diff options
Diffstat (limited to 'contrib/cirrus/lib.sh')
-rw-r--r-- | contrib/cirrus/lib.sh | 50 |
1 files changed, 31 insertions, 19 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 9b7c613f5..cff8f4b3f 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -166,30 +166,42 @@ setup_rootless() { useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" - msg "creating ssh key pair for $USER" + mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh" + + msg "Creating ssh key pairs" [[ -r "$HOME/.ssh/id_rsa" ]] || \ - ssh-keygen -P "" -f "$HOME/.ssh/id_rsa" + ssh-keygen -t rsa -P "" -f "$HOME/.ssh/id_rsa" + ssh-keygen -t ed25519 -P "" -f "/home/$ROOTLESS_USER/.ssh/id_ed25519" + ssh-keygen -t rsa -P "" -f "/home/$ROOTLESS_USER/.ssh/id_rsa" - msg "Allowing ssh key for $ROOTLESS_USER" - akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys" - (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh") - chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" - install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \ - "$HOME/.ssh/id_rsa.pub" "$akfilepath" - # Makes debugging easier - cat /root/.ssh/authorized_keys >> "$akfilepath" + msg "Setup authorized_keys" + cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys + cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys msg "Ensure the ssh daemon is up and running within 5 minutes" systemctl start sshd - sshcmd="ssh $ROOTLESS_USER@localhost - -o UserKnownHostsFile=/dev/null - -o StrictHostKeyChecking=no - -o CheckHostIP=no" - lilto $sshcmd true # retry until sshd is up - - msg "Configuring rootless user self-access to ssh to localhost" - $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa" - cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath" + lilto systemctl is-active sshd + + msg "Configure ssh file permissions" + chmod -R 700 "$HOME/.ssh" + chmod -R 700 "/home/$ROOTLESS_USER/.ssh" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + + msg " setup known_hosts for $USER" + ssh -q root@localhost \ + -o UserKnownHostsFile=/root/.ssh/known_hosts \ + -o UpdateHostKeys=yes \ + -o StrictHostKeyChecking=no \ + -o CheckHostIP=no \ + true + + msg " setup known_hosts for $ROOTLESS_USER" + su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ + -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ + -o UpdateHostKeys=yes \ + -o StrictHostKeyChecking=no \ + -o CheckHostIP=no \ + true" } install_test_configs() { |