Compare commits
1 Commits
6718b1c311
...
61c3b4eb66
Author | SHA1 | Date |
---|---|---|
macmpi | 61c3b4eb66 |
|
@ -22,7 +22,7 @@ From there, system install can be performed as usual with `setup-alpine` for ins
|
||||||
Add-on files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (sample files are provided):
|
Add-on files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (sample files are provided):
|
||||||
- `wpa_supplicant.conf`[^2] (*mandatory for wifi usecase*): define wifi SSID & password.
|
- `wpa_supplicant.conf`[^2] (*mandatory for wifi usecase*): define wifi SSID & password.
|
||||||
- `interfaces`[^2] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
|
- `interfaces`[^2] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
|
||||||
- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^1] (not stored).
|
- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^1] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
|
||||||
- `unattended.sh`[^2] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).
|
- `unattended.sh`[^2] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).
|
||||||
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -94,10 +94,6 @@ cat <<-EOF >> /etc/ssh/sshd_config
|
||||||
Banner /tmp/.trash/banner
|
Banner /tmp/.trash/banner
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<-EOF >> /etc/conf.d/sshd
|
|
||||||
sshd_disable_keygen=yes
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# banner file
|
# banner file
|
||||||
cat <<-EOF > /tmp/.trash/banner
|
cat <<-EOF > /tmp/.trash/banner
|
||||||
|
|
||||||
|
@ -107,6 +103,7 @@ cat <<-EOF > /tmp/.trash/banner
|
||||||
|
|
||||||
# bundled temporary keys are moved in RAM /tmp so they won't be stored
|
# bundled temporary keys are moved in RAM /tmp so they won't be stored
|
||||||
# within permanent config later (new ones will then be generated)
|
# within permanent config later (new ones will then be generated)
|
||||||
|
KEYGEN_STANCE="sshd_disable_keygen=yes"
|
||||||
mv /etc/ssh/ssh_host_*_key* /tmp/.trash/.
|
mv /etc/ssh/ssh_host_*_key* /tmp/.trash/.
|
||||||
# inject optional custom keys (those might be stored)
|
# inject optional custom keys (those might be stored)
|
||||||
if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
|
if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
|
||||||
|
@ -115,8 +112,18 @@ if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
|
||||||
HostKey /tmp/.trash/ssh_host_ed25519_key
|
HostKey /tmp/.trash/ssh_host_ed25519_key
|
||||||
HostKey /tmp/.trash/ssh_host_rsa_key
|
HostKey /tmp/.trash/ssh_host_rsa_key
|
||||||
EOF
|
EOF
|
||||||
|
else
|
||||||
|
# look for empty key within injected ones: generate new keys if found
|
||||||
|
if find /etc/ssh/ -maxdepth 1 -type f -name 'ssh_host_*_key*' -empty | grep -q .; then
|
||||||
|
rm /etc/ssh/ssh_host_*_key*
|
||||||
|
KEYGEN_STANCE=""
|
||||||
|
logger -st ${0##*/} "Will generate new SSH keys..."
|
||||||
|
else
|
||||||
|
logger -st ${0##*/} "Using injected SSH keys..."
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "$KEYGEN_STANCE" >> /etc/conf.d/sshd
|
||||||
rc-service sshd start
|
rc-service sshd start
|
||||||
|
|
||||||
## Prep for final post-cleanup
|
## Prep for final post-cleanup
|
||||||
|
|
Loading…
Reference in New Issue