Add accessor key authorization and enhance completion logic

Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details.
2025-09-20 17:17:26 +02:00
parent cb81c1671b
commit fcbd6514cc
8 changed files with 645 additions and 420 deletions
--- a/scripts/backtunnel-keys
+++ b/scripts/backtunnel-keys
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# backtunnel-keys: manage accessor-side keys
+# Usage:
+#   backtunnel-keys print         # print (and generate if missing) the public key
+#   backtunnel-keys path          # print the private/public key paths
+
+set -euo pipefail
+
+KEY="$HOME/.ssh/id_ed25519_backtunnel"
+PUB="$KEY.pub"
+
+cmd="${1:-print}"
+
+case "$cmd" in
+  print)
+    if [[ ! -f "$KEY" ]]; then
+      ssh-keygen -t ed25519 -f "$KEY" -N "" -C "backtunnel" >/dev/null
+    fi
+    if [[ ! -f "$PUB" ]]; then
+      echo "Missing public key $PUB" >&2; exit 1
+    fi
+    cat "$PUB"
+    ;;
+  path)
+    echo "private: $KEY"
+    echo "public : $PUB"
+    ;;
+  *)
+    echo "Usage: $0 {print|path}" >&2
+    exit 1
+    ;;
+esac