Add first steps to Bookworm server setup.

[config] / bookworm / setup_scripts / init_user_login.sh

diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh
new file mode 100755 (executable)
index 0000000..78a891b
--- /dev/null
+++ b/bookworm/setup_scripts/init_user_login.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+# This script assumes a server with key-based root access into one of
+# key-based access only to a new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# old /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+set -e
+set -x
+. ./misc.sh
+
+# Location of an sshd_config with "PermitRootLogin no" and
+# "PasswordAuthentication no".
+linkable_files_dir="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+
+# So we're only asked once …
+eval $(ssh-agent)
+ssh-add
+
+# # This will be used to log-in as root from plom account.
+# echo 'Asking for new root password.'
+# ssh root@"${server}" "passwd"
+# 
+# # Set up plom's ~/.ssh/authorized_keys from root's.
+# ssh root@"${server}" 'useradd -m plom'
+# ssh root@"${server}" 'mkdir /home/plom/.ssh'
+# ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
+# ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
+# ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
+
+# Set up SSH config and remove direct SSH login to root.
+scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'