summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/sh/deploy_ssh_ca_client.sh28
1 files changed, 19 insertions, 9 deletions
diff --git a/scripts/sh/deploy_ssh_ca_client.sh b/scripts/sh/deploy_ssh_ca_client.sh
index 078ef77..aa5dbee 100644
--- a/scripts/sh/deploy_ssh_ca_client.sh
+++ b/scripts/sh/deploy_ssh_ca_client.sh
@@ -22,23 +22,32 @@ KERNEL=$(uname)
IP_ADDRESS="$(get_ip_address)"
if [ "$KERNEL" = "OpenBSD" ] || [ "$KERNEL" = "Linux" ]; then
if [ -f /tmp/$HOSTNAME ] && [ -f /tmp/$HOSTNAME-cert.pub ]; then
- mkdir /etc/ssh/old
- [ -f /etc/ssh/ssh_known_hosts ] && mv /etc/ssh/ssh_known_hosts/ /etc/ssh/old/
- if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then
- mv /etc/ssh/ssh_host_* /etc/ssh/old/
+ if [ ! -d /etc/ssh/old ]; then
+ mkdir /etc/ssh/old
+ fi
+ if [ -f /etc/ssh/ssh_known_hosts ]; then
+ mv /etc/ssh/ssh_known_hosts /etc/ssh/old/
+ fi
+ #if compgen -G "/etc/ssh/ssh_host_*" > /dev/null; then
+ #mv /etc/ssh/ssh_host_* /etc/ssh/old/
+ #fi
+ if [ -f /etc/ssh/ssh_host_rsa_key ]; then
+ mv /etc/ssh/ssh_host_* /etc/ssh/old/
fi
mv /etc/ssh/sshd_config /etc/ssh/old/
- [ -f /etc/ssh/ssh_config ] && mv /etc/ssh/old/
+ if [ -f /etc/ssh/ssh_config ]; then
+ mv /etc/ssh/ssh_config /etc/ssh/old/
+ fi
mv /tmp/$HOSTNAME /etc/ssh/
mv /tmp/$HOSTNAME-cert.pub /etc/ssh/
cat <<'EOF_SSHD_CONFIG' >/etc/ssh/sshd_config
-ListenAddress $IP_ADDRESS
+ListenAddress %%IP_ADDRESS%%
Protocol 2
SyslogFacility AUTH
LogLevel FATAL
-HostKey /etc/ssh/$HOSTNAME
-HostCertificate /etc/ssh/$HOSTNAME-cert.pub
+HostKey /etc/ssh/%%HOSTNAME%%
+HostCertificate /etc/ssh/%%HOSTNAME%%-cert.pub
TrustedUserCAKeys /etc/ssh/user_ca
PasswordAuthentication no
ChallengeResponseAuthentication no
@@ -54,8 +63,9 @@ X11Forwarding no
PrintMotd yes
PrintLastLog yes
EOF_SSHD_CONFIG
+ sed -i -e "s/%%IP_ADDRESS%%/$IP_ADDRESS/" -e "s/%%HOSTNAME%%/$HOSTNAME/" /etc/ssh/sshd_config
cat <<'EOF_USER_CA' >/etc/ssh/user_ca
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD system@lysergic.dev
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLbLqHWXcxLGf58aJwa4eSC3KYGfdIiluKynOXS/fZD root@philia.rigel.lysergic.dev
EOF_USER_CA
case $KERNEL in
"OpenBSD" ) rcctl reload sshd