Finalize OpenBSD compatibility

Signed-off-by: Georg <georg@lysergic.dev>
2021-12-04 21:09:41 +01:00 · 2021-12-04 21:09:41 +01:00 · 35320e15a3
parent 7bcae4982d
commit 35320e15a3
1 changed files with 19 additions and 9 deletions
--- a/scripts/sh/deploy_ssh_ca_client.sh
+++ b/scripts/sh/deploy_ssh_ca_client.sh
@ -22,23 +22,32 @@ KERNEL=$(uname)
 IP_ADDRESS="$(get_ip_address)"
 if [ "$KERNEL" = "OpenBSD" ] || [ "$KERNEL" = "Linux" ]; then
        if [ -f /tmp/$HOSTNAME ] && [ -f /tmp/$HOSTNAME-cert.pub ]; then
-                mkdir /etc/ssh/old
-                [ -f /etc/ssh/ssh_known_hosts ] && mv /etc/ssh/ssh_known_hosts/ /etc/ssh/old/
-                if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then
-                mv /etc/ssh/ssh_host_* /etc/ssh/old/
+                if [ ! -d /etc/ssh/old ]; then
+                        mkdir /etc/ssh/old
+                fi
+                if [ -f /etc/ssh/ssh_known_hosts ]; then
+                        mv /etc/ssh/ssh_known_hosts /etc/ssh/old/
+                fi
+                #if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then
+                #mv /etc/ssh/ssh_host_* /etc/ssh/old/
+                #fi
+                if [ -f /etc/ssh/ssh_host_rsa_key ]; then
+                        mv /etc/ssh/ssh_host_* /etc/ssh/old/
                fi
                mv /etc/ssh/sshd_config /etc/ssh/old/
-                [ -f /etc/ssh/ssh_config ] && mv /etc/ssh/old/
+                if [ -f /etc/ssh/ssh_config ]; then
+                        mv /etc/ssh/ssh_config /etc/ssh/old/
+                fi
                mv /tmp/$HOSTNAME /etc/ssh/
                mv /tmp/$HOSTNAME-cert.pub /etc/ssh/
                cat <<'EOF_SSHD_CONFIG' >/etc/ssh/sshd_config
-ListenAddress   $IP_ADDRESS
+ListenAddress   %%IP_ADDRESS%%
 Protocol        2
 SyslogFacility  AUTH
 LogLevel        FATAL

-HostKey                         /etc/ssh/$HOSTNAME
-HostCertificate                 /etc/ssh/$HOSTNAME-cert.pub
+HostKey                         /etc/ssh/%%HOSTNAME%%
+HostCertificate                 /etc/ssh/%%HOSTNAME%%-cert.pub
 TrustedUserCAKeys               /etc/ssh/user_ca
 PasswordAuthentication          no
 ChallengeResponseAuthentication no
@ -54,8 +63,9 @@ X11Forwarding   no
 PrintMotd       yes
 PrintLastLog    yes
 EOF_SSHD_CONFIG
+        sed -i -e "s/%%IP_ADDRESS%%/$IP_ADDRESS/" -e "s/%%HOSTNAME%%/$HOSTNAME/" /etc/ssh/sshd_config
        cat <<'EOF_USER_CA' >/etc/ssh/user_ca
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD system@lysergic.dev
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD root@philia.rigel.lysergic.dev
 EOF_USER_CA
                case $KERNEL in
                        "OpenBSD" ) rcctl reload sshd