diff options
| -rwxr-xr-x | set-user-ca-pubkey | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/set-user-ca-pubkey b/set-user-ca-pubkey new file mode 100755 index 0000000..0bac587 --- /dev/null +++ b/set-user-ca-pubkey @@ -0,0 +1,32 @@ +#!/bin/bash + +set -eu -o pipefail + +die() { + echo "ERROR: $*" 1>&2 + exit 1 +} + +cleanup() { + umount "$drive" || true + rmdir "$mnt" +} + +trap cleanup EXIT + +drive="$1" +pubkey="$2" + +[ -e "$drive" ] || die "$drive does not exist" +[ -e "$pubkey" ] || die "$pubkey does not exist" + +mnt="$(mktemp -d)" +mount "$drive" "$mnt" + +include="$mnt/etc/ssh/sshd_config.d/userca.conf" +echo "TrustedUserCAKeys /etc/ssh/user_ca_keys" >"$include" +chown root:root "$include" +chmod 0644 "$include" + +cakeys="$mnt/etc/ssh/user_ca_keys" +install -m 0600 "$pubkey" "$cakeys" |