summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2022-04-08 17:15:39 +0300
committerLars Wirzenius <liw@liw.fi>2022-04-08 17:15:39 +0300
commit7c4b6e29b1d48847aedbc6da5316c5a30fb5ede2 (patch)
tree61650ad9702dfea71bb32a8a1864d31028924f46
parent7bc7d4f3fc2ed3355ed0b15b83680cca27f9345d (diff)
downloadv-i-7c4b6e29b1d48847aedbc6da5316c5a30fb5ede2.tar.gz
feat: add script to configure ssh on installer accept an SSH CA
Sponsored-by: author
-rwxr-xr-xset-user-ca-pubkey32
1 files changed, 32 insertions, 0 deletions
diff --git a/set-user-ca-pubkey b/set-user-ca-pubkey
new file mode 100755
index 0000000..0bac587
--- /dev/null
+++ b/set-user-ca-pubkey
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+die() {
+ echo "ERROR: $*" 1>&2
+ exit 1
+}
+
+cleanup() {
+ umount "$drive" || true
+ rmdir "$mnt"
+}
+
+trap cleanup EXIT
+
+drive="$1"
+pubkey="$2"
+
+[ -e "$drive" ] || die "$drive does not exist"
+[ -e "$pubkey" ] || die "$pubkey does not exist"
+
+mnt="$(mktemp -d)"
+mount "$drive" "$mnt"
+
+include="$mnt/etc/ssh/sshd_config.d/userca.conf"
+echo "TrustedUserCAKeys /etc/ssh/user_ca_keys" >"$include"
+chown root:root "$include"
+chmod 0644 "$include"
+
+cakeys="$mnt/etc/ssh/user_ca_keys"
+install -m 0600 "$pubkey" "$cakeys"