From: Christian Heller Date: Wed, 25 Sep 2024 04:22:02 +0000 (+0200) Subject: Various fixes. X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/%7B%7B%20web_path%20%7D%7D/todo?a=commitdiff_plain;h=96232db450bb7bad167361abc461516b048edf66;p=config Various fixes. --- diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh index 387ba39..fbc3d9d 100755 --- a/bookworm/setup_scripts/copy_dirtree.sh +++ b/bookworm/setup_scripts/copy_dirtree.sh @@ -9,7 +9,7 @@ # CAUTION: This removes original files at the affected paths. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 3 "(source root, target root, modules)" "$@" diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh index 65ae67d..b08cf2d 100755 --- a/bookworm/setup_scripts/migrate_borg.sh +++ b/bookworm/setup_scripts/migrate_borg.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(old server IP)" "$@" old_server="$1" diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh index aef69f1..d650165 100755 --- a/bookworm/setup_scripts/mirror_dir.sh +++ b/bookworm/setup_scripts/mirror_dir.sh @@ -2,7 +2,7 @@ # Mirror directory tree from remote to local server, keeping the path. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 2 "(server, directory)" "$@" server=$1 diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh index 5f55362..8e54ca5 100755 --- a/bookworm/setup_scripts/prepare_to_meet_server.sh +++ b/bookworm/setup_scripts/prepare_to_meet_server.sh @@ -2,7 +2,7 @@ # Do some of the steps necessary to SSH (key-based) with another server. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(server IP)" "$@" target="$1" diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh index bcf3d9d..929d8bc 100755 --- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh +++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh @@ -14,7 +14,7 @@ # Ignores IPv6s. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(hostname, fqdn)" "$@" diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index 2eb19b3..fe11b83 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh index a065bd4..54f0db1 100755 --- a/bookworm/setup_scripts/setup_home.sh +++ b/bookworm/setup_scripts/setup_home.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index 93bfa1c..c854b95 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -3,7 +3,7 @@ # the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh index d7c651f..4807e8a 100755 --- a/bookworm/setup_scripts/setup_web.sh +++ b/bookworm/setup_scripts/setup_web.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_setup_finished_file setup_server_has_been_run setup_server.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index 6db4f2e..ed246e1 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -1,11 +1,15 @@ #!/bin/sh -# as per https://wiki.debian.org/DebianUpgrade +# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't +# expect any customized config files to survive this. If you run this on a +# remote machine, take care not to loose anything you need to re-connect, e.g. +# any relevant adaptations you did to /etc/ssh/sshd_config … + set -e . ./misc.sh apt update -apt -y -o Dpkg::Options::="--force-confnew" upgrade -apt -y full-upgrade +apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" apt clean diff --git a/bullseye/etc_files/server/etc/ssh/sshd_config b/bullseye/etc_files/server/etc/ssh/sshd_config index 8effa74..811e93a 100644 --- a/bullseye/etc_files/server/etc/ssh/sshd_config +++ b/bullseye/etc_files/server/etc/ssh/sshd_config @@ -79,7 +79,7 @@ ChallengeResponseAuthentication no # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes +# the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. @@ -121,4 +121,4 @@ Subsystem sftp /usr/lib/openssh/sftp-server # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server -ClientAliveInterval 120 +ClientAliveInterval 15 diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index 4fcc062..475b12f 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -21,7 +21,8 @@ ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. echo 'First, enter the old root password; then enter new password three times.' -ssh root@"${server}" "passwd" +#ssh root@"${server}" "passwd" +ssh root@"${server}" "ls" # Save root password for sshpass stty -echo @@ -40,7 +41,6 @@ export SSHPASS="${PW_ROOT}" # would require setting a password for user plom otherwise not needed. sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ 'mkdir /home/plom/.ssh && '\ 'chown plom:plom /home/plom/.ssh && '\ 'chown plom:plom /tmp/authorized_keys && '\