public/trust-ca-ssh
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

CHANGELOG

Browse Source 
Code formatting

Improvments
This commit is contained in:
Aleksander Cynarski 2020-11-20 23:47:50 +01:00
parent 37ef5a7c11
commit f4d821da7e
2 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md Normal file
View File

@ -0,0 +1,5 @@
## [v1.0.0](https://git.cynarski.pl/devOps/trust-ca-ssh/releases/tag/v1.0.0) - 2020-11-20
* INNE
* Pobieranie trusted CA z Vault (#2)
* Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys (#1)

24
install.sh
View File

@ -1,14 +1,32 @@
#!/bin/bash #!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
#
# Helper functions
#
declare -i term_width=120
h2() {
printf '\e[1;33m==>\e[37;1m %s\e[0m\n' "$*"
}
SSHD_CONFIG=/etc/ssh/sshd_config SSHD_CONFIG=/etc/ssh/sshd_config
CA_FILE=/etc/ssh/trusted-ca.pem CA_FILE=/etc/ssh/trusted-ca.pem
VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key" VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
curl -o $CA_FILE $VAULT_CERT h2 "Add new TrustedUserCAKeys"
curl -s -o $CA_FILE $VAULT_CERT
echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
else else
CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2) CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
echo $CA_FILE h2 "Attach trusted CA to ${CA_FILE}"
curl $VAULT_CERT >> $CA_FILE curl -s $VAULT_CERT >> $CA_FILE
fi fi
h2 "Restart sshd service"
systemctl restart sshd
h2 "Done."