diff --git a/doc/config/ssh_config b/doc/config/ssh_config new file mode 100644 index 0000000..fd6474d --- /dev/null +++ b/doc/config/ssh_config @@ -0,0 +1,21 @@ +##################### +## IXVD ssh config ## +##################### + +# This config describes what the bastion hose is and how to jump + + +Host link + HostName link.ixvd.net + +Host keymaker + ProxyJump link + +Host apoc + ProxyJump link + +Host kid + ProxyJump link + +Host mouse + ProxyJump link \ No newline at end of file diff --git a/skel/etc/ssh/ssh_config.d/ixvd.conf b/skel/etc/ssh/ssh_config.d/ixvd.conf index fd6474d..e12eaf8 100644 --- a/skel/etc/ssh/ssh_config.d/ixvd.conf +++ b/skel/etc/ssh/ssh_config.d/ixvd.conf @@ -2,20 +2,19 @@ ## IXVD ssh config ## ##################### -# This config describes what the bastion hose is and how to jump - +# This config describes where to connect to; internally. Host link - HostName link.ixvd.net + HostName 10.0.0.2 Host keymaker - ProxyJump link + HostName 10.0.0.3 Host apoc - ProxyJump link + HostName 10.0.0.4 Host kid - ProxyJump link + HostName 10.0.0.5 Host mouse - ProxyJump link \ No newline at end of file + HostName 10.0.0.6 \ No newline at end of file diff --git a/skel/root/.ssh/authorized_keys b/skel/root/.ssh/authorized_keys new file mode 100644 index 0000000..83cad93 --- /dev/null +++ b/skel/root/.ssh/authorized_keys @@ -0,0 +1,2 @@ +# IXVD master key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJQ/mhDJ3WhiUv9jtcfZcJBAGiThND8m3NUxH9DuuVEuK7dCDrK48afnfepw4qhAE9Q5FTxol1D2q7VXFpiOyjX2VIa6xqlKkQgoLuMWjp+CCWYHpj+8jUK/w8J3rWQQImNNkNKM93c5+EuhToJjrHI98pjGIPRceni7gWZ7GlWBmL/qnIvxMWhyZMSsupG36yqqMvYLdFOuOzSGgtaOqBb2v1JuTMTSVwXL8eZ36Je/J83sJmmVvvBq88xuS6tIf/dF+GuHZfJ3tbldWPlcS0kw2DvYorhiG3NWkiJ9QU7nDlXgsxjo2EkStb/uf8qkdGV8ZFYnEkJTQiS1MTyYYgx4g9E4QaDdjL1dWJOlNHsskZQ+ypz1cLV/QvrZOTkGct+KoraOVSAyNZCzI4TbLxM5vTre85bASO63DleKrHdO7MAESi+gEGIe+szbh52Tg8y5BNxE7Me9uKyjKaek44b65paC8GGeOyOvPH4QHO6YdFaQYu4h5V5qrfFNFbku8= ixvd master key \ No newline at end of file diff --git a/tools/migration/setup-keys-from-link.sh b/tools/migration/setup-keys-from-link.sh new file mode 100755 index 0000000..6fbd2c2 --- /dev/null +++ b/tools/migration/setup-keys-from-link.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +if ! [ "$(id -u)" = "0" ]; then + echo "please perform as root, attempting to escalate privileges..." + exec sudo $(cat /proc/$$/cmdline | sed 's/\x00/ /g') + exit 1 +fi + +scp root@link.ixvd.net:/etc/ixvd/secrets/ssh/keys/master/ixvd-master /root/.ssh/id_rsa +chmod 600 /root/.ssh/id_rsa \ No newline at end of file diff --git a/tools/server-setup.d/20-automation-user.sh b/tools/server-setup.d/20-automation-user.sh new file mode 100755 index 0000000..565c9dd --- /dev/null +++ b/tools/server-setup.d/20-automation-user.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +if ! cat -q "automation" /etc/passwd; then + echo "setting up automation user..." + useradd -m automation + + mkdir -p /home/automation/.ssh + + cat /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa.pub > /home/automation/.ssh/authorized_keys + chown automation:automation /home/automation/.ssh/authorized_keys + + cp /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa /home/automation/.ssh/id_rsa + chown automation:automation /home/automation/.ssh/id_rsa + chmod 600 /home/automation/.ssh/id_rsa + + cp /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa.pub /home/automation/.ssh/id_rsa.pub + chown automation:automation /home/automation/.ssh/id_rsa.pub + chmod 600 /home/automation/.ssh/id_rsa.pub +fi \ No newline at end of file diff --git a/tools/server-setup.d/20-ssh-authorized-keys.sh b/tools/server-setup.d/20-ssh-authorized-keys.sh deleted file mode 100755 index ab54595..0000000 --- a/tools/server-setup.d/20-ssh-authorized-keys.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if ! [ -f "/root/.ssh/authorized_keys" ]; then - echo "importing authorized_keys..." - mkdir -p /root/.ssh - cp /etc/ixvd/secrets/ssh/authorized_keys /root/.ssh/authorized_keys -else - if ! grep -q "# IXVD keys" /root/.ssh/authorized_keys; then - echo "importing authorized_keys..." - cat /etc/ixvd/secrets/ssh/authorized_keys >> /root/.ssh/authorized_keys - fi -fi \ No newline at end of file