CHANGELOG
Code formatting Improvments
This commit is contained in:
parent
37ef5a7c11
commit
f4d821da7e
5
CHANGELOG.md
Normal file
5
CHANGELOG.md
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
## [v1.0.0](https://git.cynarski.pl/devOps/trust-ca-ssh/releases/tag/v1.0.0) - 2020-11-20
|
||||||
|
|
||||||
|
* INNE
|
||||||
|
* Pobieranie trusted CA z Vault (#2)
|
||||||
|
* Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys (#1)
|
24
install.sh
24
install.sh
@ -1,14 +1,32 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -o errexit
|
||||||
|
set -o nounset
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
#
|
||||||
|
# Helper functions
|
||||||
|
#
|
||||||
|
declare -i term_width=120
|
||||||
|
|
||||||
|
h2() {
|
||||||
|
printf '\e[1;33m==>\e[37;1m %s\e[0m\n' "$*"
|
||||||
|
}
|
||||||
|
|
||||||
SSHD_CONFIG=/etc/ssh/sshd_config
|
SSHD_CONFIG=/etc/ssh/sshd_config
|
||||||
CA_FILE=/etc/ssh/trusted-ca.pem
|
CA_FILE=/etc/ssh/trusted-ca.pem
|
||||||
VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
|
VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
|
||||||
|
|
||||||
if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
|
if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
|
||||||
curl -o $CA_FILE $VAULT_CERT
|
h2 "Add new TrustedUserCAKeys"
|
||||||
|
curl -s -o $CA_FILE $VAULT_CERT
|
||||||
echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
|
echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
|
||||||
else
|
else
|
||||||
CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
|
CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
|
||||||
echo $CA_FILE
|
h2 "Attach trusted CA to ${CA_FILE}"
|
||||||
curl $VAULT_CERT >> $CA_FILE
|
curl -s $VAULT_CERT >> $CA_FILE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
h2 "Restart sshd service"
|
||||||
|
systemctl restart sshd
|
||||||
|
h2 "Done."
|
||||||
|
Loading…
Reference in New Issue
Block a user