Use key(and password-)less SSH authentication
This commit is contained in:
parent
beff82dd98
commit
18bce26ea6
|
@ -105,7 +105,7 @@ done
|
||||||
#
|
#
|
||||||
for host in $STRONGSWANHOSTS
|
for host in $STRONGSWANHOSTS
|
||||||
do
|
do
|
||||||
ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` &
|
ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` >/dev/null 2>&1 &
|
||||||
eval ssh_pid_$host="`echo $!`"
|
eval ssh_pid_$host="`echo $!`"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
Port 22
|
||||||
|
Protocol 2
|
||||||
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_dsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
UsePrivilegeSeparation no
|
||||||
|
PermitRootLogin yes
|
||||||
|
StrictModes no
|
||||||
|
PubkeyAuthentication no
|
||||||
|
PermitEmptyPasswords yes
|
||||||
|
PrintMotd no
|
||||||
|
PrintLastLog no
|
||||||
|
UsePAM no
|
|
@ -50,8 +50,8 @@ execute "mount -o bind $CACHEDIR $APTCACHE"
|
||||||
echo " * Running debootstrap ..."
|
echo " * Running debootstrap ..."
|
||||||
execute "debootstrap --arch=$ROOTFSARCH --include=$PACKAGES $ROOTFSSUITE $LOOPDIR $ROOTFSMIRROR"
|
execute "debootstrap --arch=$ROOTFSARCH --include=$PACKAGES $ROOTFSSUITE $LOOPDIR $ROOTFSMIRROR"
|
||||||
|
|
||||||
echo " * Setting root password to '$ROOTFSPW' ..."
|
echo " * Disabling root password ..."
|
||||||
echo root:$ROOTFSPW | chroot $LOOPDIR chpasswd
|
chroot $LOOPDIR passwd -d root
|
||||||
|
|
||||||
echo " * Disabling services ..."
|
echo " * Disabling services ..."
|
||||||
for service in $SERVICES
|
for service in $SERVICES
|
||||||
|
|
|
@ -96,67 +96,5 @@ echo "none /root/compile hostfs $ROOTFSCOMPILEDIR" >> $LOOPDIR/etc/fstab
|
||||||
cecho " * Removing /etc/resolv.conf"
|
cecho " * Removing /etc/resolv.conf"
|
||||||
rm -f $LOOPDIR/etc/resolv.conf
|
rm -f $LOOPDIR/etc/resolv.conf
|
||||||
|
|
||||||
#####################################
|
|
||||||
# preparing ssh for PK authentication
|
|
||||||
#
|
|
||||||
if [ ! -d ~/.ssh ]
|
|
||||||
then
|
|
||||||
cecho-n " * Creating directory '~/.ssh'.."
|
|
||||||
mkdir ~/.ssh
|
|
||||||
cgecho "done"
|
|
||||||
fi
|
|
||||||
|
|
||||||
cecho-n " * Checking for ssh rsa key '~/.ssh/id_rsa.pub'.."
|
|
||||||
if [ -f ~/.ssh/id_rsa.pub ]
|
|
||||||
then
|
|
||||||
cecho "already exists"
|
|
||||||
else
|
|
||||||
cecho "not found"
|
|
||||||
cecho-n " * Generating ssh rsa key pair.."
|
|
||||||
echo "" | ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa >> $LOGFILE 2>&1
|
|
||||||
cgecho "done"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f ~/.ssh/known_hosts ]
|
|
||||||
then
|
|
||||||
cecho-n " * Backing up ~/.ssh/known_hosts to '~/.ssh/known_hosts.before_uml'.."
|
|
||||||
cp -fp ~/.ssh/known_hosts ~/.ssh/known_hosts.before_uml
|
|
||||||
cgecho "done"
|
|
||||||
fi
|
|
||||||
rm ~/.ssh/known_hosts
|
|
||||||
cecho-n " * Creating new '~/.ssh/known_hosts'.."
|
|
||||||
touch ~/.ssh/known_hosts
|
|
||||||
cgecho "done"
|
|
||||||
|
|
||||||
for host in $HOSTNAMEIPV4
|
|
||||||
do
|
|
||||||
HOSTNAME=`echo $host | awk -F, '{ print $1 }'`
|
|
||||||
IP=`echo $host | awk -F, '{ print $2 }'`
|
|
||||||
cecho-n " * Adding uml host $HOSTNAME ($IP) to '~/.ssh/known_hosts'.."
|
|
||||||
echo "$HOSTNAME,$IP `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> ~/.ssh/known_hosts
|
|
||||||
cgecho "done"
|
|
||||||
done
|
|
||||||
|
|
||||||
######################################################
|
|
||||||
# copying the host's ssh public key
|
|
||||||
#
|
|
||||||
if [ ! -d $LOOPDIR/root/.ssh ]
|
|
||||||
then
|
|
||||||
mkdir $LOOPDIR/root/.ssh
|
|
||||||
fi
|
|
||||||
cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys
|
|
||||||
|
|
||||||
######################################################
|
|
||||||
# setup public key based login among all hosts
|
|
||||||
#
|
|
||||||
cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa
|
|
||||||
|
|
||||||
for host in $STRONGSWANHOSTS
|
|
||||||
do
|
|
||||||
eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
|
|
||||||
echo "$host,$ip `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
|
|
||||||
echo "`cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
|
|
||||||
done
|
|
||||||
|
|
||||||
umount $LOOPDIR/proc
|
umount $LOOPDIR/proc
|
||||||
umount $LOOPDIR
|
umount $LOOPDIR
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
Host *
|
Host *
|
||||||
# debian default
|
# debian default
|
||||||
SendEnv LANG LC_*
|
SendEnv LANG LC_*
|
||||||
HashKnownHosts yes
|
StrictHostKeyChecking no
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
GSSAPIAuthentication yes
|
GSSAPIAuthentication yes
|
||||||
# faster encryption
|
# faster encryption
|
||||||
Ciphers arcfour
|
Ciphers arcfour
|
||||||
|
|
|
@ -53,7 +53,6 @@ ROOTFSSUITE=wheezy
|
||||||
ROOTFSARCH=amd64
|
ROOTFSARCH=amd64
|
||||||
ROOTFS=$BUILDDIR/debian-$ROOTFSSUITE-$ROOTFSARCH.img
|
ROOTFS=$BUILDDIR/debian-$ROOTFSSUITE-$ROOTFSARCH.img
|
||||||
ROOTFSMIRROR=http://cdn.debian.net/debian
|
ROOTFSMIRROR=http://cdn.debian.net/debian
|
||||||
ROOTFSPW=root
|
|
||||||
ROOTFSCOMPILEDIR=$BUILDDIR/compile
|
ROOTFSCOMPILEDIR=$BUILDDIR/compile
|
||||||
|
|
||||||
# Filename of the built UML Kernel
|
# Filename of the built UML Kernel
|
||||||
|
|
Loading…
Reference in New Issue