Various fixes.

[config] / bullseye / setup_scripts / init_user_login.sh

#!/bin/sh
# This script turns a fresh server with password-based root access into
# one of only key-based access and only to new non-root account plom.
#
# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
# contains the local ~/.ssh/id_rsa.pub, and also any old
# /etc/ssh/sshd_config.
#
# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
# file in misc.sh:$linkable_files_dir
set -e
. ./misc.sh
. ../../misc.sh

expect_n_args 1 "(server)" "$@"
server="$1"

# If we already knew that host …
ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"

# So we're only asked once …
eval $(ssh-agent)
ssh-add

# This will be used to log-in as root from plom account.
echo 'Asking for new root password.'
ssh root@"${server}" "passwd"

# Set up plom's ~/.ssh/authorized_keys from root's.
ssh root@"${server}" 'useradd -m plom'
ssh root@"${server}" 'mkdir /home/plom/.ssh'
ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'

# Set up SSH config and remove direct SSH login to root.
scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'