Use key(and password-)less SSH authentication

2012-12-05 18:53:20 +01:00 · 2012-12-05 18:53:20 +01:00 · 18bce26ea6
parent beff82dd98
commit 18bce26ea6
6 changed files with 18 additions and 67 deletions
--- a/testing/do-tests
+++ b/testing/do-tests
@ -105,7 +105,7 @@ done
 #
 for host in $STRONGSWANHOSTS
 do
-    ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` &
+    ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` >/dev/null 2>&1 &
    eval ssh_pid_$host="`echo $!`"
 done
--- a/testing/hosts/default/etc/ssh/sshd_config
+++ b/testing/hosts/default/etc/ssh/sshd_config
@ -0,0 +1,13 @@
 Port 22
 Protocol 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 UsePrivilegeSeparation no
 PermitRootLogin yes
 StrictModes no
 PubkeyAuthentication no
 PermitEmptyPasswords yes
 PrintMotd no
 PrintLastLog no
 UsePAM no
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@ -50,8 +50,8 @@ execute "mount -o bind $CACHEDIR $APTCACHE"
 echo " * Running debootstrap ..."
 execute "debootstrap --arch=$ROOTFSARCH --include=$PACKAGES $ROOTFSSUITE $LOOPDIR $ROOTFSMIRROR"
-echo " * Setting root password to '$ROOTFSPW' ..."
+echo " * Disabling root password ..."
-echo root:$ROOTFSPW | chroot $LOOPDIR chpasswd
+chroot $LOOPDIR passwd -d root
 echo " * Disabling services ..."
 for service in $SERVICES
--- a/testing/scripts/build-umlrootfs
+++ b/testing/scripts/build-umlrootfs
@ -96,67 +96,5 @@ echo "none /root/compile hostfs $ROOTFSCOMPILEDIR" >> $LOOPDIR/etc/fstab
 cecho " * Removing /etc/resolv.conf"
 rm -f $LOOPDIR/etc/resolv.conf
 #####################################
 # preparing ssh for PK authentication
 #
 if [ ! -d ~/.ssh ]
 then
 	cecho-n " * Creating directory '~/.ssh'.."
 	mkdir ~/.ssh
 	cgecho "done"
 fi
 cecho-n " * Checking for ssh rsa key '~/.ssh/id_rsa.pub'.."
 if [ -f ~/.ssh/id_rsa.pub ]
 then
 	cecho "already exists"
 else
 	cecho "not found"
 	cecho-n " * Generating ssh rsa key pair.."
 	echo "" | ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa >> $LOGFILE 2>&1
 	cgecho "done"
 fi
 if [ -f ~/.ssh/known_hosts ]
 then
 	cecho-n " * Backing up ~/.ssh/known_hosts to '~/.ssh/known_hosts.before_uml'.."
 	cp -fp ~/.ssh/known_hosts ~/.ssh/known_hosts.before_uml
 	cgecho "done"
 fi
 rm ~/.ssh/known_hosts
 cecho-n " * Creating new '~/.ssh/known_hosts'.."
 touch ~/.ssh/known_hosts
 cgecho "done"
 for host in $HOSTNAMEIPV4
 do
 	HOSTNAME=`echo $host | awk -F, '{ print $1 }'`
 	IP=`echo $host | awk -F, '{ print $2 }'`
 	cecho-n " * Adding uml host $HOSTNAME ($IP) to '~/.ssh/known_hosts'.."
 	echo "$HOSTNAME,$IP `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> ~/.ssh/known_hosts
 	cgecho "done"
 done
 ######################################################
 # copying the host's ssh public key
 #
 if [ ! -d $LOOPDIR/root/.ssh ]
 then
    mkdir $LOOPDIR/root/.ssh
 fi
 cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys
 ######################################################
 # setup public key based login among all hosts
 #
 cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa
 for host in $STRONGSWANHOSTS
 do
    eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
    echo "$host,$ip `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
    echo "`cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
 done
 umount $LOOPDIR/proc
 umount $LOOPDIR
--- a/testing/ssh_config
+++ b/testing/ssh_config
@ -1,7 +1,8 @@
 Host *
 	# debian default
 	SendEnv LANG LC_*
-	HashKnownHosts yes
+	StrictHostKeyChecking no
 	UserKnownHostsFile /dev/null
 	GSSAPIAuthentication yes
 	# faster encryption
 	Ciphers arcfour
--- a/testing/testing.conf
+++ b/testing/testing.conf
@ -53,7 +53,6 @@ ROOTFSSUITE=wheezy
 ROOTFSARCH=amd64
 ROOTFS=$BUILDDIR/debian-$ROOTFSSUITE-$ROOTFSARCH.img
 ROOTFSMIRROR=http://cdn.debian.net/debian
 ROOTFSPW=root
 ROOTFSCOMPILEDIR=$BUILDDIR/compile
 # Filename of the built UML Kernel