/snf-image-helper/tasks/40DeleteSSHKeys.in - snf-image - Greek Research and Technology Network's projects

| Branch: | Tag: | Revision:

root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ 473f4fa5

History | View | Annotate | Download (2.8 kB)

       #! /bin/bash
       ### BEGIN TASK INFO
       # Provides:		DeleteSSHKeys
       # RunBefore:            UmountImage
       # RunAfter:             MountImage
       # Short-Description:	Remove ssh keys and in some cases recreate them
       ### END TASK INFO
       set -e
       . "@commondir@/common.sh"
       if [ ! -d "$SNF_IMAGE_TARGET" ]; then
           log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
       fi
       target="$SNF_IMAGE_TARGET"
       if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then
           cleanup
           trap - EXIT
           exit 0
       fi
       distro=$(get_base_distro "$SNF_IMAGE_TARGET")
       HOST_KEY="/etc/ssh/ssh_host_key"
       RSA_KEY="/etc/ssh/ssh_host_rsa_key"
       DSA_KEY="/etc/ssh/ssh_host_dsa_key"
       ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
       #Remove the default keys
       for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
           key=$(echo $pair | cut -d@ -f1)
           key_type=$(echo $pair | cut -d@ -f2)
           if [ -e "$target/$key" ]; then
               rm -f "$target/$key"{,.pub}
               if [ "x$distro" = "xdebian" ]; then
                   chroot "$target" \
                       env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
                       ssh-keygen -t $key_type -q -N '' -f "$key"
               fi
           fi
       done
       config="$target/etc/ssh/sshd_config"
       if [ ! -e "$config" ]; then
           echo "Warning: Config file: \`$config' is missing."
           echo "Warning: Can't check for non-default keys."
           cleanup
           trap - EXIT
           exit 0
       fi
       # Remove non-default keys...
       grep ^HostKey "$config" | while read key_line; do
           key=$(echo $key_line | cut -d" " -f2)
           if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \
                   "$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then
               continue;
           fi
           if [ "x$distro" = "xdebian" ]; then
               # Most distros recreate missing keys...debian complains
               type=""
               if [ -e "$target/$key" ]; then
                   if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then
                       type=dsa
                   elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then
                       type=ecdsa
                   elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then
                       type=rsa
                   elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then
                       type=rsa1
                   fi
               else # do some guessing...
                   for i in rsa dsa ecdsa; do
                       echo "$key" | grep _${i}_ && { type="$i"; break; }
                   done
               fi
               if [ -z "$type" ]; then
                   echo "Warning: Unknown key type. I'll use \`rsa1'";
                   type=rsa1
               fi
               rm -f "$target/$key"{,.pub}
               chroot "$target" \
                   env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
                   ssh-keygen -t $type -q -N '' -f "$key"
           else
               rm -f "$target/$key"{,.pub}
           fi
       done
       cleanup
       trap - EXIT
       exit 0
       # vim: set sta sts=4 shiftwidth=4 sw=4 et ai :

Synnefo » snf-image

root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ 473f4fa5