CHANGELOG

Code formatting

Improvments

CHANGELOG.md

@@ -0,0 +1,5 @@
+## [v1.0.0](https://git.cynarski.pl/devOps/trust-ca-ssh/releases/tag/v1.0.0) - 2020-11-20
+
+* INNE
+  * Pobieranie trusted CA z Vault (#2)
+  * Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys (#1)

install.sh

@@ -1,14 +1,32 @@
 #!/bin/bash
 
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#
+# Helper functions
+#
+declare -i term_width=120
+
+h2() {
+    printf '\e[1;33m==>\e[37;1m %s\e[0m\n' "$*"
+}
+
 SSHD_CONFIG=/etc/ssh/sshd_config
 CA_FILE=/etc/ssh/trusted-ca.pem
 VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
 
 if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
-     curl -o $CA_FILE $VAULT_CERT
+	h2 "Add new TrustedUserCAKeys"
-     echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
+	curl -s -o $CA_FILE $VAULT_CERT
+	echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
 else 
 	CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
-	echo $CA_FILE
+	h2 "Attach trusted CA to ${CA_FILE}"
-	curl $VAULT_CERT >> $CA_FILE	
+	curl -s $VAULT_CERT >> $CA_FILE	
 fi
+
+h2 "Restart sshd service"
+systemctl restart sshd
+h2 "Done."