LibertaCasa/system
9
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Finalize OpenBSD compatibility

Browse Source 
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-12-04 21:09:41 +01:00
parent ab28db5bf8
commit 05548c749e
Signed by: Georg
GPG Key ID: 1DAF57F49F8E8F22
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
scripts/sh/deploy_ssh_ca_client.sh
View File

@ -22,23 +22,32 @@ KERNEL=$(uname)
IP_ADDRESS="$(get_ip_address)" IP_ADDRESS="$(get_ip_address)"
if [ "$KERNEL" = "OpenBSD" ] || [ "$KERNEL" = "Linux" ]; then if [ "$KERNEL" = "OpenBSD" ] || [ "$KERNEL" = "Linux" ]; then
if [ -f /tmp/$HOSTNAME ] && [ -f /tmp/$HOSTNAME-cert.pub ]; then if [ -f /tmp/$HOSTNAME ] && [ -f /tmp/$HOSTNAME-cert.pub ]; then
if [ ! -d /etc/ssh/old ]; then
mkdir /etc/ssh/old mkdir /etc/ssh/old
[ -f /etc/ssh/ssh_known_hosts ] && mv /etc/ssh/ssh_known_hosts/ /etc/ssh/old/ fi
if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then if [ -f /etc/ssh/ssh_known_hosts ]; then
mv /etc/ssh/ssh_known_hosts /etc/ssh/old/
fi
#if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then
#mv /etc/ssh/ssh_host_* /etc/ssh/old/
#fi
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
mv /etc/ssh/ssh_host_* /etc/ssh/old/ mv /etc/ssh/ssh_host_* /etc/ssh/old/
fi fi
mv /etc/ssh/sshd_config /etc/ssh/old/ mv /etc/ssh/sshd_config /etc/ssh/old/
[ -f /etc/ssh/ssh_config ] && mv /etc/ssh/old/ if [ -f /etc/ssh/ssh_config ]; then
mv /etc/ssh/ssh_config /etc/ssh/old/
fi
mv /tmp/$HOSTNAME /etc/ssh/ mv /tmp/$HOSTNAME /etc/ssh/
mv /tmp/$HOSTNAME-cert.pub /etc/ssh/ mv /tmp/$HOSTNAME-cert.pub /etc/ssh/
cat <<'EOF_SSHD_CONFIG' >/etc/ssh/sshd_config cat <<'EOF_SSHD_CONFIG' >/etc/ssh/sshd_config
ListenAddress $IP_ADDRESS ListenAddress %%IP_ADDRESS%%
Protocol 2 Protocol 2
SyslogFacility AUTH SyslogFacility AUTH
LogLevel FATAL LogLevel FATAL
HostKey /etc/ssh/$HOSTNAME HostKey /etc/ssh/%%HOSTNAME%%
HostCertificate /etc/ssh/$HOSTNAME-cert.pub HostCertificate /etc/ssh/%%HOSTNAME%%-cert.pub
TrustedUserCAKeys /etc/ssh/user_ca TrustedUserCAKeys /etc/ssh/user_ca
PasswordAuthentication no PasswordAuthentication no
ChallengeResponseAuthentication no ChallengeResponseAuthentication no
@ -54,8 +63,9 @@ X11Forwarding no
PrintMotd yes PrintMotd yes
PrintLastLog yes PrintLastLog yes
EOF_SSHD_CONFIG EOF_SSHD_CONFIG
sed -i -e "s/%%IP_ADDRESS%%/$IP_ADDRESS/" -e "s/%%HOSTNAME%%/$HOSTNAME/" /etc/ssh/sshd_config
cat <<'EOF_USER_CA' >/etc/ssh/user_ca cat <<'EOF_USER_CA' >/etc/ssh/user_ca
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD system@lysergic.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD root@philia.rigel.lysergic.dev
EOF_USER_CA EOF_USER_CA
case $KERNEL in case $KERNEL in
"OpenBSD" ) rcctl reload sshd "OpenBSD" ) rcctl reload sshd