Adding single local key for root and users.
authorDaniel Baumann <daniel@debian.org>
Fri, 1 Mar 2013 16:24:11 +0000 (17:24 +0100)
committerDaniel Baumann <daniel@debian.org>
Fri, 1 Mar 2013 16:28:23 +0000 (17:28 +0100)
scripts/debconfig/0010-passwd
scripts/debconfig/0010-passwd.templates

index 26bfba6..5e895a2 100755 (executable)
@@ -95,6 +95,15 @@ then
        db_set live-debconfig/passwd/root-password-crypted ""
 fi
 
+# root local ssh key
+if db_get live-debconfig/passwd/root-key-local
+then
+       _ROOT_KEY_LOCAL="${RET}" # string (w/ empty)
+
+       db_fset live-debconfig/passwd/root-key-local seen false
+       db_set live-debconfig/passwd/root-key-local ""
+fi
+
 # user name
 if db_get live-debconfig/passwd/user-name
 then
@@ -196,6 +205,15 @@ then
                db_set live-debconfig/passwd/user-password-crypted ""
        fi
 
+       # user local ssh key
+       if db_get live-debconfig/passwd/user-key-local
+       then
+               _USER_KEY_LOCAL="${RET}" # string (w/ empty)
+
+               db_fset live-debconfig/passwd/user-key-local seen false
+               db_set live-debconfig/passwd/user-key-local ""
+       fi
+
        # user home
        if db_get live-debconfig/passwd/user-home
        then
@@ -287,6 +305,14 @@ do
                db_set live-debconfig/passwd/user${_NUMBER}-password-crypted ""
        fi
 
+       if db_get live-debconfig/passwd/user${_NUMBER}-key-local
+       then
+               eval _USER${_NUMBER}_KEY_LOCAL="\"${RET}\"" # string (w/ empty)
+
+               db_fset live-debconfig/passwd/user${_NUMBER}-key-local seen false
+               db_set live-debconfig/passwd/user${_NUMBER}-key-local ""
+       fi
+
        if db_get live-debconfig/passwd/user${_NUMBER}-home
        then
                eval _USER${_NUMBER}_HOME="\"${RET:-/home/${_USER_NAME}}\"" # string (w/o empty)
@@ -368,6 +394,17 @@ then
        usermod --password=${_ROOT_PASSWORD_CRYPTED} root
 fi
 
+if [ -n "${_ROOT_KEY_LOCAL}" ]
+then
+       mkdir -p /root/.ssh
+
+       echo "${_ROOT_KEY_LOCAL}" >> /root/.ssh/authorized_keys
+
+       chown root:root /root/.ssh -R
+       chmod 0700 /root/.ssh
+       chmod 0600 /root/.ssh/authorized_keys
+fi
+
 # single user creation
 if [ -n "${_USER_NAME}" ]
 then
@@ -454,6 +491,19 @@ EOF
        else
                echo "W: user \"${_USER_NAME}\" already exists, not creating new user."
        fi
+
+       # FIXME: probably should do a lookup of users home directory,
+       # for now we asume it's ${_USER_HOME}
+       if [ -n "${_USER_HOME}" ] && [ -n "${_USER_KEY_LOCAL}" ]
+       then
+               mkdir -p "${_USER_HOME}/.ssh"
+
+               echo "${_USER_KEY_LOCAL}" >> "${_USER_HOME}/.ssh/authorized_keys"
+
+               chown ${_USER_NAME}:${_USER_NAME} "${_USER_HOME}/.ssh" -R
+               chmod 0700 "${_USER_HOME}/.ssh"
+               chmod 0600 "${_USER_HOME}/.ssh/authorized_keys"
+       fi
 fi
 
 # multiple user creation
@@ -462,6 +512,7 @@ do
        eval _NAME="$`echo _USER${_NUMBER}_NAME`"
        eval _PASSWORD="$`echo _USER${_NUMBER}_PASSWORD`"
        eval _PASSWORD_CRYPTED="$`echo _USER${_NUMBER}_PASSWORD_CRYPTED`"
+       eval _KEY_LOCAL="$`echo _USER${_NUMBER}_KEY_LOCAL`"
        eval _HOME="$`echo _USER${_NUMBER}_HOME`"
        eval _UID="$`echo _USER${_NUMBER}_UID`"
        eval _GID="$`echo _USER${_NUMBER}_GID`"
@@ -557,4 +608,17 @@ EOF
        else
                echo "W: user \"${_NAME}\" already exists, not creating new user."
        fi
+
+       # FIXME: probably should do a lookup of users home directory,
+       # for now we asume it's ${_HOME}
+       if [ -n "${_HOME}" ] && [ -n "${_KEY_LOCAL}" ]
+       then
+               mkdir -p "${_HOME}/.ssh"
+
+               echo "${_KEY_LOCAL}" >> "${_HOME}/.ssh/authorized_keys"
+
+               chown ${_NAME}:${_NAME} "${_HOME}/.ssh" -R
+               chmod 0700 "${_HOME}/.ssh"
+               chmod 0600 "${_HOME}/.ssh/authorized_keys"
+       fi
 done
index fed3fbf..2d5dbd7 100644 (file)
@@ -27,6 +27,10 @@ Template: live-debconfig/passwd/root-password-crypted
 Type: password
 Description: internal
 
+Template: live-debconfig/passwd/root-key-local
+Type: string
+Description: internal
+
 Template: live-debconfig/passwd/user-name
 Type: string
 Description: live-debconfig: user account name?
@@ -58,6 +62,10 @@ Template: live-debconfig/passwd/user-password-crypted
 Type: password
 Description: internal
 
+Template: live-debconfig/passwd/user-key-local
+Type: string
+Description: internal
+
 Template: live-debconfig/passwd/user-home
 Type: string
 Description: internal