43 lines
1 KiB
Bash
Executable file
43 lines
1 KiB
Bash
Executable file
#! /bin/bash
|
|
# This script creates a new ssh key-pair and sets it up to be able to deploy to a specific directory only
|
|
|
|
# Abort on any mistake
|
|
set -e
|
|
|
|
# configurable constants for this script
|
|
KEY_DIR=/var/lib/pages-manager/keys/
|
|
PAGES_USER=pages
|
|
DEPLOY_SCRIPT=/home/${PAGES_USER}/deploy.sh
|
|
|
|
mkdir -p "${KEY_DIR}"
|
|
|
|
|
|
if [ "$#" -ne 1 ]; then
|
|
echo "Usage: $0 DEPLOY_SUBDIR"
|
|
fi
|
|
|
|
KEYNAME=$1
|
|
|
|
KEYFILE="${KEY_DIR}/id_${KEYNAME/\//.}"
|
|
|
|
if [ -e "${KEYFILE}" ]; then
|
|
echo "Found existing key in ${KEYFILE}, aborting."
|
|
echo "Printing private key:"
|
|
cat "${KEYFILE}"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p "${KEY_DIR}"
|
|
chmod 700 "${KEY_DIR}"
|
|
|
|
# generate key
|
|
ssh-keygen -t ed25519 -f "${KEYFILE}" -N "" -C "deployment key for ${KEYNAME}" > /dev/null
|
|
|
|
# add public key
|
|
echo "command=\"${DEPLOY_SCRIPT} ${KEYNAME}\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,restrict $(cat ${KEYFILE}.pub)" >> "/home/${PAGES_USER}/.ssh/authorized_keys"
|
|
|
|
echo "Generate and configured new key in ${KEYFILE}"
|
|
echo "Printing private key:"
|
|
cat "${KEYFILE}"
|
|
exit 0
|
|
|