Added step menu + can mount (ok) + dd progress + ssh working

This commit is contained in:
xdrm-brackets 2017-01-21 12:38:13 +01:00
parent f8c2005ba1
commit 747eb90df1
2 changed files with 190 additions and 122 deletions

1
clone/authorized_keys Normal file
View File

@ -0,0 +1 @@
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF91ZI1TROEV5nYmqPv0qW6b4U7BrSD6fK91XxPE2r+Okf756gGJQfg3iRKtyI5noWVU4e7ib3vsOTMSvMDafSDCgFULLasr5OApCrv6/cI/SV5MIerPkZO9eMMD/cZxTuT9aTpsSOtCiv0ewkLkbWHFHvIM0q6uaPQpAYVmpV6wUzoZg== [ECDSA:521] SATS

View File

@ -1,9 +1,9 @@
#!/bin/sh
# [1] Check parameter : device file
# [!] Check parameter : device file
#========================================================#
echo ">>> [1] Checking parameter : device";
echo ">>> [!] Checking parameter : device";
# (1) Check parameter existence #
test $# -lt 1 && echo "Missing parameter : device" && exit;
@ -15,140 +15,207 @@ test $device_type != "usb" && echo ">>> ERROR: device type is $device_type, \"us
echo "<<< done";
# [2] Init device layout (gpt table)
DEV="$1";
# [1] Init device layout (gpt table)
#========================================================#
step1(){
echo "\n>>> [1] Checking for mounted partitions ($DEV)";
echo "\n>>> [2] Checking for mounted partitions";
# (1) List partitions of this device #
mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$1" );
# (1) List partitions of this device #
mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$DEV" );
for mounted in $mounted_partitions; do
# if nothing found -> next step
test -z "$mounted_partitions" && echo "<<< done" && step2;
for mounted in $mounted_partitions; do
read -p " (!) umount $mounted (y/n) [n]" unmount;
test -n "$unmount" && test $unmount = "y" && sudo umount $mounted && echo "> unmounted";
done;
echo "<<< done";
step2;
}
# [2] Initialize GTP Table
#========================================================#
step2(){
echo "\n>>> [2] Formatting disk ($DEV)";
# (1) Confirmation #
read -p" (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format;
test -z "$confirm_format" && echo "<<< aborting" && exit;
test $confirm_format != "y" && echo "<<< aborting" && exit;
# (2) Init gpt entry #
# echo " ))) replace by real code (((";
echo -e "g\nw" | sudo fdisk $DEV;
step3;
}
# [3] Burn image to device
#========================================================#
step3(){
echo "\n>>> [3] Burning image into disk ($DEV)";
# (1) Confirmation #
read -p" (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn;
test -z "$confirm_burn" && echo "<<< aborting" && exit;
test $confirm_burn != "y" && echo "<<< aborting" && exit;
# (2) Burning image into disk #
sudo dd if=./original.img of=$DEV bs=4M \
|| echo "<<< ERROR: dd command failed" && exit;
echo "<<< done";
step4;
}
# [4] Mount partition
#========================================================#
step4(){
echo "\n>>> [4] Mounting partition ${DEV}2";
# [1] Mount device partition
sudo mount ${DEV}2 /mnt || echo "<<< error: can't mount" && exit;
echo "<<< done";
step5;
}
# [5] Updating users
#========================================================#
step5(){
echo "\n>>> [5] Updating users";
echo " (.) Adding user satsuser";
# shadow
echo " /etc/shadow";
## TODO: Manage default password ##
echo "satsuser:*:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null;
echo "satsuser:*:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null;
# passwd
echo " /etc/passwd";
echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null;
echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null;
echo " (.) Removing pi's login password";
# create temp file without pi's password
sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
# write original files
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
# remove temporary file
sudo rm /mnt/etc/shadow.tmp;
step6;
}
# [6] Updating groups
#========================================================#
step6(){
echo "\n>>> [6] Updating groups";
echo " (.) Adding group ssh-key";
# group
echo " /etc/group";
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
echo " (.) Adding group sats-user";
# group
echo " /etc/group";
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
step7;
}
# [7] Manage SSH keys #
#========================================================#
step7(){
echo "\n>>> [7] Create ssh keys";
# (1) Create ssh key pair #
echo " (.) Create ssh key [ecdsa:521]";
ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./id_ecdsa;
# (2) Add public key to server's `authorized_keys` file #
echo " (.) Add public key to server's list";
cat ./id_ecdsa.pub >> ./authorized_keys;
# (3) Create ssh file system #
echo " (.) init ssh folder (/home/sats-user/.ssh)";
sudo mkdir /mnt/home/sats-user/.ssh;
read -p " (!) umount $mounted (y/n) [n]" unmount;
test -n "$unmount" && test $unmount = "y" && sudo umount $mounted && echo "> unmounted";
done;
echo "<<< done";
# (4) Add both keys to sats-user files #
echo " (.) add keys to ssh folder";
sudo mv ./id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
sudo mv ./id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
# (5) Set up permissions #
echo " (.) Set up permissions";
sudo chown -R 666:666 /mnt/home/sats-user/.ssh/;
sudo chmod 400 /mnt/home/sats-user/.ssh/id_ecdsa*;
# [3] Initialize GTP Table
#========================================================#
echo "\n>>> [3] Formatting disk";
# (1) Confirmation #
read -p" (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format;
test -z "$confirm_format" && echo "<<< aborting" && exit;
test $confirm_format != "y" && echo "<<< aborting" && exit;
# (2) Init gpt entry #
# echo " ))) replace by real code (((";
echo -e "g\nw" | sudo fdisk $1;
step8;
}
# [4] Burn image to device
#========================================================#
echo "\n>>> [4] Burning image into disk";
# (1) Confirmation #
read -p" (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn;
test -z "$confirm_burn" && echo "<<< aborting" && exit;
test $confirm_burn != "y" && echo "<<< aborting" && exit;
# (2) Burning image into disk #
sudo dd if=./original.img of=$1 bs=4M \
|| ( echo "<<< ERROR: dd command failed" && exit );
echo "<<< done";
exit;
# [5] Mount partition
# [8] Manage Network config
#========================================================#
echo "\n>>> [5] Mounting partition ${1}2";
# [1] Mount device partition
sudo mount ${1}2 /mnt -o uid=$UID,gid=$GID,umask=022;
echo "<<< done";
# [6] Updating users & groups
# [0] Step choice
#========================================================#
echo "\nSTEPS";
echo "(1) Init device layout (gpt table)";
echo "(2) Format disk";
echo "(3) Burn image into disk";
echo "(4) Mount / partition";
echo "(5) Update users";
echo "(6) Update groups";
echo "(7) Manage ssh keys";
read -p "step: " step;
echo "\n>>> [6] Updating users & groups";
echo " (.) Adding user satsuser";
# shadow
echo " /etc/shadow";
echo "satsuser:{somedigestedpass}:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/mull;
echo "satsuser:{somedigestedpass}:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null;
# passwd
echo " /etc/passwd";
echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null;
echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null;
echo " (.) Removing pi's login password";
# create temp file without pi's password
sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
# write original files
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
# remove temporary file
sudo rm /mnt/etc/shadow.tmp;
echo " (.) Adding group ssh-key";
# group
echo " /etc/group";
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
echo " (.) Adding group sats-user";
# group
echo " /etc/group";
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
# [4] Manage SSH keys #
########################################
# [1] Create ssh key pair
ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./id_ecdsa;
# [2] Add public key to server's `authorized_keys` file
cat ./id_ecdsa.pub >> ./authorized_keys;
# [3] Add both keys to SATS file system
mv ./id_ecdsa /mnt/home/SATS/.ssh/id_ecdsa;
mv ./id_ecdsa.pub /mnt/home/SATS/.ssh/id_ecdsa.pub;
# [4] Adjust permissions
chown SATS:SATS /mnt/home/SATS/.ssh/id_ecdsa;
chmod 600 /mnt/home/SATS/.ssh/id_ecdsa;
# [5] Manage Wifi Credentials
########################################
# [1] generate wpa digest
psk=$( echo "$3" | wpa_passphrase "$2" | grep -E "^\spsk" | sed 's/^\spsk=//' );
# [2] Append SSID to `interfaces` config
echo "\twpa-ssid\t$2" >> /mnt/etc/network/interfaces;
# [3] Append WPA digest to `interfaces` config
echo "\twpa-psk\t$psk" >> /mnt/etc/network/interfaces;
# [6] .....
case $step in
"1") step1;;
"2") step2;;
"3") step3;;
"4") step4;;
"5") step5;;
"6") step6;;
"7") step7;;
*) echo "wrong step"; exit;;
esac;