Refactor ssh; revert to rsa.
This commit is contained in:
parent
6e2514b12f
commit
4f466381f6
GPG Key ID:
B443E530A14E1C90
|
|
@ -103,7 +103,7 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
|||
bash -c "./wait_for_lxc_ip.sh --lxd-name=$LXD_VM_NAME"
|
||||
|
||||
# scan the remote machine and install it's identity in our SSH known_hosts file.
|
||||
ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
|
||||
ssh-keyscan -H "$FQDN" >> "$SSH_HOME/known_hosts"
|
||||
|
||||
ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_DATA_PATH"
|
||||
ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_BACKUP_PATH"
|
||||
|
|
|
|||
17
install.sh
17
install.sh
|
|
@ -60,7 +60,20 @@ EOF
|
|||
fi
|
||||
|
||||
# if the ss-mgmt doesn't exist, create it.
|
||||
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
|
||||
SSH_PATH="$HOME/.ssh"
|
||||
SSH_PRIVKEY_PATH="$SSH_PATH/id_rsa"
|
||||
SSH_PUBKEY_PATH="$SSH_PRIVKEY_PATH.pub"
|
||||
|
||||
if [ ! -f "$SSH_PRIVKEY_PATH" ]; then
|
||||
ssh-keygen -f "$SSH_PRIVKEY_PATH" -t rsa -b 4096
|
||||
fi
|
||||
|
||||
chmod 700 "$HOME/.ssh"
|
||||
chmod 600 "$HOME/.ssh/config"
|
||||
|
||||
# add SSH_PUBKEY_PATH to authorized_keys
|
||||
grep -qxF "$(cat $SSH_PUBKEY_PATH)" "$SSH_PATH/authorized_keys" || cat "$SSH_PUBKEY_PATH" >> "$SSH_PATH/authorized_keys"
|
||||
|
||||
FROM_BUILT_IMAGE=false
|
||||
if ! lxc list --format csv | grep -q ss-mgmt; then
|
||||
|
||||
|
|
@ -163,7 +176,7 @@ fi
|
|||
# configuration for the base image preparataion.
|
||||
ssh-keygen -R "$IP_V4_ADDRESS"
|
||||
|
||||
ssh-keyscan -H -t ecdsa "$IP_V4_ADDRESS" >> "$SSH_HOME/known_hosts"
|
||||
ssh-keyscan -H "$IP_V4_ADDRESS" >> "$SSH_HOME/known_hosts"
|
||||
|
||||
ssh "ubuntu@$IP_V4_ADDRESS" sudo chown -R ubuntu:ubuntu /home/ubuntu
|
||||
|
||||
|
|
|
|||
|
|
@ -44,20 +44,9 @@ fi
|
|||
# run a lxd command so we don't we a warning upon first invocation
|
||||
lxc list > /dev/null 2>&1
|
||||
|
||||
|
||||
# add groups for docker and lxd
|
||||
if ! groups ubuntu | grep -q docker; then
|
||||
sudo addgroup docker
|
||||
sudo usermod -aG docker ubuntu
|
||||
sudo usermod -aG lxd ubuntu
|
||||
fi
|
||||
|
||||
|
||||
# if an SSH pubkey does not exist, we create one.
|
||||
# TODO convert this to Trezor-backed SSH
|
||||
if [ ! -f /home/ubuntu/.ssh/id_rsa.pub ]; then
|
||||
# generate a new SSH key for the base vm image.
|
||||
ssh-keygen -f /home/ubuntu/.ssh/id_rsa -t ecdsa -b 521 -N ""
|
||||
fi
|
||||
|
||||
echo "Your management machine has been provisioned!"
|
||||
Loading…
Reference in New Issue