From ee49b8dbf7ed7370fa541fafdcd42c0b287863d5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Sat, 3 Dec 2022 05:14:24 +0100 Subject: [PATCH 1/1] Prevent msec perms btmp warning Handle rsa and ed25519 pubkey addition in authorized_keys --- lib/pattern.sh | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/pattern.sh b/lib/pattern.sh index 5088194..8315ae1 100755 --- a/lib/pattern.sh +++ b/lib/pattern.sh @@ -229,11 +229,29 @@ chroot "$PWD/root" /usr/sbin/sshd-keygen #XXX: forced because msec decides otherwise perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config" -# Add rsa key if available -#XXX: dsa is unsupported anymore -if [ -e "$HOME/.ssh/id_rsa.pub" ]; then - [ ! -d "$PWD/root/root/.ssh" ] && mkdir -m 0700 "$PWD/root/root/.ssh" - cp -f "$HOME/.ssh/id_rsa.pub" "$PWD/root/root/.ssh/authorized_keys" +# Prevent btmp warning +cat << EOF > "$PWD/root/etc/tmpfiles.d/var.conf" +# See tmpfiles.d(5) for details + +# Prevent msec warning about enforcing permissions +f /var/log/btmp 0600 root utmp - +EOF + +# Authorized keys +if [ -e "$HOME/.ssh/id_rsa.pub" -o -e "$HOME/.ssh/id_ed25519.pub" ]; then + mkdir -m 0700 "$PWD/root/root/.ssh" + touch "$PWD/root/root/.ssh/authorized_keys" + chmod u=rw,go=r "$PWD/root/root/.ssh/authorized_keys" + + # Add rsa key if available + if [ -e "$HOME/.ssh/id_rsa.pub" ]; then + cat "$HOME/.ssh/id_rsa.pub" >> "$PWD/root/root/.ssh/authorized_keys" + fi + + # Add ed25519 key if available + if [ -e "$HOME/.ssh/id_ed25519.pub" ]; then + cat "$HOME/.ssh/id_ed25519.pub" >> "$PWD/root/root/.ssh/authorized_keys" + fi fi #TODO ntp /etc/systemd/timesyncd.conf -- 2.41.1