/snf-image-helper/tasks/40DeleteSSHKeys.in - Annotate - snf-image - Greek Research and Technology Network's projects

| Branch: | Tag: | Revision:

root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ f6e23601

History | View | Annotate | Download (2.8 kB)

1	0a35a4ab	Nikos Skalkotos	#! /bin/bash
2	54080484	Nikos Skalkotos
3	54080484	Nikos Skalkotos	### BEGIN TASK INFO
4	54080484	Nikos Skalkotos	# Provides: DeleteSSHKeys
5	0cf9835d	Nikos Skalkotos	# RunBefore: UmountImage
6	0cf9835d	Nikos Skalkotos	# RunAfter: MountImage
7	0cf9835d	Nikos Skalkotos	# Short-Description: Remove ssh keys and in some cases recreate them
8	6a95db10	Vangelis Koukis	### END TASK INFO
9	54080484	Nikos Skalkotos
10	54080484	Nikos Skalkotos	set -e
11	bad5ca1f	Nikos Skalkotos	. "@commondir@/common.sh"
12	54080484	Nikos Skalkotos
13	8704ee47	Nikos Skalkotos	if [ ! -d "$SNF_IMAGE_TARGET" ]; then
14	8704ee47	Nikos Skalkotos	log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
15	8704ee47	Nikos Skalkotos	fi
16	54080484	Nikos Skalkotos
17	7f8e28ae	Nikos Skalkotos	target="$SNF_IMAGE_TARGET"
18	7f8e28ae	Nikos Skalkotos
19	f6e23601	Nikos Skalkotos	if [ "$SNF_IMAGE_OS" != "linux" ]; then
20	7f8e28ae	Nikos Skalkotos	cleanup
21	7f8e28ae	Nikos Skalkotos	trap - EXIT
22	7f8e28ae	Nikos Skalkotos	exit 0
23	7f8e28ae	Nikos Skalkotos	fi
24	7f8e28ae	Nikos Skalkotos
25	7f8e28ae	Nikos Skalkotos	distro=$(get_base_distro "$SNF_IMAGE_TARGET")
26	7f8e28ae	Nikos Skalkotos
27	7f8e28ae	Nikos Skalkotos	HOST_KEY="/etc/ssh/ssh_host_key"
28	7f8e28ae	Nikos Skalkotos	RSA_KEY="/etc/ssh/ssh_host_rsa_key"
29	7f8e28ae	Nikos Skalkotos	DSA_KEY="/etc/ssh/ssh_host_dsa_key"
30	7f8e28ae	Nikos Skalkotos	ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
31	7f8e28ae	Nikos Skalkotos
32	7f8e28ae	Nikos Skalkotos
33	7f8e28ae	Nikos Skalkotos	#Remove the default keys
34	7f8e28ae	Nikos Skalkotos	for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
35	7f8e28ae	Nikos Skalkotos	key=$(echo $pair \| cut -d@ -f1)
36	7f8e28ae	Nikos Skalkotos	key_type=$(echo $pair \| cut -d@ -f2)
37	7f8e28ae	Nikos Skalkotos	if [ -e "$target/$key" ]; then
38	7f8e28ae	Nikos Skalkotos	rm -f "$target/$key"{,.pub}
39	7f8e28ae	Nikos Skalkotos	if [ "x$distro" = "xdebian" ]; then
40	7f8e28ae	Nikos Skalkotos	chroot "$target" \
41	7f8e28ae	Nikos Skalkotos	env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
42	7f8e28ae	Nikos Skalkotos	ssh-keygen -t $key_type -q -N '' -f "$key"
43	5d3735b5	Nikos Skalkotos	fi
44	7f8e28ae	Nikos Skalkotos	fi
45	7f8e28ae	Nikos Skalkotos	done
46	7f8e28ae	Nikos Skalkotos
47	01cdf118	Nikos Skalkotos	config="$target/etc/ssh/sshd_config"
48	7f8e28ae	Nikos Skalkotos	if [ ! -e "$config" ]; then
49	01cdf118	Nikos Skalkotos	echo "Warning: Config file: \`$config' is missing."
50	01cdf118	Nikos Skalkotos	echo "Warning: Can't check for non-default keys."
51	01cdf118	Nikos Skalkotos	cleanup
52	01cdf118	Nikos Skalkotos	trap - EXIT
53	01cdf118	Nikos Skalkotos	exit 0
54	54080484	Nikos Skalkotos	fi
55	54080484	Nikos Skalkotos
56	7f8e28ae	Nikos Skalkotos	# Remove non-default keys...
57	7f8e28ae	Nikos Skalkotos	grep ^HostKey "$config" \| while read key_line; do
58	7f8e28ae	Nikos Skalkotos	key=$(echo $key_line \| cut -d" " -f2)
59	7f8e28ae	Nikos Skalkotos	if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \
60	7f8e28ae	Nikos Skalkotos	"$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then
61	7f8e28ae	Nikos Skalkotos	continue;
62	7f8e28ae	Nikos Skalkotos	fi
63	7f8e28ae	Nikos Skalkotos
64	7f8e28ae	Nikos Skalkotos	if [ "x$distro" = "xdebian" ]; then
65	7f8e28ae	Nikos Skalkotos	# Most distros recreate missing keys...debian complains
66	7f8e28ae	Nikos Skalkotos	type=""
67	7f8e28ae	Nikos Skalkotos	if [ -e "$target/$key" ]; then
68	7f8e28ae	Nikos Skalkotos	if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then
69	7f8e28ae	Nikos Skalkotos	type=dsa
70	7f8e28ae	Nikos Skalkotos	elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then
71	7f8e28ae	Nikos Skalkotos	type=ecdsa
72	7f8e28ae	Nikos Skalkotos	elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then
73	7f8e28ae	Nikos Skalkotos	type=rsa
74	7f8e28ae	Nikos Skalkotos	elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then
75	7f8e28ae	Nikos Skalkotos	type=rsa1
76	7f8e28ae	Nikos Skalkotos	fi
77	7f8e28ae	Nikos Skalkotos	else # do some guessing...
78	7f8e28ae	Nikos Skalkotos	for i in rsa dsa ecdsa; do
79	7f8e28ae	Nikos Skalkotos	echo "$key" \| grep _${i}_ && { type="$i"; break; }
80	7f8e28ae	Nikos Skalkotos	done
81	7f8e28ae	Nikos Skalkotos	fi
82	7f8e28ae	Nikos Skalkotos	if [ -z "$type" ]; then
83	7f8e28ae	Nikos Skalkotos	echo "Warning: Unknown key type. I'll use \`rsa1'";
84	7f8e28ae	Nikos Skalkotos	type=rsa1
85	7f8e28ae	Nikos Skalkotos	fi
86	7f8e28ae	Nikos Skalkotos
87	7f8e28ae	Nikos Skalkotos	rm -f "$target/$key"{,.pub}
88	7f8e28ae	Nikos Skalkotos	chroot "$target" \
89	7f8e28ae	Nikos Skalkotos	env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
90	7f8e28ae	Nikos Skalkotos	ssh-keygen -t $type -q -N '' -f "$key"
91	7f8e28ae	Nikos Skalkotos	else
92	7f8e28ae	Nikos Skalkotos	rm -f "$target/$key"{,.pub}
93	7f8e28ae	Nikos Skalkotos	fi
94	7f8e28ae	Nikos Skalkotos	done
95	7f8e28ae	Nikos Skalkotos
96	54080484	Nikos Skalkotos	cleanup
97	54080484	Nikos Skalkotos	trap - EXIT
98	54080484	Nikos Skalkotos
99	54080484	Nikos Skalkotos	exit 0
100	54080484	Nikos Skalkotos
101	54080484	Nikos Skalkotos	# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :

Synnefo » snf-image

root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ f6e23601