home · contact · privacy
Update.
authorChristian Heller <c.heller@plomlompom.de>
Wed, 25 Sep 2024 02:16:14 +0000 (04:16 +0200)
committerChristian Heller <c.heller@plomlompom.de>
Wed, 25 Sep 2024 02:16:14 +0000 (04:16 +0200)
bookworm/setup_scripts/init_user_and_keybased_login.sh
bookworm/setup_scripts/init_user_login.sh
bookworm/setup_scripts/upgrade_from_bullseye.sh
bullseye/setup_scripts/init_user_and_keybased_login.sh
bullseye/setup_scripts/init_user_login.sh

index 3f73562d3c7912e5b36765b38028b7661cb88f13..ad458348f22ef453747af5028422da0313628d00 100755 (executable)
@@ -8,20 +8,19 @@
 # /etc/ssh/sshd_config.
 #
 # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
+# configured sshd_config file in misc.sh:$linkable_files_dir
 set -e
 . ./misc.sh
 . ../../misc.sh
 
 expect_n_args 1 "(server)" "$@"
 server="$1"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-# has "PermitRootLogin no" and "PasswordAuthentication no".
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
 
 # This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
+echo 'First, enter the old root password; then enter new password three times.'
 ssh root@"${server}" "passwd"
 
 # Save root password for sshpass
@@ -49,3 +48,4 @@ sshpass -e ssh root@"${server}" \
         'mv /tmp/authorized_keys /home/plom/.ssh/'
 sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
 sshpass -e ssh root@"${server}" 'service ssh restart'
+
index a0652ebd41bd432e17f0d09dcb47684ff4e23f5d..a36a5bdbb823a7bc80d0e80691dfff2b19984c98 100755 (executable)
@@ -1,19 +1,20 @@
 #!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
 #
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$linkable_files_dir
 set -e
 . ./misc.sh
 . ../../misc.sh
 
 expect_n_args 1 "(server)" "$@"
 server="$1"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-# has "PermitRootLogin no" and "PasswordAuthentication no".
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
 
 # If we already knew that host …
 ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
@@ -36,3 +37,4 @@ ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
 # Set up SSH config and remove direct SSH login to root.
 scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
 ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
+
index 6a006e0ad3e7e55f20d03e4ff7012465e1cc06bc..d7c07bdcc1261d65554f75bb239a3c6bdd4c4b52 100755 (executable)
@@ -2,11 +2,11 @@
 . ./misc.sh
 apt update
 apt -y upgrade
-apt --force-yes full-upgrade
+apt -y full-upgrade
 path_sources_list="/etc/apt/sources.list"
 cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
 apt clean
 apt update
 apt -y upgrade
-apt --force-yes full-upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
 apt -y autoremove
index a70c3eee1d9ba467bd3b3c09313983a537c6b736..4fcc0625c26a3daea8d61f80d2f046fb781ce403 100755 (executable)
@@ -8,7 +8,7 @@
 # /etc/ssh/sshd_config.
 #
 # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
+# configured sshd_config file in misc.sh:$linkable_files_dir
 set -e
 . ./misc.sh
 . ../../misc.sh
@@ -20,7 +20,7 @@ server="$1"
 ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
 
 # This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
+echo 'First, enter the old root password; then enter new password three times.'
 ssh root@"${server}" "passwd"
 
 # Save root password for sshpass
index 35abb903b70fe3aafa28e941e03016e7389c6b2f..b63d0d8502d1072b5660bc032b0bec7dcf3c2d7b 100755 (executable)
@@ -1,9 +1,14 @@
 #!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
 #
 # CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
 #
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$linkable_files_dir
 set -e
 . ./misc.sh
 . ../../misc.sh