PSNOSKEY ;BIR/SJA-PPS-N SSH Key Management ;09/16/2016
;;4.0;NATIONAL DRUG FILE;**513,563**; 30 Oct 98;Build 5
;
; taken mostly from: PSOSPMKY - State Prescription Monitoring Program - SSH Key Management
;
EN ; -- Entry point
N X,Y,PSNOS,LOCALDIR,X1,DIR
;
ACTION ; -- SSH Key Action
K DIR S DIR("A")="Action"
S DIR(0)="S^V:View Public SSH Key;C:Create New SSH Key Pair;D:Delete SSH Key Pair;H:Help with SSH Keys",DIR("B")="V"
D ^DIR
I $D(DUOUT)!($D(DIRUT)) G END
I Y="C"!(Y="D"),'$D(^XUSEC("PSN PPS COORD",DUZ)) D G ACTION
.W !!,"The PSN PPS COORD security key is required for this action.",$C(7)
K ^TMP("PSNPUBKY",$J) D RETRIEVE("PUB")
I Y="V"!(Y="D"),'$D(^TMP("PSNPUBKY",$J)) D G ACTION
.W !!,"[No SSH Key Pair found]",$C(7) D PAUSE
I Y="C"!(Y="D") D SIG^XUSESIG I X="^"!($G(X1)="") W:$G(X1)="" " SIGNATURE NOT VERIFIED",$C(7) G ACTION
;
; -- View Public SSH Key
I Y="V" W ! D VIEW,PAUSE G ACTION
;
; -- Create New SSH Key Pair
I Y="C" D G ACTION
.I '$$ASK() W !!,"No action taken!",$C(7) Q
.S PSNOS=$$ENDOS()
.S LOCALDIR=$$GET1^DIQ(57.23,1,$S(PSNOS["VMS":1,1:3))
.I LOCALDIR="" D Q
..W !!,"The ",$S(PSNOS["VMS":"OPEN VMS",1:"UNIX/LINUX")," LOCAL DIRECTORY parameter is missing. Please, update it in"
..W !,"the 'PPS-N Site Parameters (Enter/Edit)' option and try again.",$C(7) D PAUSE
.K DIR S DIR("A")="SSH Key Encryption Type",DIR("?")="^D HELP1^PSNOSKEY"
.S DIR(0)="S^RSA:Rivest, Shamir & Adleman (RSA);DSA:Digital Signature Algorithm (DSA)"
.S DIR("B")="RSA" D ^DIR I $D(DUOUT)!($D(DIRUT)) Q
.S ENCRTYPE=Y
.I $D(^TMP("PSNPUBKY",$J)) D
..W !!,$G(IOBON),"WARNING:",$G(IOBOFF)," You may be overwriting SSH Keys that are currently in use.",$C(7)
.K DIR S DIR("A")="Confirm Creation of SSH Keys",DIR(0)="Y",DIR("B")="NO"
.W ! D ^DIR I $D(DIRUT)!$D(DUOUT)!'Y Q
.;
.; -- Deleting Existing SSH Key
.I $D(^TMP("PSNPUBKY",$J)) D DELETE
.W !!,"Creating New SSH Keys, please wait..."
.N ZTRTN,ZTIO,ZTDESC,ZTDTH,ZTSK
.S ZTRTN="NEWKEY^PSNOSKEY("""_ENCRTYPE_""")",ZTIO="",ZTDESC="SSH Key Generation",ZTDTH=$$NOW^XLFDT()
.D ^%ZTLOAD K ZTSK,^TMP("PSNPUBKY",$J)
.F I=1:1:30 D RETRIEVE("PUB") Q:$D(^TMP("PSNPUBKY",$J)) H 1
.; -- If unable to create the key via Taskman after 30 seconds, creates them in the foreground
.I '$D(^TMP("PSNPUBKY",$J)) D
..D NEWKEY(ENCRTYPE),RETRIEVE("PUB")
.I '$D(^TMP("PSNPUBKY",$J)) D
..W !!,"There was a problem with the generation of the new SSH Key Pair."
..W !,"Please try again and if the problem persists contact IT Support.",$C(7) D PAUSE
.E W "Done",$C(7)
;
; -- Delete SSH Key Pair
I Y="D" D G ACTION
.D RETRIEVE("PUB")
.I '$D(^TMP("PSNPUBKY",$J)) W !!,"[No SSH Key Pair found]",$C(7) Q
.W !!,$G(IOBON),"WARNING:",$G(IOBOFF)," You may be deleting SSH Keys that are currently in use.",$C(7)
.K DIR S DIR("A")="Confirm Deletion of SSH Keys",DIR(0)="Y",DIR("B")="NO"
.W ! D ^DIR I $D(DIRUT)!$D(DUOUT)!'Y Q
.W !!,"Deleting SSH Keys..." D DELETE H 1 W "Done",$C(7)
; SSH Key Help
I Y="H" D HELP G ACTION
G ACTION
;
END ;
Q
;
NEWKEY(ENCRTYPE) ; Generate and store a pair of SSH keys
; Input: (o) ENCRTYPE - SSH Encryption Type (DSA/RSA) (Default: DSA)
;
N LOCALDIR,DTE,PSNOS,KEYFILE,PV,FILE2DEL,LN,OVFLN,PSNSPC,KYTXT,SAVEKEY,DIE,DR,DA
S PSNOS=$$OS^%ZOSV()
S LOCALDIR=$$GET1^DIQ(57.23,1,$S(PSNOS["VMS":1,1:3)) I LOCALDIR="" Q ;Error: Missing directory
I $G(ENCRTYPE)'="RSA" S ENCRTYPE="DSA"
; -- LOCK to avoid OS files overwrite
F S DTE=+$$FMTHL7^XLFDT($$HTFM^XLFDT($H)) S KEYFILE="KY"_DTE L +@KEYFILE:0 Q:$T H 2
; -- Deleting existing SSH Keys first
D DELETE
;
; -- OpenVMS SSH Key Generation
I PSNOS["VMS" D
.N COMFILE S COMFILE="COM"_DTE_".COM"
.D OPEN^%ZISH("COMFILE",LOCALDIR,COMFILE,"W")
.D USE^%ZISUTL("COMFILE")
.W "SSH_KEYGEN == ""$SYS$SYSTEM:TCPIP$SSH_SSH-KEYGEN2.EXE""",!
.W "SSH_KEYGEN -t "_$$LOW^XLFSTR($G(ENCRTYPE))_" -""P"" "_LOCALDIR_KEYFILE,!
.D CLOSE^%ZISH("COMFILE")
.X "S PV=$ZF(-1,""@"_LOCALDIR_COMFILE_""")"
.S FILE2DEL(COMFILE)="",FILE2DEL(KEYFILE_".")="",FILE2DEL(KEYFILE_".PUB")=""
;
; -- Linux/Unix SSH Key Generation
I PSNOS["UNIX" D
.I '$$DIREXIST^PSNFTP2(LOCALDIR) D MAKEDIR^PSNFTP2(LOCALDIR)
.X "S PV=$ZF(-1,""ssh-keygen -q -N '' -C '' -t "_$$LOW^XLFSTR($G(ENCRTYPE))_" -f "_LOCALDIR_KEYFILE_""")"
.S FILE2DEL(KEYFILE)="",FILE2DEL(KEYFILE_".pub")=""
;
K ^TMP("PSNPRVKY",$J),^TMP("PSNPUBKY",$J)
; -- Retrieving SSH Private Key Content
S X=$$FTG^%ZISH(LOCALDIR,KEYFILE_$S(PSNOS["VMS":".",1:""),$NAME(^TMP("PSNPRVKY",$J,1)),3)
I '$D(^TMP("PSNPRVKY",$J,1)) Q
; -- Retrieving SSH Public Key Content
S X=$$FTG^%ZISH(LOCALDIR,KEYFILE_$S(PSNOS["VMS":".PUB",1:".pub"),$NAME(^TMP("PSNPUBKY",$J,1)),3)
I '$D(^TMP("PSNPUBKY",$J,1)) Q
;
; -- Deleting temporary files used to generate the keys
D DEL^%ZISH(LOCALDIR,"FILE2DEL")
;
; -- Saving new SSH Keys content in the PPS-N UPDATE CONTROL file (#57.23)
F PSNSPC="PSNPRVKY","PSNPUBKY" D
.K KYTXT,SAVEKEY
.F LN=1:1 Q:'$D(^TMP(PSNSPC,$J,LN)) D
..; Unix/Linux Public SSH Key has no line-feed
..I PSNOS["UNIX",PSNSPC="PSNPUBKY" D Q
...S KYTXT(1)=^TMP(PSNSPC,$J,LN) F OVFLN=1:1 Q:'$D(^TMP(PSNSPC,$J,LN,"OVF",OVFLN)) D
....S KYTXT(1)=$G(KYTXT(1))_^TMP(PSNSPC,$J,LN,"OVF",OVFLN)
..S KYTXT(LN)=$$ENCRYP^XUSRB1(^TMP(PSNSPC,$J,LN))
.I PSNOS["UNIX",PSNSPC="PSNPUBKY" S KYTXT(1)=$$ENCRYP^XUSRB1(KYTXT(1))
.S SAVEKEY(57.23,"1,",$S(PSNSPC="PSNPRVKY":33,1:34))="KYTXT"
.D UPDATE^DIE("","SAVEKEY")
.K ^TMP(PSNSPC,$J)
;
; -- Saving SSH Key Format (SSH2/OpenSSH) and Encryption Type (DSA/RSA) fields
K DIE S DIE="^PS(57.23,",DA=1
S DR="39///"_$S(PSNOS["VMS":"SSH2",1:"OSSH")_";41///"_ENCRTYPE D ^DIE
L -@KEYFILE
Q
;
RETRIEVE(KTYPE) ; Retrieve the SSH Key into the ^TMP global
; (o) KTYPE - SSH Key Type (PUB - Public/PRV - PRivate) (Default: Public)
;Output: ^TMP("PSN[PUB/PRV]KY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
; ^TMP("PSN[PUB/PRV]KY",$J,1-N)=[SSH Key Content]
;
N X,LN,KYTXT,PSNSPC
I $G(KTYPE)'="PRV" S KTYPE="PUB"
S X=$$GET1^DIQ(57.23,"1,",$S(KTYPE="PRV":33,1:34),,"KYTXT")
S PSNSPC=$S(KTYPE="PRV":"PSNPRVKY",1:"PSNPUBKY")
K ^TMP(PSNSPC,$J)
F LN=1:1 Q:'$D(KYTXT(LN)) S ^TMP(PSNSPC,$J,LN)=$$DECRYP^XUSRB1(KYTXT(LN))
I $D(^TMP(PSNSPC,$J)) D
.S ^TMP(PSNSPC,$J,0)=$$GET1^DIQ(57.23,1,39,"I")_"^"_$$GET1^DIQ(57.23,1,41,"I")
Q
;
VIEW ; Displays the SSH Public Key
; ^TMP("PSNPUBKY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
; ^TMP("PSNPUBKY",$J,1-N)=[SSH Key Content]
N SSHKEY,DASHLN
S $P(DASHLN,"-",81)="",SSHKEY=$$OPENSSH()
W !,"Public SSH Key (",$P($G(^TMP("PSNPUBKY",$J,0)),"^",2),") content (does not include dash lines):"
W !,DASHLN
F Q:$L(SSHKEY)=0 W !,$E(SSHKEY,1,80) S SSHKEY=$E(SSHKEY,81,9999)
W !,DASHLN
Q
;
DELETE ; Delete Both SSH Keys associated
N DIE,DA,DR
S DIE="^PS(57.23,",DA=1,DR="39///@;41///@;33///@;34///@" D ^DIE
K ^TMP("PSNPRVKY",$J),^TMP("PSNPUBKY",$J)
Q
;
OPENSSH() ; Returns the SSH Public Key in OpenSSH Format (Converts if necessary)
;Input: ^TMP("PSNPUBKY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
; ^TMP("PSNPUBKY",$J,1-N)=[SSH Key Content]
;
N OPENSSH,ENCRTYPE,LN
S OPENSSH=""
I $P($G(^TMP("PSNPUBKY",$J,0)),"^")="SSH2" D
.S ENCRTYPE=$P($G(^TMP("PSNPUBKY",$J,0)),"^",2),OPENSSH=""
.F LN=5:1 Q:'$D(^TMP("PSNPUBKY",$J,LN)) D
..I $G(^TMP("PSNPUBKY",$J,LN))["---- END" Q
..S OPENSSH=OPENSSH_$G(^TMP("PSNPUBKY",$J,LN))
.S OPENSSH=$S(ENCRTYPE="RSA":"ssh-rsa",1:"ssh-dss")_" "_OPENSSH
E D
.F LN=1:1 Q:'$D(^TMP("PSNPUBKY",$J,LN)) D
..S OPENSSH=OPENSSH_$G(^TMP("PSNPUBKY",$J,LN))
Q OPENSSH
;
ENDOS() ; Returns the Backend Server Operating System (OS)
;Output: Backend Operating System (e.,g., "VMS", "UNIX")
;
N ENDOS,ZTRTN,ZTIO,ZTDESC,ZTDTH,ZTSK,I
K ^XTMP("PSNKEY",$J,"OS")
S ENDOS="",ZTRTN="SETOS^PSNOSKEY("_$J_")",ZTIO=""
S ZTDESC="Backend Server OS Check"
S ZTDTH=$$NOW^XLFDT() D ^%ZTLOAD
F I=1:1:5 S ENDOS=$G(^XTMP("PSNKEY",$J,"OS")) Q:ENDOS'="" H 1
K ^XTMP("PSNKEY",$J,"OS")
Q $S(ENDOS'="":ENDOS,1:$$OS^%ZOSV())
;
SETOS(JOB) ; Sets the Operating Systems in ^XTMP("PSNKEY",$J,"OS") (Called via Taskman)
;Input: JOB - $Job value from calling process
S ^XTMP("PSNKEY",JOB,"OS")=$$OS^%ZOSV()
Q
;
HELP ; Encryption Type Help
W !!,"Secure SHell (SSH) Encryption Keys are used to allow data file download."
W !,"Follow the steps below to successfully setup data file download from Austin "
W !,"server to VistA sites:",!
W !,"Step 1: Select the 'C' (Create New SSH Key Pair) Action and follow the prompts"
W !," to create a new pair of SSH keys. If you already have an existing SSH"
W !," Key Pair you can skip this step."
W !," You can check whether you already have an existing SSH Key Pair"
W !," through the 'V' (View Public SSH Key) Action."
W !,""
D HELP1,PAUSE
W !!,"Step 2: Share the Public SSH Key content with the PPS-N SFTP server (Austin)."
W !," Inorder to successfully establish the data download files, the SFTP "
W !," server at Austin needs to install/configure the new SSH Key created in"
W !," step 1 for the user id they assigned to your site. Use the 'V' (View "
W !," Public SSH Key) Action to retrieve the content of the Public SSH key."
W !," The Public SSH Key should not contain line-feed characters, therefore "
W !," after you copy & paste it from the terminal emulator into an email or "
W !," text editor make sure it contains only one line of text (no wrapping)."
Q
;
HELP1 ; Encryption Type Help
W !," Encryption Type: RSA or DSA?"
W !," ----------------------------"
W !," The Rivest, Shamir & Adleman (RSA) and Digital Signature Algorithm"
W !," (DSA) are two of the most common encryption algorithms used in IT "
W !," industry for securely sharing data."
Q
PAUSE ; Pauses screen until user hits Return
W ! K DIR S DIR("A")="Press Return to continue",DIR(0)="E" D ^DIR
Q
;
ASK() ; confirm creating new pair
N Y S Y=0 Q:'$D(^TMP("PSNPUBKY",$J)) 1
K DIRUT,DUOUT,DIR,X,Y S DIR(0)="Y",DIR("?")="Please enter Y or N."
S DIR("A")="Do you want to delete existing key pair and create new pair" W !!
S DIR("B")="NO" D ^DIR
Q Y
--- Routine Detail --- with STRUCTURED ROUTINE LISTING ---[H[J[2J[HPSNOSKEY 10438 printed Apr 09, 2024@21:19:30 Page 2
PSNOSKEY ;BIR/SJA-PPS-N SSH Key Management ;09/16/2016
+1 ;;4.0;NATIONAL DRUG FILE;**513,563**; 30 Oct 98;Build 5
+2 ;
+3 ; taken mostly from: PSOSPMKY - State Prescription Monitoring Program - SSH Key Management
+4 ;
EN ; -- Entry point
+1 NEW X,Y,PSNOS,LOCALDIR,X1,DIR
+2 ;
ACTION ; -- SSH Key Action
+1 KILL DIR
SET DIR("A")="Action"
+2 SET DIR(0)="S^V:View Public SSH Key;C:Create New SSH Key Pair;D:Delete SSH Key Pair;H:Help with SSH Keys"
SET DIR("B")="V"
+3 DO ^DIR
+4 IF $DATA(DUOUT)!($DATA(DIRUT))
GOTO END
+5 IF Y="C"!(Y="D")
IF '$DATA(^XUSEC("PSN PPS COORD",DUZ))
Begin DoDot:1
+6 WRITE !!,"The PSN PPS COORD security key is required for this action.",$CHAR(7)
End DoDot:1
GOTO ACTION
+7 KILL ^TMP("PSNPUBKY",$JOB)
DO RETRIEVE("PUB")
+8 IF Y="V"!(Y="D")
IF '$DATA(^TMP("PSNPUBKY",$JOB))
Begin DoDot:1
+9 WRITE !!,"[No SSH Key Pair found]",$CHAR(7)
DO PAUSE
End DoDot:1
GOTO ACTION
+10 IF Y="C"!(Y="D")
DO SIG^XUSESIG
IF X="^"!($GET(X1)="")
if $GET(X1)=""
WRITE " SIGNATURE NOT VERIFIED",$CHAR(7)
GOTO ACTION
+11 ;
+12 ; -- View Public SSH Key
+13 IF Y="V"
WRITE !
DO VIEW
DO PAUSE
GOTO ACTION
+14 ;
+15 ; -- Create New SSH Key Pair
+16 IF Y="C"
Begin DoDot:1
+17 IF '$$ASK()
WRITE !!,"No action taken!",$CHAR(7)
QUIT
+18 SET PSNOS=$$ENDOS()
+19 SET LOCALDIR=$$GET1^DIQ(57.23,1,$SELECT(PSNOS["VMS":1,1:3))
+20 IF LOCALDIR=""
Begin DoDot:2
+21 WRITE !!,"The ",$SELECT(PSNOS["VMS":"OPEN VMS",1:"UNIX/LINUX")," LOCAL DIRECTORY parameter is missing. Please, update it in"
+22 WRITE !,"the 'PPS-N Site Parameters (Enter/Edit)' option and try again.",$CHAR(7)
DO PAUSE
End DoDot:2
QUIT
+23 KILL DIR
SET DIR("A")="SSH Key Encryption Type"
SET DIR("?")="^D HELP1^PSNOSKEY"
+24 SET DIR(0)="S^RSA:Rivest, Shamir & Adleman (RSA);DSA:Digital Signature Algorithm (DSA)"
+25 SET DIR("B")="RSA"
DO ^DIR
IF $DATA(DUOUT)!($DATA(DIRUT))
QUIT
+26 SET ENCRTYPE=Y
+27 IF $DATA(^TMP("PSNPUBKY",$JOB))
Begin DoDot:2
+28 WRITE !!,$GET(IOBON),"WARNING:",$GET(IOBOFF)," You may be overwriting SSH Keys that are currently in use.",$CHAR(7)
End DoDot:2
+29 KILL DIR
SET DIR("A")="Confirm Creation of SSH Keys"
SET DIR(0)="Y"
SET DIR("B")="NO"
+30 WRITE !
DO ^DIR
IF $DATA(DIRUT)!$DATA(DUOUT)!'Y
QUIT
+31 ;
+32 ; -- Deleting Existing SSH Key
+33 IF $DATA(^TMP("PSNPUBKY",$JOB))
DO DELETE
+34 WRITE !!,"Creating New SSH Keys, please wait..."
+35 NEW ZTRTN,ZTIO,ZTDESC,ZTDTH,ZTSK
+36 SET ZTRTN="NEWKEY^PSNOSKEY("""_ENCRTYPE_""")"
SET ZTIO=""
SET ZTDESC="SSH Key Generation"
SET ZTDTH=$$NOW^XLFDT()
+37 DO ^%ZTLOAD
KILL ZTSK,^TMP("PSNPUBKY",$JOB)
+38 FOR I=1:1:30
DO RETRIEVE("PUB")
if $DATA(^TMP("PSNPUBKY",$JOB))
QUIT
HANG 1
+39 ; -- If unable to create the key via Taskman after 30 seconds, creates them in the foreground
+40 IF '$DATA(^TMP("PSNPUBKY",$JOB))
Begin DoDot:2
+41 DO NEWKEY(ENCRTYPE)
DO RETRIEVE("PUB")
End DoDot:2
+42 IF '$DATA(^TMP("PSNPUBKY",$JOB))
Begin DoDot:2
+43 WRITE !!,"There was a problem with the generation of the new SSH Key Pair."
+44 WRITE !,"Please try again and if the problem persists contact IT Support.",$CHAR(7)
DO PAUSE
End DoDot:2
+45 IF '$TEST
WRITE "Done",$CHAR(7)
End DoDot:1
GOTO ACTION
+46 ;
+47 ; -- Delete SSH Key Pair
+48 IF Y="D"
Begin DoDot:1
+49 DO RETRIEVE("PUB")
+50 IF '$DATA(^TMP("PSNPUBKY",$JOB))
WRITE !!,"[No SSH Key Pair found]",$CHAR(7)
QUIT
+51 WRITE !!,$GET(IOBON),"WARNING:",$GET(IOBOFF)," You may be deleting SSH Keys that are currently in use.",$CHAR(7)
+52 KILL DIR
SET DIR("A")="Confirm Deletion of SSH Keys"
SET DIR(0)="Y"
SET DIR("B")="NO"
+53 WRITE !
DO ^DIR
IF $DATA(DIRUT)!$DATA(DUOUT)!'Y
QUIT
+54 WRITE !!,"Deleting SSH Keys..."
DO DELETE
HANG 1
WRITE "Done",$CHAR(7)
End DoDot:1
GOTO ACTION
+55 ; SSH Key Help
+56 IF Y="H"
DO HELP
GOTO ACTION
+57 GOTO ACTION
+58 ;
END ;
+1 QUIT
+2 ;
NEWKEY(ENCRTYPE) ; Generate and store a pair of SSH keys
+1 ; Input: (o) ENCRTYPE - SSH Encryption Type (DSA/RSA) (Default: DSA)
+2 ;
+3 NEW LOCALDIR,DTE,PSNOS,KEYFILE,PV,FILE2DEL,LN,OVFLN,PSNSPC,KYTXT,SAVEKEY,DIE,DR,DA
+4 SET PSNOS=$$OS^%ZOSV()
+5 ;Error: Missing directory
SET LOCALDIR=$$GET1^DIQ(57.23,1,$SELECT(PSNOS["VMS":1,1:3))
IF LOCALDIR=""
QUIT
+6 IF $GET(ENCRTYPE)'="RSA"
SET ENCRTYPE="DSA"
+7 ; -- LOCK to avoid OS files overwrite
+8 FOR
SET DTE=+$$FMTHL7^XLFDT($$HTFM^XLFDT($HOROLOG))
SET KEYFILE="KY"_DTE
LOCK +@KEYFILE:0
if $TEST
QUIT
HANG 2
+9 ; -- Deleting existing SSH Keys first
+10 DO DELETE
+11 ;
+12 ; -- OpenVMS SSH Key Generation
+13 IF PSNOS["VMS"
Begin DoDot:1
+14 NEW COMFILE
SET COMFILE="COM"_DTE_".COM"
+15 DO OPEN^%ZISH("COMFILE",LOCALDIR,COMFILE,"W")
+16 DO USE^%ZISUTL("COMFILE")
+17 WRITE "SSH_KEYGEN == ""$SYS$SYSTEM:TCPIP$SSH_SSH-KEYGEN2.EXE""",!
+18 WRITE "SSH_KEYGEN -t "_$$LOW^XLFSTR($GET(ENCRTYPE))_" -""P"" "_LOCALDIR_KEYFILE,!
+19 DO CLOSE^%ZISH("COMFILE")
+20 XECUTE "S PV=$ZF(-1,""@"_LOCALDIR_COMFILE_""")"
+21 SET FILE2DEL(COMFILE)=""
SET FILE2DEL(KEYFILE_".")=""
SET FILE2DEL(KEYFILE_".PUB")=""
End DoDot:1
+22 ;
+23 ; -- Linux/Unix SSH Key Generation
+24 IF PSNOS["UNIX"
Begin DoDot:1
+25 IF '$$DIREXIST^PSNFTP2(LOCALDIR)
DO MAKEDIR^PSNFTP2(LOCALDIR)
+26 XECUTE "S PV=$ZF(-1,""ssh-keygen -q -N '' -C '' -t "_$$LOW^XLFSTR($GET(ENCRTYPE))_" -f "_LOCALDIR_KEYFILE_""")"
+27 SET FILE2DEL(KEYFILE)=""
SET FILE2DEL(KEYFILE_".pub")=""
End DoDot:1
+28 ;
+29 KILL ^TMP("PSNPRVKY",$JOB),^TMP("PSNPUBKY",$JOB)
+30 ; -- Retrieving SSH Private Key Content
+31 SET X=$$FTG^%ZISH(LOCALDIR,KEYFILE_$SELECT(PSNOS["VMS":".",1:""),$NAME(^TMP("PSNPRVKY",$JOB,1)),3)
+32 IF '$DATA(^TMP("PSNPRVKY",$JOB,1))
QUIT
+33 ; -- Retrieving SSH Public Key Content
+34 SET X=$$FTG^%ZISH(LOCALDIR,KEYFILE_$SELECT(PSNOS["VMS":".PUB",1:".pub"),$NAME(^TMP("PSNPUBKY",$JOB,1)),3)
+35 IF '$DATA(^TMP("PSNPUBKY",$JOB,1))
QUIT
+36 ;
+37 ; -- Deleting temporary files used to generate the keys
+38 DO DEL^%ZISH(LOCALDIR,"FILE2DEL")
+39 ;
+40 ; -- Saving new SSH Keys content in the PPS-N UPDATE CONTROL file (#57.23)
+41 FOR PSNSPC="PSNPRVKY","PSNPUBKY"
Begin DoDot:1
+42 KILL KYTXT,SAVEKEY
+43 FOR LN=1:1
if '$DATA(^TMP(PSNSPC,$JOB,LN))
QUIT
Begin DoDot:2
+44 ; Unix/Linux Public SSH Key has no line-feed
+45 IF PSNOS["UNIX"
IF PSNSPC="PSNPUBKY"
Begin DoDot:3
+46 SET KYTXT(1)=^TMP(PSNSPC,$JOB,LN)
FOR OVFLN=1:1
if '$DATA(^TMP(PSNSPC,$JOB,LN,"OVF",OVFLN))
QUIT
Begin DoDot:4
+47 SET KYTXT(1)=$GET(KYTXT(1))_^TMP(PSNSPC,$JOB,LN,"OVF",OVFLN)
End DoDot:4
End DoDot:3
QUIT
+48 SET KYTXT(LN)=$$ENCRYP^XUSRB1(^TMP(PSNSPC,$JOB,LN))
End DoDot:2
+49 IF PSNOS["UNIX"
IF PSNSPC="PSNPUBKY"
SET KYTXT(1)=$$ENCRYP^XUSRB1(KYTXT(1))
+50 SET SAVEKEY(57.23,"1,",$SELECT(PSNSPC="PSNPRVKY":33,1:34))="KYTXT"
+51 DO UPDATE^DIE("","SAVEKEY")
+52 KILL ^TMP(PSNSPC,$JOB)
End DoDot:1
+53 ;
+54 ; -- Saving SSH Key Format (SSH2/OpenSSH) and Encryption Type (DSA/RSA) fields
+55 KILL DIE
SET DIE="^PS(57.23,"
SET DA=1
+56 SET DR="39///"_$SELECT(PSNOS["VMS":"SSH2",1:"OSSH")_";41///"_ENCRTYPE
DO ^DIE
+57 LOCK -@KEYFILE
+58 QUIT
+59 ;
RETRIEVE(KTYPE) ; Retrieve the SSH Key into the ^TMP global
+1 ; (o) KTYPE - SSH Key Type (PUB - Public/PRV - PRivate) (Default: Public)
+2 ;Output: ^TMP("PSN[PUB/PRV]KY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
+3 ; ^TMP("PSN[PUB/PRV]KY",$J,1-N)=[SSH Key Content]
+4 ;
+5 NEW X,LN,KYTXT,PSNSPC
+6 IF $GET(KTYPE)'="PRV"
SET KTYPE="PUB"
+7 SET X=$$GET1^DIQ(57.23,"1,",$SELECT(KTYPE="PRV":33,1:34),,"KYTXT")
+8 SET PSNSPC=$SELECT(KTYPE="PRV":"PSNPRVKY",1:"PSNPUBKY")
+9 KILL ^TMP(PSNSPC,$JOB)
+10 FOR LN=1:1
if '$DATA(KYTXT(LN))
QUIT
SET ^TMP(PSNSPC,$JOB,LN)=$$DECRYP^XUSRB1(KYTXT(LN))
+11 IF $DATA(^TMP(PSNSPC,$JOB))
Begin DoDot:1
+12 SET ^TMP(PSNSPC,$JOB,0)=$$GET1^DIQ(57.23,1,39,"I")_"^"_$$GET1^DIQ(57.23,1,41,"I")
End DoDot:1
+13 QUIT
+14 ;
VIEW ; Displays the SSH Public Key
+1 ; ^TMP("PSNPUBKY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
+2 ; ^TMP("PSNPUBKY",$J,1-N)=[SSH Key Content]
+3 NEW SSHKEY,DASHLN
+4 SET $PIECE(DASHLN,"-",81)=""
SET SSHKEY=$$OPENSSH()
+5 WRITE !,"Public SSH Key (",$PIECE($GET(^TMP("PSNPUBKY",$JOB,0)),"^",2),") content (does not include dash lines):"
+6 WRITE !,DASHLN
+7 FOR
if $LENGTH(SSHKEY)=0
QUIT
WRITE !,$EXTRACT(SSHKEY,1,80)
SET SSHKEY=$EXTRACT(SSHKEY,81,9999)
+8 WRITE !,DASHLN
+9 QUIT
+10 ;
DELETE ; Delete Both SSH Keys associated
+1 NEW DIE,DA,DR
+2 SET DIE="^PS(57.23,"
SET DA=1
SET DR="39///@;41///@;33///@;34///@"
DO ^DIE
+3 KILL ^TMP("PSNPRVKY",$JOB),^TMP("PSNPUBKY",$JOB)
+4 QUIT
+5 ;
OPENSSH() ; Returns the SSH Public Key in OpenSSH Format (Converts if necessary)
+1 ;Input: ^TMP("PSNPUBKY",$J,0)="SSH Key Format (SSH2/OpenSSH)^Encryption Type (DSA/RSA)"
+2 ; ^TMP("PSNPUBKY",$J,1-N)=[SSH Key Content]
+3 ;
+4 NEW OPENSSH,ENCRTYPE,LN
+5 SET OPENSSH=""
+6 IF $PIECE($GET(^TMP("PSNPUBKY",$JOB,0)),"^")="SSH2"
Begin DoDot:1
+7 SET ENCRTYPE=$PIECE($GET(^TMP("PSNPUBKY",$JOB,0)),"^",2)
SET OPENSSH=""
+8 FOR LN=5:1
if '$DATA(^TMP("PSNPUBKY",$JOB,LN))
QUIT
Begin DoDot:2
+9 IF $GET(^TMP("PSNPUBKY",$JOB,LN))["---- END"
QUIT
+10 SET OPENSSH=OPENSSH_$GET(^TMP("PSNPUBKY",$JOB,LN))
End DoDot:2
+11 SET OPENSSH=$SELECT(ENCRTYPE="RSA":"ssh-rsa",1:"ssh-dss")_" "_OPENSSH
End DoDot:1
+12 IF '$TEST
Begin DoDot:1
+13 FOR LN=1:1
if '$DATA(^TMP("PSNPUBKY",$JOB,LN))
QUIT
Begin DoDot:2
+14 SET OPENSSH=OPENSSH_$GET(^TMP("PSNPUBKY",$JOB,LN))
End DoDot:2
End DoDot:1
+15 QUIT OPENSSH
+16 ;
ENDOS() ; Returns the Backend Server Operating System (OS)
+1 ;Output: Backend Operating System (e.,g., "VMS", "UNIX")
+2 ;
+3 NEW ENDOS,ZTRTN,ZTIO,ZTDESC,ZTDTH,ZTSK,I
+4 KILL ^XTMP("PSNKEY",$JOB,"OS")
+5 SET ENDOS=""
SET ZTRTN="SETOS^PSNOSKEY("_$JOB_")"
SET ZTIO=""
+6 SET ZTDESC="Backend Server OS Check"
+7 SET ZTDTH=$$NOW^XLFDT()
DO ^%ZTLOAD
+8 FOR I=1:1:5
SET ENDOS=$GET(^XTMP("PSNKEY",$JOB,"OS"))
if ENDOS'=""
QUIT
HANG 1
+9 KILL ^XTMP("PSNKEY",$JOB,"OS")
+10 QUIT $SELECT(ENDOS'="":ENDOS,1:$$OS^%ZOSV())
+11 ;
SETOS(JOB) ; Sets the Operating Systems in ^XTMP("PSNKEY",$J,"OS") (Called via Taskman)
+1 ;Input: JOB - $Job value from calling process
+2 SET ^XTMP("PSNKEY",JOB,"OS")=$$OS^%ZOSV()
+3 QUIT
+4 ;
HELP ; Encryption Type Help
+1 WRITE !!,"Secure SHell (SSH) Encryption Keys are used to allow data file download."
+2 WRITE !,"Follow the steps below to successfully setup data file download from Austin "
+3 WRITE !,"server to VistA sites:",!
+4 WRITE !,"Step 1: Select the 'C' (Create New SSH Key Pair) Action and follow the prompts"
+5 WRITE !," to create a new pair of SSH keys. If you already have an existing SSH"
+6 WRITE !," Key Pair you can skip this step."
+7 WRITE !," You can check whether you already have an existing SSH Key Pair"
+8 WRITE !," through the 'V' (View Public SSH Key) Action."
+9 WRITE !,""
+10 DO HELP1
DO PAUSE
+11 WRITE !!,"Step 2: Share the Public SSH Key content with the PPS-N SFTP server (Austin)."
+12 WRITE !," Inorder to successfully establish the data download files, the SFTP "
+13 WRITE !," server at Austin needs to install/configure the new SSH Key created in"
+14 WRITE !," step 1 for the user id they assigned to your site. Use the 'V' (View "
+15 WRITE !," Public SSH Key) Action to retrieve the content of the Public SSH key."
+16 WRITE !," The Public SSH Key should not contain line-feed characters, therefore "
+17 WRITE !," after you copy & paste it from the terminal emulator into an email or "
+18 WRITE !," text editor make sure it contains only one line of text (no wrapping)."
+19 QUIT
+20 ;
HELP1 ; Encryption Type Help
+1 WRITE !," Encryption Type: RSA or DSA?"
+2 WRITE !," ----------------------------"
+3 WRITE !," The Rivest, Shamir & Adleman (RSA) and Digital Signature Algorithm"
+4 WRITE !," (DSA) are two of the most common encryption algorithms used in IT "
+5 WRITE !," industry for securely sharing data."
+6 QUIT
PAUSE ; Pauses screen until user hits Return
+1 WRITE !
KILL DIR
SET DIR("A")="Press Return to continue"
SET DIR(0)="E"
DO ^DIR
+2 QUIT
+3 ;
ASK() ; confirm creating new pair
+1 NEW Y
SET Y=0
if '$DATA(^TMP("PSNPUBKY",$JOB))
QUIT 1
+2 KILL DIRUT,DUOUT,DIR,X,Y
SET DIR(0)="Y"
SET DIR("?")="Please enter Y or N."
+3 SET DIR("A")="Do you want to delete existing key pair and create new pair"
WRITE !!
+4 SET DIR("B")="NO"
DO ^DIR
+5 QUIT Y