# /etc/ssh/sshd_config.
#
# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
+# configured sshd_config file in misc.sh:$linkable_files_dir
set -e
. ./misc.sh
. ../../misc.sh
expect_n_args 1 "(server)" "$@"
server="$1"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-# has "PermitRootLogin no" and "PasswordAuthentication no".
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
# This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
+echo 'First, enter the old root password; then enter new password three times.'
ssh root@"${server}" "passwd"
# Save root password for sshpass
'mv /tmp/authorized_keys /home/plom/.ssh/'
sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
sshpass -e ssh root@"${server}" 'service ssh restart'
+
#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
#
# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
#
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$linkable_files_dir
set -e
. ./misc.sh
. ../../misc.sh
expect_n_args 1 "(server)" "$@"
server="$1"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-# has "PermitRootLogin no" and "PasswordAuthentication no".
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
# If we already knew that host …
ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
# Set up SSH config and remove direct SSH login to root.
scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
+
. ./misc.sh
apt update
apt -y upgrade
-apt --force-yes full-upgrade
+apt -y full-upgrade
path_sources_list="/etc/apt/sources.list"
cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
apt clean
apt update
apt -y upgrade
-apt --force-yes full-upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
apt -y autoremove
# /etc/ssh/sshd_config.
#
# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
+# configured sshd_config file in misc.sh:$linkable_files_dir
set -e
. ./misc.sh
. ../../misc.sh
ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
# This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
+echo 'First, enter the old root password; then enter new password three times.'
ssh root@"${server}" "passwd"
# Save root password for sshpass
#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
#
# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
#
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$linkable_files_dir
set -e
. ./misc.sh
. ../../misc.sh