root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ a50a2bff
History | View | Annotate | Download (3.6 kB)
1 |
#! /bin/bash |
---|---|
2 |
|
3 |
# Copyright (C) 2011 GRNET S.A. |
4 |
# |
5 |
# This program is free software; you can redistribute it and/or modify |
6 |
# it under the terms of the GNU General Public License as published by |
7 |
# the Free Software Foundation; either version 2 of the License, or |
8 |
# (at your option) any later version. |
9 |
# |
10 |
# This program is distributed in the hope that it will be useful, but |
11 |
# WITHOUT ANY WARRANTY; without even the implied warranty of |
12 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 |
# General Public License for more details. |
14 |
# |
15 |
# You should have received a copy of the GNU General Public License |
16 |
# along with this program; if not, write to the Free Software |
17 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
18 |
# 02110-1301, USA. |
19 |
|
20 |
### BEGIN TASK INFO |
21 |
# Provides: DeleteSSHKeys |
22 |
# RunBefore: UmountImage |
23 |
# RunAfter: MountImage |
24 |
# Short-Description: Remove ssh keys and in some cases recreate them |
25 |
### END TASK INFO |
26 |
|
27 |
set -e |
28 |
. "@commondir@/common.sh" |
29 |
|
30 |
trap task_cleanup EXIT |
31 |
report_task_start |
32 |
|
33 |
# Check if the task should be prevented from running. |
34 |
check_if_excluded |
35 |
|
36 |
if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
37 |
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing." |
38 |
fi |
39 |
|
40 |
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then |
41 |
exit 0 |
42 |
fi |
43 |
|
44 |
distro=$(get_base_distro "$SNF_IMAGE_TARGET") |
45 |
|
46 |
HOST_KEY="/etc/ssh/ssh_host_key" |
47 |
RSA_KEY="/etc/ssh/ssh_host_rsa_key" |
48 |
DSA_KEY="/etc/ssh/ssh_host_dsa_key" |
49 |
ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key" |
50 |
|
51 |
target="$SNF_IMAGE_TARGET" |
52 |
|
53 |
#Remove the default keys |
54 |
for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do |
55 |
key=$(echo $pair | cut -d@ -f1) |
56 |
key_type=$(echo $pair | cut -d@ -f2) |
57 |
if [ -e "$target/$key" ]; then |
58 |
rm -f "$target/$key"{,.pub} |
59 |
if [ "x$distro" = "xdebian" ]; then |
60 |
chroot "$target" \ |
61 |
env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
62 |
ssh-keygen -t $key_type -q -N '' -f "$key" |
63 |
fi |
64 |
fi |
65 |
done |
66 |
|
67 |
config="$target/etc/ssh/sshd_config" |
68 |
if [ ! -e "$config" ]; then |
69 |
warn "Config file: \`$config' is missing." |
70 |
warn "Can't check for non-default keys." |
71 |
exit 0 |
72 |
fi |
73 |
|
74 |
# Remove non-default keys... |
75 |
grep ^HostKey "$config" || true | while read key_line; do |
76 |
key=$(echo $key_line | cut -d" " -f2) |
77 |
if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \ |
78 |
"$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then |
79 |
continue; |
80 |
fi |
81 |
|
82 |
if [ "x$distro" = "xdebian" ]; then |
83 |
# Most distros recreate missing keys...debian complains |
84 |
type="" |
85 |
if [ -e "$target/$key" ]; then |
86 |
if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then |
87 |
type=dsa |
88 |
elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then |
89 |
type=ecdsa |
90 |
elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then |
91 |
type=rsa |
92 |
elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then |
93 |
type=rsa1 |
94 |
fi |
95 |
else # do some guessing... |
96 |
for i in rsa dsa ecdsa; do |
97 |
if echo "$key" | grep _${i}_ > /dev/null; then |
98 |
type="$i"; |
99 |
break; |
100 |
fi |
101 |
done |
102 |
fi |
103 |
if [ -z "$type" ]; then |
104 |
echo "Warning: Unknown key type. I'll use \`rsa1'"; |
105 |
type=rsa1 |
106 |
fi |
107 |
|
108 |
rm -f "$target/$key"{,.pub} |
109 |
chroot "$target" \ |
110 |
env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
111 |
ssh-keygen -t $type -q -N '' -f "$key" |
112 |
else |
113 |
rm -f "$target/$key"{,.pub} |
114 |
fi |
115 |
done |
116 |
|
117 |
exit 0 |
118 |
|
119 |
# vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |