From fb16412c2b5c7d0264df73c117399ff244a4abee Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Wed, 20 Feb 2013 00:10:36 +0100 Subject: [PATCH] =?utf8?q?Correction=20:=20vm=5Fhosted=20:=20rule=5Finitra?= =?utf8?q?mfs=5Fconfigure=20:=20cl=C3=A9s=20de=20dropbear.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- etc/openssh/known_hosts | 1 - vm_hosted | 26 ++++++++++++-------------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/etc/openssh/known_hosts b/etc/openssh/known_hosts index ece8292..29f803c 100644 --- a/etc/openssh/known_hosts +++ b/etc/openssh/known_hosts @@ -1,4 +1,3 @@ rouf.grenode.net,91.216.110.98 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWolyL7ErNN/uHTAoQFIylOOC9sixbd4i0CNxAcGN0Ht7Z7HpquzwAmRj4JHNgRRTkUFnW0GBOB/E3Py5ckU1CZ8SBZyqt3zrBwO0xybZ6ZWNlzebdgiMU3Ke2p9WfZsAd0HKG9oJjeNJFDVATI/ez0IT8pKFR0AT5wO1u5HHDX3szPl19F5Blk8S3XYc//ZypVTokpH7EDgq+tj8FPERAuwIYl3qAJesR0omwn5Gro87pUhTgqK+9mkXcWacUYsLA6m0uR+1DhdTIHwcsHFoVI+DjwOGmfeI5ZallbgRdmoeTUi1lf1RVu5myoBl6eRob9dLWCtp+7zjp0fmPEDaJ root@rouf -init.ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAmQZqrcEum8Ixy6kKU6AhENis9EmHOg8z0IPjCrF9glZjet66PLTPCulYcPdiBFhPJjxBFiKKp+bY/qiiVphSO7LXYutgzcbH9dKn681w4vsiAxTYIkgQao0AhrmsIMgoY+PZs3spoKt/E8GQq7SLXb9v7VuRcvQbkKIxp+HIc5uvaf8pZnhT2ODJLW1MiYlyIlJp+ZjvrBKd8/2TZaLOAW6P3XUqNQKCocngnDwDJQnq6EbVhrBjfU4CuFPXk9QY5dJjvSdyb5oCXDabHcQNymZwIYFsfdSjswpoDQH/bzqN0LhlvKYTauUoZNvMQ6FhHb5eiSBOv4vfJM8bJ/EftcT+Lz27u3KD7RePZudNJen75rB99UPWfcc1HkWS6I7pX4wzKtd9cUyx7qqpN7wn9G1RLYDbZ2Zo7AFJeHGdkIZ+SBEdFXuPc7W7p33A7VoRG1U/2Cq8DAiD6FpBYYYscFiacW2oGr913sYKWbSF1QxzmHHIefyio6+GthNHXebXkj3mS7DZGhEDtMq5WO5yhd3kGKsA5z67K0tdf5yte9ACOIVPJ7Ttg/adDHYVKM9Hr8PLX1OpCEuZu4CtX3F+BBH0dn3mLkBFpnHlXdN5mGNw/FDHFSO63t61xSJjM7PJG2/KOREr/5naYhEypG4FwLrbvjFq7dCwcywh+A0a4t6w98= ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ== 91.216.110.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ== diff --git a/vm_hosted b/vm_hosted index a92477c..81dec85 100755 --- a/vm_hosted +++ b/vm_hosted @@ -163,23 +163,18 @@ rule_initramfs_configure () { sudo sed -e '/^configure_networking /s/ &$//' \ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré.. - sudo rm -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac done; return 1 ) || + { + sudo rm -f \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub sudo dropbearkey -t rsa -s 4096 -f \ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key - ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | - ( while IFS= read -r line - do case $line in (*" DSA") return 0; break;; esac - done; return 1 ) || - sudo dropbearkey -t dss -s 1024 -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key + } + # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins. mk_dir mod=640 own=root:root \ /etc/initramfs-tools/root \ /etc/initramfs-tools/root/.ssh @@ -425,7 +420,7 @@ rule_user_root_configure () { done done | mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys - local key + local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo gpg --import "$key" done @@ -449,6 +444,10 @@ rule_disk_key_change () { sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root } +rule_user_admin_configure () { + rule initramfs_configure + rule user_root_configure + } rule_user_admin_add () { # SYNTAX: $user local user=$1 id "$user" >/dev/null || @@ -458,12 +457,11 @@ rule_user_admin_add () { # SYNTAX: $user sudo adduser "$user" sudo mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \ <"$tool"/var/pub/ssh/"$user".key - rule initramfs_configure - rule user_root_configure local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo -u "$user" gpg --import "$key" done + rule user_admin_configure } rule_user_mail_format () { mk_dir mod=770 own=root:adm /etc/skel/etc/procmail -- 2.20.1