blob: 0bac5878f2f041a0f2a962d880a86ced783ddc0d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/bash
set -eu -o pipefail
die() {
echo "ERROR: $*" 1>&2
exit 1
}
cleanup() {
umount "$drive" || true
rmdir "$mnt"
}
trap cleanup EXIT
drive="$1"
pubkey="$2"
[ -e "$drive" ] || die "$drive does not exist"
[ -e "$pubkey" ] || die "$pubkey does not exist"
mnt="$(mktemp -d)"
mount "$drive" "$mnt"
include="$mnt/etc/ssh/sshd_config.d/userca.conf"
echo "TrustedUserCAKeys /etc/ssh/user_ca_keys" >"$include"
chown root:root "$include"
chmod 0644 "$include"
cakeys="$mnt/etc/ssh/user_ca_keys"
install -m 0600 "$pubkey" "$cakeys"
|