#! /bin/bash # This script creates a new ssh key-pair and sets it up to be able to deploy to a specific directory only # Abort on any mistake set -e # configurable constants for this script KEY_DIR=/var/lib/pages-manager/keys/ PAGES_USER=pages DEPLOY_SCRIPT=/home/${PAGES_USER}/deploy.sh mkdir -p "${KEY_DIR}" if [ "$#" -ne 2 ]; then echo "Usage: $0 OWNER REPOSITORY" fi OWNER=$1 REPOSITORY=$2 KEYFILE="${KEY_DIR}/id_${OWNER}.${REPOSITORY}" if [ -e "${KEYFILE}" ]; then echo "Found existing key in ${KEYFILE}, aborting." echo "Printing private key:" cat "${KEYFILE}" exit 1 fi mkdir -p "${KEY_DIR}" chmod 700 "${KEY_DIR}" # generate key ssh-keygen -t ed25519 -f "${KEYFILE}" -N "" -C "deployment key for ${OWNER}/${REPOSITORY}" > /dev/null # add public key echo "command=\"${DEPLOY_SCRIPT} ${OWNER} ${REPOSITORY}\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,restrict $(cat ${KEYFILE}.pub)" >> "/home/${PAGES_USER}/.ssh/authorized_keys" echo "Generate and configured new key in ${KEYFILE}" echo "Printing private key:" cat "${KEYFILE}" exit 0