Refactor ssh; revert to rsa.
This commit is contained in:
parent
6e2514b12f
commit
4f466381f6
GPG Key ID:
B443E530A14E1C90
@ -103,7 +103,7 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
|||||||
bash -c "./wait_for_lxc_ip.sh --lxd-name=$LXD_VM_NAME"
|
bash -c "./wait_for_lxc_ip.sh --lxd-name=$LXD_VM_NAME"
|
||||||
|
|
||||||
# scan the remote machine and install it's identity in our SSH known_hosts file.
|
# scan the remote machine and install it's identity in our SSH known_hosts file.
|
||||||
ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
|
ssh-keyscan -H "$FQDN" >> "$SSH_HOME/known_hosts"
|
||||||
|
|
||||||
ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_DATA_PATH"
|
ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_DATA_PATH"
|
||||||
ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_BACKUP_PATH"
|
ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_BACKUP_PATH"
|
||||||
|
|||||||
17
install.sh
17
install.sh
@ -60,7 +60,20 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# if the ss-mgmt doesn't exist, create it.
|
# if the ss-mgmt doesn't exist, create it.
|
||||||
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
|
SSH_PATH="$HOME/.ssh"
|
||||||
|
SSH_PRIVKEY_PATH="$SSH_PATH/id_rsa"
|
||||||
|
SSH_PUBKEY_PATH="$SSH_PRIVKEY_PATH.pub"
|
||||||
|
|
||||||
|
if [ ! -f "$SSH_PRIVKEY_PATH" ]; then
|
||||||
|
ssh-keygen -f "$SSH_PRIVKEY_PATH" -t rsa -b 4096
|
||||||
|
fi
|
||||||
|
|
||||||
|
chmod 700 "$HOME/.ssh"
|
||||||
|
chmod 600 "$HOME/.ssh/config"
|
||||||
|
|
||||||
|
# add SSH_PUBKEY_PATH to authorized_keys
|
||||||
|
grep -qxF "$(cat $SSH_PUBKEY_PATH)" "$SSH_PATH/authorized_keys" || cat "$SSH_PUBKEY_PATH" >> "$SSH_PATH/authorized_keys"
|
||||||
|
|
||||||
FROM_BUILT_IMAGE=false
|
FROM_BUILT_IMAGE=false
|
||||||
if ! lxc list --format csv | grep -q ss-mgmt; then
|
if ! lxc list --format csv | grep -q ss-mgmt; then
|
||||||
|
|
||||||
@ -163,7 +176,7 @@ fi
|
|||||||
# configuration for the base image preparataion.
|
# configuration for the base image preparataion.
|
||||||
ssh-keygen -R "$IP_V4_ADDRESS"
|
ssh-keygen -R "$IP_V4_ADDRESS"
|
||||||
|
|
||||||
ssh-keyscan -H -t ecdsa "$IP_V4_ADDRESS" >> "$SSH_HOME/known_hosts"
|
ssh-keyscan -H "$IP_V4_ADDRESS" >> "$SSH_HOME/known_hosts"
|
||||||
|
|
||||||
ssh "ubuntu@$IP_V4_ADDRESS" sudo chown -R ubuntu:ubuntu /home/ubuntu
|
ssh "ubuntu@$IP_V4_ADDRESS" sudo chown -R ubuntu:ubuntu /home/ubuntu
|
||||||
|
|
||||||
|
|||||||
@ -44,20 +44,9 @@ fi
|
|||||||
# run a lxd command so we don't we a warning upon first invocation
|
# run a lxd command so we don't we a warning upon first invocation
|
||||||
lxc list > /dev/null 2>&1
|
lxc list > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
# add groups for docker and lxd
|
# add groups for docker and lxd
|
||||||
if ! groups ubuntu | grep -q docker; then
|
if ! groups ubuntu | grep -q docker; then
|
||||||
sudo addgroup docker
|
sudo addgroup docker
|
||||||
sudo usermod -aG docker ubuntu
|
sudo usermod -aG docker ubuntu
|
||||||
sudo usermod -aG lxd ubuntu
|
sudo usermod -aG lxd ubuntu
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# if an SSH pubkey does not exist, we create one.
|
|
||||||
# TODO convert this to Trezor-backed SSH
|
|
||||||
if [ ! -f /home/ubuntu/.ssh/id_rsa.pub ]; then
|
|
||||||
# generate a new SSH key for the base vm image.
|
|
||||||
ssh-keygen -f /home/ubuntu/.ssh/id_rsa -t ecdsa -b 521 -N ""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Your management machine has been provisioned!"
|
|
||||||
Loading…
Reference in New Issue
Block a user