root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ f6e23601
History | View | Annotate | Download (2.8 kB)
1 | 0a35a4ab | Nikos Skalkotos | #! /bin/bash |
---|---|---|---|
2 | 54080484 | Nikos Skalkotos | |
3 | 54080484 | Nikos Skalkotos | ### BEGIN TASK INFO |
4 | 54080484 | Nikos Skalkotos | # Provides: DeleteSSHKeys |
5 | 0cf9835d | Nikos Skalkotos | # RunBefore: UmountImage |
6 | 0cf9835d | Nikos Skalkotos | # RunAfter: MountImage |
7 | 0cf9835d | Nikos Skalkotos | # Short-Description: Remove ssh keys and in some cases recreate them |
8 | 6a95db10 | Vangelis Koukis | ### END TASK INFO |
9 | 54080484 | Nikos Skalkotos | |
10 | 54080484 | Nikos Skalkotos | set -e |
11 | bad5ca1f | Nikos Skalkotos | . "@commondir@/common.sh" |
12 | 54080484 | Nikos Skalkotos | |
13 | 8704ee47 | Nikos Skalkotos | if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
14 | 8704ee47 | Nikos Skalkotos | log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing." |
15 | 8704ee47 | Nikos Skalkotos | fi |
16 | 54080484 | Nikos Skalkotos | |
17 | 7f8e28ae | Nikos Skalkotos | target="$SNF_IMAGE_TARGET" |
18 | 7f8e28ae | Nikos Skalkotos | |
19 | f6e23601 | Nikos Skalkotos | if [ "$SNF_IMAGE_OS" != "linux" ]; then |
20 | 7f8e28ae | Nikos Skalkotos | cleanup |
21 | 7f8e28ae | Nikos Skalkotos | trap - EXIT |
22 | 7f8e28ae | Nikos Skalkotos | exit 0 |
23 | 7f8e28ae | Nikos Skalkotos | fi |
24 | 7f8e28ae | Nikos Skalkotos | |
25 | 7f8e28ae | Nikos Skalkotos | distro=$(get_base_distro "$SNF_IMAGE_TARGET") |
26 | 7f8e28ae | Nikos Skalkotos | |
27 | 7f8e28ae | Nikos Skalkotos | HOST_KEY="/etc/ssh/ssh_host_key" |
28 | 7f8e28ae | Nikos Skalkotos | RSA_KEY="/etc/ssh/ssh_host_rsa_key" |
29 | 7f8e28ae | Nikos Skalkotos | DSA_KEY="/etc/ssh/ssh_host_dsa_key" |
30 | 7f8e28ae | Nikos Skalkotos | ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key" |
31 | 7f8e28ae | Nikos Skalkotos | |
32 | 7f8e28ae | Nikos Skalkotos | |
33 | 7f8e28ae | Nikos Skalkotos | #Remove the default keys |
34 | 7f8e28ae | Nikos Skalkotos | for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do |
35 | 7f8e28ae | Nikos Skalkotos | key=$(echo $pair | cut -d@ -f1) |
36 | 7f8e28ae | Nikos Skalkotos | key_type=$(echo $pair | cut -d@ -f2) |
37 | 7f8e28ae | Nikos Skalkotos | if [ -e "$target/$key" ]; then |
38 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub} |
39 | 7f8e28ae | Nikos Skalkotos | if [ "x$distro" = "xdebian" ]; then |
40 | 7f8e28ae | Nikos Skalkotos | chroot "$target" \ |
41 | 7f8e28ae | Nikos Skalkotos | env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
42 | 7f8e28ae | Nikos Skalkotos | ssh-keygen -t $key_type -q -N '' -f "$key" |
43 | 5d3735b5 | Nikos Skalkotos | fi |
44 | 7f8e28ae | Nikos Skalkotos | fi |
45 | 7f8e28ae | Nikos Skalkotos | done |
46 | 7f8e28ae | Nikos Skalkotos | |
47 | 01cdf118 | Nikos Skalkotos | config="$target/etc/ssh/sshd_config" |
48 | 7f8e28ae | Nikos Skalkotos | if [ ! -e "$config" ]; then |
49 | 01cdf118 | Nikos Skalkotos | echo "Warning: Config file: \`$config' is missing." |
50 | 01cdf118 | Nikos Skalkotos | echo "Warning: Can't check for non-default keys." |
51 | 01cdf118 | Nikos Skalkotos | cleanup |
52 | 01cdf118 | Nikos Skalkotos | trap - EXIT |
53 | 01cdf118 | Nikos Skalkotos | exit 0 |
54 | 54080484 | Nikos Skalkotos | fi |
55 | 54080484 | Nikos Skalkotos | |
56 | 7f8e28ae | Nikos Skalkotos | # Remove non-default keys... |
57 | 7f8e28ae | Nikos Skalkotos | grep ^HostKey "$config" | while read key_line; do |
58 | 7f8e28ae | Nikos Skalkotos | key=$(echo $key_line | cut -d" " -f2) |
59 | 7f8e28ae | Nikos Skalkotos | if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \ |
60 | 7f8e28ae | Nikos Skalkotos | "$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then |
61 | 7f8e28ae | Nikos Skalkotos | continue; |
62 | 7f8e28ae | Nikos Skalkotos | fi |
63 | 7f8e28ae | Nikos Skalkotos | |
64 | 7f8e28ae | Nikos Skalkotos | if [ "x$distro" = "xdebian" ]; then |
65 | 7f8e28ae | Nikos Skalkotos | # Most distros recreate missing keys...debian complains |
66 | 7f8e28ae | Nikos Skalkotos | type="" |
67 | 7f8e28ae | Nikos Skalkotos | if [ -e "$target/$key" ]; then |
68 | 7f8e28ae | Nikos Skalkotos | if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then |
69 | 7f8e28ae | Nikos Skalkotos | type=dsa |
70 | 7f8e28ae | Nikos Skalkotos | elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then |
71 | 7f8e28ae | Nikos Skalkotos | type=ecdsa |
72 | 7f8e28ae | Nikos Skalkotos | elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then |
73 | 7f8e28ae | Nikos Skalkotos | type=rsa |
74 | 7f8e28ae | Nikos Skalkotos | elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then |
75 | 7f8e28ae | Nikos Skalkotos | type=rsa1 |
76 | 7f8e28ae | Nikos Skalkotos | fi |
77 | 7f8e28ae | Nikos Skalkotos | else # do some guessing... |
78 | 7f8e28ae | Nikos Skalkotos | for i in rsa dsa ecdsa; do |
79 | 7f8e28ae | Nikos Skalkotos | echo "$key" | grep _${i}_ && { type="$i"; break; } |
80 | 7f8e28ae | Nikos Skalkotos | done |
81 | 7f8e28ae | Nikos Skalkotos | fi |
82 | 7f8e28ae | Nikos Skalkotos | if [ -z "$type" ]; then |
83 | 7f8e28ae | Nikos Skalkotos | echo "Warning: Unknown key type. I'll use \`rsa1'"; |
84 | 7f8e28ae | Nikos Skalkotos | type=rsa1 |
85 | 7f8e28ae | Nikos Skalkotos | fi |
86 | 7f8e28ae | Nikos Skalkotos | |
87 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub} |
88 | 7f8e28ae | Nikos Skalkotos | chroot "$target" \ |
89 | 7f8e28ae | Nikos Skalkotos | env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
90 | 7f8e28ae | Nikos Skalkotos | ssh-keygen -t $type -q -N '' -f "$key" |
91 | 7f8e28ae | Nikos Skalkotos | else |
92 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub} |
93 | 7f8e28ae | Nikos Skalkotos | fi |
94 | 7f8e28ae | Nikos Skalkotos | done |
95 | 7f8e28ae | Nikos Skalkotos | |
96 | 54080484 | Nikos Skalkotos | cleanup |
97 | 54080484 | Nikos Skalkotos | trap - EXIT |
98 | 54080484 | Nikos Skalkotos | |
99 | 54080484 | Nikos Skalkotos | exit 0 |
100 | 54080484 | Nikos Skalkotos | |
101 | 54080484 | Nikos Skalkotos | # vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |