|
|
|
@ -123,33 +123,29 @@ step4(){
|
|
|
|
|
step5(){
|
|
|
|
|
echo "\n>>> [5] Updating users";
|
|
|
|
|
|
|
|
|
|
echo " (.) Adding user sats-user";
|
|
|
|
|
# shadow
|
|
|
|
|
echo " /etc/shadow";
|
|
|
|
|
## TODO: Manage default password ##
|
|
|
|
|
echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null;
|
|
|
|
|
|
|
|
|
|
echo "sats-user:$6$NvC.M5Yz$IRr1rOWhgSQNstmaZK9VLHJzqHebJaEBDaro8M6WyeWQjdLyas4cg5qDwziTVLBC9CI22sPGY.us8saZW0xMl0:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null;
|
|
|
|
|
# (1) Removing pi entry #
|
|
|
|
|
echo " (.) Remove pi entry"
|
|
|
|
|
echo " > /etc/shadow";
|
|
|
|
|
sudo cat /mnt/etc/shadow | grep -vE "^pi:" | tee ./tmp/shadow > /dev/null;
|
|
|
|
|
|
|
|
|
|
# passwd
|
|
|
|
|
echo " /etc/passwd";
|
|
|
|
|
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null;
|
|
|
|
|
echo "sats-user:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null;
|
|
|
|
|
# (2) Adding 'sats' user and new pi entry #
|
|
|
|
|
echo " (.) Adding 'sats' user and updated pi entry";
|
|
|
|
|
echo " > /etc/shadow";
|
|
|
|
|
cat ./utility/shadow_append | tee -a ./tmp/shadow > /dev/null;
|
|
|
|
|
cat ./tmp/shadow | sudo tee /mnt/etc/shadow | sudo tee /mnt/etc/shadow- > /dev/null;
|
|
|
|
|
rm ./tmp/shadow;
|
|
|
|
|
|
|
|
|
|
echo " (.) Removing pi's login password";
|
|
|
|
|
# create temp file with new pi's password
|
|
|
|
|
sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:$6$k0vFWRoG$bEBdFcFBWw2fLEA.5LsVKOtLWdWSkZMnEikqOG4jHCneRrWEBnEt6.ROe60ggdA7DbdU.l2ZO35WFvi3q6Ays\/:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null;
|
|
|
|
|
# write original files
|
|
|
|
|
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null;
|
|
|
|
|
sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null;
|
|
|
|
|
# remove temporary file
|
|
|
|
|
sudo rm /mnt/etc/shadow.tmp;
|
|
|
|
|
echo " > /etc/passwd";
|
|
|
|
|
cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd > /dev/null;
|
|
|
|
|
sudo cat /mnt/etc/passwd | sudo tee /mnt/etc/passwd- > /dev/null;
|
|
|
|
|
|
|
|
|
|
echo " (.) Copying pi's .bashrc to sats-user";
|
|
|
|
|
sudo mkdir /mnt/home/sats-user;
|
|
|
|
|
sudo cp /mnt/home/pi/.bashrc /mnt/home/sats-user/.bashrc;
|
|
|
|
|
sudo chown 666:666 /mnt/home/sats-user/.bashrc;
|
|
|
|
|
sudo chmod 544 /mnt/home/sats-user/.bashrc;
|
|
|
|
|
|
|
|
|
|
echo " (.) Copying pi's .bashrc to sats";
|
|
|
|
|
sudo mkdir -p /mnt/home/sats;
|
|
|
|
|
sudo cp /mnt/home/pi/.bashrc /mnt/home/sats/.bashrc;
|
|
|
|
|
sudo chown 666:666 /mnt/home/sats/.bashrc;
|
|
|
|
|
sudo chmod 544 /mnt/home/sats/.bashrc;
|
|
|
|
|
|
|
|
|
|
echo "<<< done";
|
|
|
|
|
|
|
|
|
@ -160,19 +156,10 @@ step5(){
|
|
|
|
|
# [6] Updating groups
|
|
|
|
|
#========================================================#
|
|
|
|
|
step6(){
|
|
|
|
|
echo "\n>>> [6] Updating groups";
|
|
|
|
|
echo "\n>>> [6] Updating groups (ssh-key, sats)";
|
|
|
|
|
|
|
|
|
|
echo " (.) Adding group ssh-key";
|
|
|
|
|
# group
|
|
|
|
|
echo " /etc/group";
|
|
|
|
|
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
|
|
|
|
|
echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
|
|
|
|
|
|
|
|
|
|
echo " (.) Adding group sats-user";
|
|
|
|
|
# group
|
|
|
|
|
echo " /etc/group";
|
|
|
|
|
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null;
|
|
|
|
|
echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null;
|
|
|
|
|
cat ./utility/group_append | sudo tee -a /mnt/etc/group > /dev/null;
|
|
|
|
|
cat ./utility/group_append | sudo tee -a /mnt/etc/group- > /dev/null;
|
|
|
|
|
|
|
|
|
|
echo "<<< done":
|
|
|
|
|
|
|
|
|
@ -197,37 +184,34 @@ step7(){
|
|
|
|
|
cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys;
|
|
|
|
|
|
|
|
|
|
# (3) Create ssh file system #
|
|
|
|
|
echo " (.) Init ssh folder (/home/sats-user/.ssh)";
|
|
|
|
|
sudo mkdir -p /mnt/home/sats-user/.ssh;
|
|
|
|
|
echo " (.) Init ssh folder (/home/sats/.ssh)";
|
|
|
|
|
sudo mkdir -p /mnt/home/sats/.ssh;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# (4) Add both keys to sats-user files #
|
|
|
|
|
# (4) Add both keys to sats files #
|
|
|
|
|
echo " (.) Add keys to ssh folder";
|
|
|
|
|
sudo mv ./tmp/id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa;
|
|
|
|
|
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub;
|
|
|
|
|
sudo mv ./tmp/id_ecdsa /mnt/home/sats/.ssh/id_ecdsa;
|
|
|
|
|
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats/.ssh/id_ecdsa.pub;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# (5) Add maintenance keys #
|
|
|
|
|
echo " (.) Add maintenance keys'";
|
|
|
|
|
sudo touch /mnt/home/sats-user/.ssh/authorized_keys;
|
|
|
|
|
cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats-user/.ssh/authorized_keys > /dev/null;
|
|
|
|
|
sudo touch /mnt/home/sats/.ssh/authorized_keys;
|
|
|
|
|
cat ./server/maintenance/*.pub | sudo tee /mnt/home/sats/.ssh/authorized_keys > /dev/null;
|
|
|
|
|
|
|
|
|
|
# (6) Set up permissions #
|
|
|
|
|
echo " (.) Set up permissions";
|
|
|
|
|
sudo chown -R 666:666 /mnt/home/sats-user/;
|
|
|
|
|
sudo chmod 400 /mnt/home/sats-user/.ssh/*;
|
|
|
|
|
sudo chown -R 666:666 /mnt/home/sats/;
|
|
|
|
|
sudo chmod 400 /mnt/home/sats/.ssh/*;
|
|
|
|
|
|
|
|
|
|
# (7) Restrict access to pubkey only (no password) #
|
|
|
|
|
echo " (.) Restrict access to pubkey";
|
|
|
|
|
echo "\nAllowGroups\tssh-key\nPasswordAuthentication\tno" | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;
|
|
|
|
|
cat ./utility/sshd_config_append | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# (8) Set up automatic ssh server at start up #
|
|
|
|
|
echo " (.) Trigger ssh server on start up"
|
|
|
|
|
echo "sudo service ssh restart" | sudo tee -a /mnt/home/pi/.bashrc > /dev/null;
|
|
|
|
|
# echo "sudo service ssh restart" | sudo tee -a /mnt/home/sats-user/.bashrc > /dev/null;
|
|
|
|
|
sudo chown 666:666 /mnt/home/sats-user/.bashrc;
|
|
|
|
|
sudo chmod 755 /mnt/home/sats-user/.bashrc;
|
|
|
|
|
echo " (.) Emulate \`systemctl enable ssh.service\`";
|
|
|
|
|
sudo ln -fs /lib/systemd/system/ssh.service /mnt/etc/systemd/system/ssh.service;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
echo "<<< done";
|
|
|
|
@ -236,7 +220,7 @@ step7(){
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# [8] Set up sats-user automatic login
|
|
|
|
|
# [8] Set up sats automatic login
|
|
|
|
|
#========================================================#
|
|
|
|
|
step8(){
|
|
|
|
|
echo "\n>>> [8] Set up automatic login";
|
|
|
|
@ -248,16 +232,10 @@ step8(){
|
|
|
|
|
|
|
|
|
|
# (2) Link autologin to tty service #
|
|
|
|
|
echo " (.) Link autologin script to tty's default";
|
|
|
|
|
#sudo cat /mnt/etc/systemd/system/autologin@.service \
|
|
|
|
|
# | sed 's/ pi / sats-user /' \
|
|
|
|
|
# | tee ./tmp/autologin@.service > /dev/null;
|
|
|
|
|
#sudo cp ./tmp/autologin@.service /mnt/etc/systemd/system/autologin@.service;
|
|
|
|
|
#rm ./tmp/autologin@.service;
|
|
|
|
|
#sudo ln -fs /etc/systemd/system/autologin@.service /mnt/etc/systemd/system/getty.target.wants/getty@tty1.service;
|
|
|
|
|
|
|
|
|
|
sudo mkdir -pv /mnt/etc/systemd/system/getty@tty1.service.d;
|
|
|
|
|
sudo touch /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf;
|
|
|
|
|
echo -e "[Service]\nExecStart=\nExecStart=-/sbin/agetty --autologin sats-user --noclear I 38400 linux" | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null;
|
|
|
|
|
cat ./utility/autologin_overload.conf | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
echo "<<< done";
|
|
|
|
|
|
|
|
|
@ -281,6 +259,32 @@ step9(){
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# [10] Set up SATS daemon
|
|
|
|
|
#========================================================#
|
|
|
|
|
step10(){
|
|
|
|
|
|
|
|
|
|
echo "\n>>> [10] Set up SATS daemon";
|
|
|
|
|
|
|
|
|
|
# (1) Create daemon folder #
|
|
|
|
|
echo " (.) Create daemon folder";
|
|
|
|
|
sudo mkdir -p /home/sats/satsd;
|
|
|
|
|
|
|
|
|
|
# (2) Init git repository with ssh url #
|
|
|
|
|
echo " (.) Clone git repo with server's ssh url";
|
|
|
|
|
sudo git clone --depth=1 ssh://gw@xdrm.io/home/gw/satsd /home/sats/satsd;
|
|
|
|
|
|
|
|
|
|
# (3) Set up git pull with good key #
|
|
|
|
|
echo " (.) Set up \`git pull\` with registered ssh key";
|
|
|
|
|
git pull origin master;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
echo "<<< done";
|
|
|
|
|
|
|
|
|
|
step11;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# [0] Step choice
|
|
|
|
|
#========================================================#
|
|
|
|
@ -292,8 +296,9 @@ echo "(4) Mount / partition";
|
|
|
|
|
echo "(5) Update users";
|
|
|
|
|
echo "(6) Update groups";
|
|
|
|
|
echo "(7) Manage ssh keys";
|
|
|
|
|
echo "(8) Set up automatic sats-user login";
|
|
|
|
|
echo "(8) Set up automatic sats login";
|
|
|
|
|
echo "(9) Set up WiFi config";
|
|
|
|
|
echo "(10) Set up SATS daemon";
|
|
|
|
|
read -p "step: " step;
|
|
|
|
|
|
|
|
|
|
case $step in
|
|
|
|
@ -306,5 +311,6 @@ case $step in
|
|
|
|
|
"7") step7;;
|
|
|
|
|
"8") step8;;
|
|
|
|
|
"9") step9;;
|
|
|
|
|
"10") step10;;
|
|
|
|
|
*) echo "wrong step"; exit;;
|
|
|
|
|
esac;
|
|
|
|
|