ixvd/neb
ixvd/neb
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

refactor: properly setup ssh

Browse source
This commit is contained in:
Strix 2023-10-29 17:24:17 +01:00
parent 9e69924211
commit 8e84f59ef5
No known key found for this signature in database
GPG key ID: 49B2E37B8915B774
6 changed files with 58 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
doc/config/ssh_config Normal file
View file

@ -0,0 +1,21 @@
#####################
## IXVD ssh config ##
#####################
# This config describes what the bastion hose is and how to jump
Host link
HostName link.ixvd.net
Host keymaker
ProxyJump link
Host apoc
ProxyJump link
Host kid
ProxyJump link
Host mouse
ProxyJump link

13
skel/etc/ssh/ssh_config.d/ixvd.conf
View file

@ -2,20 +2,19 @@
## IXVD ssh config ## ## IXVD ssh config ##
##################### #####################
# This config describes what the bastion hose is and how to jump # This config describes where to connect to; internally.
Host link Host link
HostName link.ixvd.net HostName 10.0.0.2
Host keymaker Host keymaker
ProxyJump link HostName 10.0.0.3
Host apoc Host apoc
ProxyJump link HostName 10.0.0.4
Host kid Host kid
ProxyJump link HostName 10.0.0.5
Host mouse Host mouse
ProxyJump link HostName 10.0.0.6

2
skel/root/.ssh/authorized_keys Normal file
View file

@ -0,0 +1,2 @@
# IXVD master key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJQ/mhDJ3WhiUv9jtcfZcJBAGiThND8m3NUxH9DuuVEuK7dCDrK48afnfepw4qhAE9Q5FTxol1D2q7VXFpiOyjX2VIa6xqlKkQgoLuMWjp+CCWYHpj+8jUK/w8J3rWQQImNNkNKM93c5+EuhToJjrHI98pjGIPRceni7gWZ7GlWBmL/qnIvxMWhyZMSsupG36yqqMvYLdFOuOzSGgtaOqBb2v1JuTMTSVwXL8eZ36Je/J83sJmmVvvBq88xuS6tIf/dF+GuHZfJ3tbldWPlcS0kw2DvYorhiG3NWkiJ9QU7nDlXgsxjo2EkStb/uf8qkdGV8ZFYnEkJTQiS1MTyYYgx4g9E4QaDdjL1dWJOlNHsskZQ+ypz1cLV/QvrZOTkGct+KoraOVSAyNZCzI4TbLxM5vTre85bASO63DleKrHdO7MAESi+gEGIe+szbh52Tg8y5BNxE7Me9uKyjKaek44b65paC8GGeOyOvPH4QHO6YdFaQYu4h5V5qrfFNFbku8= ixvd master key

10
tools/migration/setup-keys-from-link.sh Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
if ! [ "$(id -u)" = "0" ]; then
echo "please perform as root, attempting to escalate privileges..."
exec sudo $(cat /proc/$$/cmdline | sed 's/\x00/ /g')
exit 1
fi
scp root@link.ixvd.net:/etc/ixvd/secrets/ssh/keys/master/ixvd-master /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa

19
tools/server-setup.d/20-automation-user.sh Executable file
View file

@ -0,0 +1,19 @@
#!/bin/bash
if ! cat -q "automation" /etc/passwd; then
echo "setting up automation user..."
useradd -m automation
mkdir -p /home/automation/.ssh
cat /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa.pub > /home/automation/.ssh/authorized_keys
chown automation:automation /home/automation/.ssh/authorized_keys
cp /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa /home/automation/.ssh/id_rsa
chown automation:automation /home/automation/.ssh/id_rsa
chmod 600 /home/automation/.ssh/id_rsa
cp /etc/ixvd/secrets/ssh/keys/$HOSTNAME/id_rsa.pub /home/automation/.ssh/id_rsa.pub
chown automation:automation /home/automation/.ssh/id_rsa.pub
chmod 600 /home/automation/.ssh/id_rsa.pub
fi

12
tools/server-setup.d/20-ssh-authorized-keys.sh
View file

@ -1,12 +0,0 @@
#!/bin/sh
if ! [ -f "/root/.ssh/authorized_keys" ]; then
echo "importing authorized_keys..."
mkdir -p /root/.ssh
cp /etc/ixvd/secrets/ssh/authorized_keys /root/.ssh/authorized_keys
else
if ! grep -q "# IXVD keys" /root/.ssh/authorized_keys; then
echo "importing authorized_keys..."
cat /etc/ixvd/secrets/ssh/authorized_keys >> /root/.ssh/authorized_keys
fi
fi