSHCommand "-N -L 3390:127.0.0.1:3389" -SearchString "ssh-bw" 
 ```
 ## License
 See LICENSE file for full license information.
 ## Screenshots
 ![Bitwarden Example Item](Images/bitwarden-example-screenshot.png?raw=true)