From: Christian Heller Date: Mon, 24 Feb 2025 20:42:53 +0000 (+0100) Subject: Replace redundant files with symbolic links. X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/conditions?a=commitdiff_plain;h=28c5a9ec5f9f9d84b8d43b0b0b60ead968ea7dd2;p=config Replace redundant files with symbolic links. --- diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index 358a37e..0000000 --- a/bookworm/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access into -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in misc.sh:$local_etc_server -set -e -. ./misc.sh -. ../../misc.sh - -expect_n_args 1 "(server)" "$@" -server="$1" - -# If we already knew that host … -ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" - -# This will be used to log-in as root from plom account. -printf '\nFirst, enter the old root password; then enter new password three times.\n\n' -ssh root@"${server}" 'printf "\n\n" && passwd' - -# Save root password for sshpass -stty -echo -printf "Re-enter new server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh new file mode 120000 index 0000000..f95539d --- /dev/null +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1 @@ +../../bullseye/setup_scripts/init_user_and_keybased_login.sh \ No newline at end of file diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh deleted file mode 100755 index 3dfc0d5..0000000 --- a/bookworm/setup_scripts/init_user_login.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access into -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config -# file in misc.sh:$local_etc_server. -set -e -. ./misc.sh -. ../../misc.sh - -expect_n_args 1 "(server)" "$@" -server="$1" - -# If we already knew that host … -ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" - -# So we're only asked once … -eval $(ssh-agent) -ssh-add - -# This will be used to log-in as root from plom account. -printf '\nAsking for new root password.\n\n' -ssh root@"${server}" 'printf "\n\n" && passwd' - -# Set up plom's ~/.ssh/authorized_keys from root's. -ssh root@"${server}" 'useradd -m plom' -ssh root@"${server}" 'mkdir /home/plom/.ssh' -ssh root@"${server}" 'chown plom:plom /home/plom/.ssh' -ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/' -ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' - -# Set up SSH config and remove direct SSH login to root. -scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart' diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh new file mode 120000 index 0000000..0b0497d --- /dev/null +++ b/bookworm/setup_scripts/init_user_login.sh @@ -0,0 +1 @@ +../../bullseye/setup_scripts/init_user_login.sh \ No newline at end of file