diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-04-08 17:15:39 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-04-08 17:15:39 +0300 |
commit | 7c4b6e29b1d48847aedbc6da5316c5a30fb5ede2 (patch) | |
tree | 61650ad9702dfea71bb32a8a1864d31028924f46 | |
parent | 7bc7d4f3fc2ed3355ed0b15b83680cca27f9345d (diff) | |
download | v-i-7c4b6e29b1d48847aedbc6da5316c5a30fb5ede2.tar.gz |
feat: add script to configure ssh on installer accept an SSH CA
Sponsored-by: author
-rwxr-xr-x | set-user-ca-pubkey | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/set-user-ca-pubkey b/set-user-ca-pubkey new file mode 100755 index 0000000..0bac587 --- /dev/null +++ b/set-user-ca-pubkey @@ -0,0 +1,32 @@ +#!/bin/bash + +set -eu -o pipefail + +die() { + echo "ERROR: $*" 1>&2 + exit 1 +} + +cleanup() { + umount "$drive" || true + rmdir "$mnt" +} + +trap cleanup EXIT + +drive="$1" +pubkey="$2" + +[ -e "$drive" ] || die "$drive does not exist" +[ -e "$pubkey" ] || die "$pubkey does not exist" + +mnt="$(mktemp -d)" +mount "$drive" "$mnt" + +include="$mnt/etc/ssh/sshd_config.d/userca.conf" +echo "TrustedUserCAKeys /etc/ssh/user_ca_keys" >"$include" +chown root:root "$include" +chmod 0644 "$include" + +cakeys="$mnt/etc/ssh/user_ca_keys" +install -m 0600 "$pubkey" "$cakeys" |