managing ssh-keys and maintenance keys

2017-01-21 16:21:57 +01:00 · 2017-01-21 16:21:57 +01:00 · 103f367059
parent 57442f6464
commit 103f367059
3 changed files with 38 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,4 @@
 *.img
 *.zip
 clone/server/**
--- a/clone/authorized_keys
+++ b/clone/authorized_keys
@ -1 +0,0 @@
 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF91ZI1TROEV5nYmqPv0qW6b4U7BrSD6fK91XxPE2r+Okf756gGJQfg3iRKtyI5noWVU4e7ib3vsOTMSvMDafSDCgFULLasr5OApCrv6/cI/SV5MIerPkZO9eMMD/cZxTuT9aTpsSOtCiv0ewkLkbWHFHvIM0q6uaPQpAYVmpV6wUzoZg== [ECDSA:521] SATS
--- a/clone/clone
+++ b/clone/clone
@ -34,7 +34,7 @@ step1(){
 		read -p "    (!) umount $mounted (y/n) [n]" unmount;
-		test -n "$unmount" && test $unmount = "y" && sudo umount $mounted && echo "> unmounted";
+		test -n "$unmount" && test $unmount = "y" && sudo umount $mounted 2>> /dev/null >> /dev/null && echo "    > unmounted";
 	done;
 	echo "<<< done";
@ -57,7 +57,9 @@ step2(){
 	# (2) Init gpt entry #
 	# echo " ))) replace by real code (((";
-	echo -e "g\nw" | sudo fdisk $DEV;
+	echo -e "g\nw" | sudo fdisk $DEV 2>> /dev/null >> /dev/null;
 	echo "<<< done";
 	step3;
 }
@ -77,8 +79,7 @@ step3(){
 	test $confirm_burn != "y" && echo "<<< aborting" && exit;
 	# (2) Burning image into disk #
-	sudo dd if=./original.img of=$DEV bs=4M \
+	sudo dd if=./original.img of=$DEV bs=4M || $( echo "<<< error: dd command failed" && exit );
 		|| echo "<<< ERROR: dd command failed" && exit;
 	echo "<<< done";
@ -96,7 +97,7 @@ step4(){
 	echo "\n>>> [4] Mounting partition ${DEV}2";
 	# [1] Mount device partition
-	sudo mount ${DEV}2 /mnt || echo "<<< error: can't mount" && exit;
+	sudo mount ${DEV}2 /mnt || $( echo "<<< error: can't mount" && exit );
 	echo "<<< done";
@ -124,12 +125,14 @@ step5(){
 	echo "   (.) Removing pi's login password";
 	# create temp file without pi's password
-	sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
+	#sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
 	# write original files
-	sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
+	#sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
-	sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
+	#sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
 	# remove temporary file
-	sudo rm /mnt/etc/shadow.tmp;
+	#sudo rm /mnt/etc/shadow.tmp;
 	echo "<<< done";
 	step6;
 }
@ -152,6 +155,8 @@ step6(){
 	echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
 	echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
 	echo "<<< done":
 	step7;
 }
@ -165,11 +170,11 @@ step7(){
 	# (1) Create ssh key pair #
 	echo "   (.) Create ssh key [ecdsa:521]";
-	ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./id_ecdsa;
+	echo -e "\n\n" | ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f tmp/id_ecdsa;
 	# (2) Add public key to server's `authorized_keys` file #
 	echo "   (.) Add public key to server's list";
-	cat ./id_ecdsa.pub >> ./authorized_keys;
+	cat tmp/id_ecdsa.pub >> server/authorized_keys;
 	# (3) Create ssh file system #
 	echo "   (.) init ssh folder (/home/sats-user/.ssh)";
@ -178,13 +183,21 @@ step7(){
 	# (4) Add both keys to sats-user files #
 	echo "   (.) add keys to ssh folder";
-	sudo mv ./id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
+	sudo mv tmp/id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
-	sudo mv ./id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
+	sudo mv tmp/id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
-	# (5) Set up permissions #
+
 	# (5) Add maintenance keys #
 	echo "    (.) Add maintenance keys'";
 	cat server/maintenance/*.pub | sudo tee /mnt/home/sats-user/.ssh/authorized_keys;
 	# (6) Set up permissions #
 	echo "   (.) Set up permissions";
 	sudo chown -R 666:666 /mnt/home/sats-user/.ssh/;
-	sudo chmod 400 /mnt/home/sats-user/.ssh/id_ecdsa*;
+	sudo chmod 400 /mnt/home/sats-user/.ssh/*;
 	echo "<<< done";
 	step8;
 }
@ -199,9 +212,11 @@ step8(){
 	# (1) Copy default login systemd script #
 	echo "    (.) Copy default getty systemd script";
 	sudo cp /mnt/lib/systemd/system/getty@.service /mnt/etc/systemd/system/autologin@.service;
 	sudo chmod 755 /mnt/etc/systemd/system/autologin@.service;
 	# (2) Create link in order to be handled #
 	echo "    (.) Create script link to be handled";
 	test -e /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service && sudo rm /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
 	sudo ln -s /mnt/etc/systemd/system/autologin@.service /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
 	# (3) Update autologin script #
@ -210,15 +225,14 @@ step8(){
 		sed 's/^ExecStart=-\/sbin\/agetty --noclear/ExecStart=-\/sbin\/agetty --autologin sats-user/' | \
 		sed 's/^Restart=.\+$/Restart=no/' | \
 		sed 's/^Restart=.\+$/Restart=no/' | \
-		tee ./autologin.tmp > /dev/null;
+		sed 's/^[Service]$/bla/' | \
-
+		sed 's/^\[Service\]$/\[Service\]\nAlias=getty.target.wants\/getty@tty1.service/' | \
-	# Add 'Alias` instruction #
+		tee tmp/autologin > /dev/null;
 	echo "Alias=getty.target.wants/getty@tty1.service" > ./autologin.tmp;
 	# (4) Updating file from tmp update #
 	echo "    (.) Copying temporary update to real file";
-	cat ./autologin.tmp | sudo tee /mnt/etc/systemd/system/autologin@.service > /dev/null;
+	cat tmp/autologin | sudo tee /mnt/etc/systemd/system/autologin@.service > /dev/null;
-	rm ./autologin.tmp;
+	rm tmp/autologin;
 	echo "<<< done";
		`@ -1 +0,0 @@`
			`ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF91ZI1TROEV5nYmqPv0qW6b4U7BrSD6fK91XxPE2r+Okf756gGJQfg3iRKtyI5noWVU4e7ib3vsOTMSvMDafSDCgFULLasr5OApCrv6/cI/SV5MIerPkZO9eMMD/cZxTuT9aTpsSOtCiv0ewkLkbWHFHvIM0q6uaPQpAYVmpV6wUzoZg== [ECDSA:521] SATS`