diff options
author | Georg | 2021-12-04 21:09:41 +0100 |
---|---|---|
committer | Georg | 2021-12-04 21:09:41 +0100 |
commit | 35320e15a35aae27e909b1e777da811ad2174621 (patch) | |
tree | 8e9f11bc2fd72a34eddde08565b73a9e25677dcc /scripts | |
parent | 7bcae4982d3025d7e9b54e962586c7ed84b9e02e (diff) | |
download | system-35320e15a35aae27e909b1e777da811ad2174621.tar.gz system-35320e15a35aae27e909b1e777da811ad2174621.tar.bz2 system-35320e15a35aae27e909b1e777da811ad2174621.zip |
Finalize OpenBSD compatibility
Signed-off-by: Georg <georg@lysergic.dev>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/sh/deploy_ssh_ca_client.sh | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/scripts/sh/deploy_ssh_ca_client.sh b/scripts/sh/deploy_ssh_ca_client.sh index 078ef77..aa5dbee 100644 --- a/scripts/sh/deploy_ssh_ca_client.sh +++ b/scripts/sh/deploy_ssh_ca_client.sh @@ -22,23 +22,32 @@ KERNEL=$(uname) IP_ADDRESS="$(get_ip_address)" if [ "$KERNEL" = "OpenBSD" ] || [ "$KERNEL" = "Linux" ]; then if [ -f /tmp/$HOSTNAME ] && [ -f /tmp/$HOSTNAME-cert.pub ]; then - mkdir /etc/ssh/old - [ -f /etc/ssh/ssh_known_hosts ] && mv /etc/ssh/ssh_known_hosts/ /etc/ssh/old/ - if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then - mv /etc/ssh/ssh_host_* /etc/ssh/old/ + if [ ! -d /etc/ssh/old ]; then + mkdir /etc/ssh/old + fi + if [ -f /etc/ssh/ssh_known_hosts ]; then + mv /etc/ssh/ssh_known_hosts /etc/ssh/old/ + fi + #if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then + #mv /etc/ssh/ssh_host_* /etc/ssh/old/ + #fi + if [ -f /etc/ssh/ssh_host_rsa_key ]; then + mv /etc/ssh/ssh_host_* /etc/ssh/old/ fi mv /etc/ssh/sshd_config /etc/ssh/old/ - [ -f /etc/ssh/ssh_config ] && mv /etc/ssh/old/ + if [ -f /etc/ssh/ssh_config ]; then + mv /etc/ssh/ssh_config /etc/ssh/old/ + fi mv /tmp/$HOSTNAME /etc/ssh/ mv /tmp/$HOSTNAME-cert.pub /etc/ssh/ cat <<'EOF_SSHD_CONFIG' >/etc/ssh/sshd_config -ListenAddress $IP_ADDRESS +ListenAddress %%IP_ADDRESS%% Protocol 2 SyslogFacility AUTH LogLevel FATAL -HostKey /etc/ssh/$HOSTNAME -HostCertificate /etc/ssh/$HOSTNAME-cert.pub +HostKey /etc/ssh/%%HOSTNAME%% +HostCertificate /etc/ssh/%%HOSTNAME%%-cert.pub TrustedUserCAKeys /etc/ssh/user_ca PasswordAuthentication no ChallengeResponseAuthentication no @@ -54,8 +63,9 @@ X11Forwarding no PrintMotd yes PrintLastLog yes EOF_SSHD_CONFIG + sed -i -e "s/%%IP_ADDRESS%%/$IP_ADDRESS/" -e "s/%%HOSTNAME%%/$HOSTNAME/" /etc/ssh/sshd_config cat <<'EOF_USER_CA' >/etc/ssh/user_ca -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD system@lysergic.dev +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD root@philia.rigel.lysergic.dev EOF_USER_CA case $KERNEL in "OpenBSD" ) rcctl reload sshd |