+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access into
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in misc.sh:$local_etc_server
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
-# If we already knew that host …
-ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
-
-# This will be used to log-in as root from plom account.
-printf '\nFirst, enter the old root password; then enter new password three times.\n\n'
-ssh root@"${server}" 'printf "\n\n" && passwd'
-
-# Save root password for sshpass
-stty -echo
-printf "Re-enter new server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
- 'useradd -m plom && '\
- 'mkdir /home/plom/.ssh && '\
- 'chown plom:plom /home/plom/.ssh && '\
- 'chown plom:plom /tmp/authorized_keys && '\
- 'chmod u=rw,go= /tmp/authorized_keys && '\
- 'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access into
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
-# file in misc.sh:$local_etc_server.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
-# If we already knew that host …
-ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
-
-# So we're only asked once …
-eval $(ssh-agent)
-ssh-add
-
-# This will be used to log-in as root from plom account.
-printf '\nAsking for new root password.\n\n'
-ssh root@"${server}" 'printf "\n\n" && passwd'
-
-# Set up plom's ~/.ssh/authorized_keys from root's.
-ssh root@"${server}" 'useradd -m plom'
-ssh root@"${server}" 'mkdir /home/plom/.ssh'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
-ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
-
-# Set up SSH config and remove direct SSH login to root.
-scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
projects / config / commitdiff