ashikk
/
alpine-linux-headless-bootstrap
mirror of https://github.com/macmpi/alpine-linux-headless-bootstrap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow to inject custom ssh keys

This commit is contained in:
macmpi 2023-05-11 17:53:42 +02:00
parent aa371a2e0c
commit 84da591fda
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -22,6 +22,7 @@ From there, system install can be fine-tuned as usual with `setup-alpine` for in
Add-on files may be added next to `headless.apkovl.tar.gz` to customise setup (sample files are provided): Add-on files may be added next to `headless.apkovl.tar.gz` to customise setup (sample files are provided):
- `wpa_supplicant.conf` (*mandatory for wifi usecase*): define wifi SSID & password. - `wpa_supplicant.conf` (*mandatory for wifi usecase*): define wifi SSID & password.
- `interfaces` (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable. - `interfaces` (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (can be stored), instead of bundled ones[^1] (not stored).
- `unattended.sh` (*optional*): make custom automated deployment script to further tune & extend setup (backgrounded). - `unattended.sh` (*optional*): make custom automated deployment script to further tune & extend setup (backgrounded).
*Note:* these files are linux text files: Windows/macOS users need to use text editors supporting linux text line-ending (such as [notepad++](https://notepad-plus-plus.org/), BBEdit or any other). *Note:* these files are linux text files: Windows/macOS users need to use text editors supporting linux text line-ending (such as [notepad++](https://notepad-plus-plus.org/), BBEdit or any other).
@ -32,7 +33,7 @@ With Computer set-up to share networking with USB interface as 10.42.0.1 gateway
Main execution steps are logged in `/var/log/messages`. Main execution steps are logged in `/var/log/messages`.
[^1]: About bundled ssh keys: as this package is essentially intended to **quickly bootstrap** system in order to configure it, it purposely embeds [some ssh keys](https://github.com/macmpi/alpine-linux-headless-bootstrap/tree/main/overlay/etc/ssh) so that bootstrapping is as fast as possible. Those (temporary) keys are moved in /tmp, so they will **not be saved/reused** once permanent configuration is set (with or without ssh server voluntarily installed in permanent setup). [^1]: About bundled ssh keys: as this package is essentially intended to **quickly bootstrap** system in order to configure it, it purposely embeds [some ssh keys](https://github.com/macmpi/alpine-linux-headless-bootstrap/tree/main/overlay/etc/ssh) so that bootstrapping is as fast as possible. Those (temporary) keys are moved in RAM /tmp, so they will **not be saved/reused** once permanent configuration is set (with or without ssh server voluntarily installed in permanent setup).
## How to customize further ? ## How to customize further ?

BIN
headless.apkovl.tar.gz
View File

Binary file not shown.

20
overlay/etc/local.d/headless.start
View File

@ -15,12 +15,12 @@ ovlpath=$( find /media -maxdepth 2 -type d -path '*/.*' -prune -o -type f -name
if [ -f "${ovlpath}/wpa_supplicant.conf" ]; then if [ -f "${ovlpath}/wpa_supplicant.conf" ]; then
logger -st ${0##*/} "Wifi setup found !" logger -st ${0##*/} "Wifi setup found !"
apk add wpa_supplicant apk add wpa_supplicant
cp "${ovlpath}/wpa_supplicant.conf" /etc/wpa_supplicant/wpa_supplicant.conf install -m600 "${ovlpath}/wpa_supplicant.conf" /etc/wpa_supplicant/wpa_supplicant.conf
else else
logger -st ${0##*/} "Wifi setup not found !" logger -st ${0##*/} "Wifi setup not found !"
fi fi
if ! cp "${ovlpath}/interfaces" /etc/network/interfaces; then if ! install -m644 "${ovlpath}/interfaces" /etc/network/interfaces; then
# set default interfaces if not specified by interface file on boot storage # set default interfaces if not specified by interface file on boot storage
logger -st ${0##*/} "No interfaces file supplied, building default interfaces..." logger -st ${0##*/} "No interfaces file supplied, building default interfaces..."
for dev in $(ls /sys/class/net) for dev in $(ls /sys/class/net)
@ -77,22 +77,26 @@ rc-service networking start
## Setup temporary SSH server (root login, no password) ## Setup temporary SSH server (root login, no password)
## we use some bundled keys to avoid generation at boot and save time ## we use some bundled or optionaly provided keys to avoid generation at boot and save time
## bundled temporary keys are moved in /tmp so they won't be stored
## within permanent config later (new ones will then be generated)
apk add openssh apk add openssh
mv /etc/ssh/ssh_host_* /tmp/.trash/. # bundled temporary keys are moved in RAM /tmp so they won't be stored
# within permanent config later (new ones will then be generated)
mv /etc/ssh/ssh_host_*_key* /tmp/.trash/.
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
cat <<-EOF >> /etc/ssh/sshd_config cat <<-EOF >> /etc/ssh/sshd_config
AuthenticationMethods none AuthenticationMethods none
PermitEmptyPasswords yes PermitEmptyPasswords yes
PermitRootLogin yes PermitRootLogin yes
HostKey /tmp/.trash/ssh_host_ed25519_key
HostKey /tmp/.trash/ssh_host_rsa_key
EOF EOF
# inject optional custom keys (those might be stored)
if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
echo "HostKey /tmp/.trash/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
echo "HostKey /tmp/.trash/ssh_host_rsa_key" >> /etc/ssh/sshd_config
fi
cp /etc/conf.d/sshd /etc/conf.d/sshd.orig cp /etc/conf.d/sshd /etc/conf.d/sshd.orig
cat <<-EOF >> /etc/conf.d/sshd cat <<-EOF >> /etc/conf.d/sshd
sshd_disable_keygen=yes sshd_disable_keygen=yes