root / snf-image-helper / tasks / 40DeleteSSHKeys.in @ fe816d8b
History | View | Annotate | Download (3.6 kB)
| 1 | 0a35a4ab | Nikos Skalkotos | #! /bin/bash |
|---|---|---|---|
| 2 | 54080484 | Nikos Skalkotos | |
| 3 | 7e5d635b | Nikos Skalkotos | # Copyright (C) 2011 GRNET S.A. |
| 4 | 7e5d635b | Nikos Skalkotos | # |
| 5 | 7e5d635b | Nikos Skalkotos | # This program is free software; you can redistribute it and/or modify |
| 6 | 7e5d635b | Nikos Skalkotos | # it under the terms of the GNU General Public License as published by |
| 7 | 7e5d635b | Nikos Skalkotos | # the Free Software Foundation; either version 2 of the License, or |
| 8 | 7e5d635b | Nikos Skalkotos | # (at your option) any later version. |
| 9 | 7e5d635b | Nikos Skalkotos | # |
| 10 | 7e5d635b | Nikos Skalkotos | # This program is distributed in the hope that it will be useful, but |
| 11 | 7e5d635b | Nikos Skalkotos | # WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | 7e5d635b | Nikos Skalkotos | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | 7e5d635b | Nikos Skalkotos | # General Public License for more details. |
| 14 | 7e5d635b | Nikos Skalkotos | # |
| 15 | 7e5d635b | Nikos Skalkotos | # You should have received a copy of the GNU General Public License |
| 16 | 7e5d635b | Nikos Skalkotos | # along with this program; if not, write to the Free Software |
| 17 | 7e5d635b | Nikos Skalkotos | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 18 | 7e5d635b | Nikos Skalkotos | # 02110-1301, USA. |
| 19 | 7e5d635b | Nikos Skalkotos | |
| 20 | 54080484 | Nikos Skalkotos | ### BEGIN TASK INFO |
| 21 | 54080484 | Nikos Skalkotos | # Provides: DeleteSSHKeys |
| 22 | 0cf9835d | Nikos Skalkotos | # RunBefore: UmountImage |
| 23 | 0cf9835d | Nikos Skalkotos | # RunAfter: MountImage |
| 24 | 0cf9835d | Nikos Skalkotos | # Short-Description: Remove ssh keys and in some cases recreate them |
| 25 | 6a95db10 | Vangelis Koukis | ### END TASK INFO |
| 26 | 54080484 | Nikos Skalkotos | |
| 27 | 54080484 | Nikos Skalkotos | set -e |
| 28 | bad5ca1f | Nikos Skalkotos | . "@commondir@/common.sh" |
| 29 | 54080484 | Nikos Skalkotos | |
| 30 | 2a0c492d | Nikos Skalkotos | # Check if the task should be prevented from running. |
| 31 | 2a0c492d | Nikos Skalkotos | check_if_excluded |
| 32 | 2a0c492d | Nikos Skalkotos | |
| 33 | 8704ee47 | Nikos Skalkotos | if [ ! -d "$SNF_IMAGE_TARGET" ]; then |
| 34 | 8704ee47 | Nikos Skalkotos | log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing." |
| 35 | 8704ee47 | Nikos Skalkotos | fi |
| 36 | 54080484 | Nikos Skalkotos | |
| 37 | 473f4fa5 | Nikos Skalkotos | if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then |
| 38 | 7f8e28ae | Nikos Skalkotos | exit 0 |
| 39 | 7f8e28ae | Nikos Skalkotos | fi |
| 40 | 7f8e28ae | Nikos Skalkotos | |
| 41 | 7f8e28ae | Nikos Skalkotos | distro=$(get_base_distro "$SNF_IMAGE_TARGET") |
| 42 | 7f8e28ae | Nikos Skalkotos | |
| 43 | 7f8e28ae | Nikos Skalkotos | HOST_KEY="/etc/ssh/ssh_host_key" |
| 44 | 7f8e28ae | Nikos Skalkotos | RSA_KEY="/etc/ssh/ssh_host_rsa_key" |
| 45 | 7f8e28ae | Nikos Skalkotos | DSA_KEY="/etc/ssh/ssh_host_dsa_key" |
| 46 | 7f8e28ae | Nikos Skalkotos | ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key" |
| 47 | 7f8e28ae | Nikos Skalkotos | |
| 48 | de7269cd | Nikos Skalkotos | target="$SNF_IMAGE_TARGET" |
| 49 | 7f8e28ae | Nikos Skalkotos | |
| 50 | 7f8e28ae | Nikos Skalkotos | #Remove the default keys |
| 51 | 7f8e28ae | Nikos Skalkotos | for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do |
| 52 | 7f8e28ae | Nikos Skalkotos | key=$(echo $pair | cut -d@ -f1) |
| 53 | 7f8e28ae | Nikos Skalkotos | key_type=$(echo $pair | cut -d@ -f2) |
| 54 | 7f8e28ae | Nikos Skalkotos | if [ -e "$target/$key" ]; then |
| 55 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub}
|
| 56 | 7f8e28ae | Nikos Skalkotos | if [ "x$distro" = "xdebian" ]; then |
| 57 | 7f8e28ae | Nikos Skalkotos | chroot "$target" \ |
| 58 | 7f8e28ae | Nikos Skalkotos | env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
| 59 | 7f8e28ae | Nikos Skalkotos | ssh-keygen -t $key_type -q -N '' -f "$key" |
| 60 | 5d3735b5 | Nikos Skalkotos | fi |
| 61 | 7f8e28ae | Nikos Skalkotos | fi |
| 62 | 7f8e28ae | Nikos Skalkotos | done |
| 63 | 7f8e28ae | Nikos Skalkotos | |
| 64 | 01cdf118 | Nikos Skalkotos | config="$target/etc/ssh/sshd_config" |
| 65 | 7f8e28ae | Nikos Skalkotos | if [ ! -e "$config" ]; then |
| 66 | 11994c76 | Nikos Skalkotos | warn "Config file: \`$config' is missing." |
| 67 | 11994c76 | Nikos Skalkotos | warn "Can't check for non-default keys." |
| 68 | 01cdf118 | Nikos Skalkotos | exit 0 |
| 69 | 54080484 | Nikos Skalkotos | fi |
| 70 | 54080484 | Nikos Skalkotos | |
| 71 | 7f8e28ae | Nikos Skalkotos | # Remove non-default keys... |
| 72 | fe816d8b | Nikos Skalkotos | grep ^HostKey "$config" || true | while read key_line; do |
| 73 | 7f8e28ae | Nikos Skalkotos | key=$(echo $key_line | cut -d" " -f2) |
| 74 | 7f8e28ae | Nikos Skalkotos | if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \ |
| 75 | 7f8e28ae | Nikos Skalkotos | "$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then |
| 76 | 7f8e28ae | Nikos Skalkotos | continue; |
| 77 | 7f8e28ae | Nikos Skalkotos | fi |
| 78 | 7f8e28ae | Nikos Skalkotos | |
| 79 | 7f8e28ae | Nikos Skalkotos | if [ "x$distro" = "xdebian" ]; then |
| 80 | 7f8e28ae | Nikos Skalkotos | # Most distros recreate missing keys...debian complains |
| 81 | 7f8e28ae | Nikos Skalkotos | type="" |
| 82 | 7f8e28ae | Nikos Skalkotos | if [ -e "$target/$key" ]; then |
| 83 | 7f8e28ae | Nikos Skalkotos | if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then |
| 84 | 7f8e28ae | Nikos Skalkotos | type=dsa |
| 85 | 7f8e28ae | Nikos Skalkotos | elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then |
| 86 | 7f8e28ae | Nikos Skalkotos | type=ecdsa |
| 87 | 7f8e28ae | Nikos Skalkotos | elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then |
| 88 | 7f8e28ae | Nikos Skalkotos | type=rsa |
| 89 | 7f8e28ae | Nikos Skalkotos | elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then |
| 90 | 7f8e28ae | Nikos Skalkotos | type=rsa1 |
| 91 | 7f8e28ae | Nikos Skalkotos | fi |
| 92 | 7f8e28ae | Nikos Skalkotos | else # do some guessing... |
| 93 | 7f8e28ae | Nikos Skalkotos | for i in rsa dsa ecdsa; do |
| 94 | fe816d8b | Nikos Skalkotos | if echo "$key" | grep _${i}_ > /dev/null; then
|
| 95 | fe816d8b | Nikos Skalkotos | type="$i"; |
| 96 | fe816d8b | Nikos Skalkotos | break; |
| 97 | fe816d8b | Nikos Skalkotos | fi |
| 98 | 7f8e28ae | Nikos Skalkotos | done |
| 99 | 7f8e28ae | Nikos Skalkotos | fi |
| 100 | 7f8e28ae | Nikos Skalkotos | if [ -z "$type" ]; then |
| 101 | 7f8e28ae | Nikos Skalkotos | echo "Warning: Unknown key type. I'll use \`rsa1'"; |
| 102 | 7f8e28ae | Nikos Skalkotos | type=rsa1 |
| 103 | 7f8e28ae | Nikos Skalkotos | fi |
| 104 | 7f8e28ae | Nikos Skalkotos | |
| 105 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub}
|
| 106 | 7f8e28ae | Nikos Skalkotos | chroot "$target" \ |
| 107 | 7f8e28ae | Nikos Skalkotos | env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ |
| 108 | 7f8e28ae | Nikos Skalkotos | ssh-keygen -t $type -q -N '' -f "$key" |
| 109 | 7f8e28ae | Nikos Skalkotos | else |
| 110 | 7f8e28ae | Nikos Skalkotos | rm -f "$target/$key"{,.pub}
|
| 111 | 7f8e28ae | Nikos Skalkotos | fi |
| 112 | 7f8e28ae | Nikos Skalkotos | done |
| 113 | 7f8e28ae | Nikos Skalkotos | |
| 114 | 54080484 | Nikos Skalkotos | exit 0 |
| 115 | 54080484 | Nikos Skalkotos | |
| 116 | 54080484 | Nikos Skalkotos | # vim: set sta sts=4 shiftwidth=4 sw=4 et ai : |