From dac4eb0fb49b09669562a213037b015408ee6404 Mon Sep 17 00:00:00 2001 From: Thomas Merkel Date: Sat, 28 Feb 2015 17:27:34 +0100 Subject: [PATCH] Support mdata variable for /root/.ssh/authorized_keys file This script creates a .ssh folder with minimal permissions, if the directory already exists the permissions will be changed to 700. If the mdata variable `root_authorized_keys` the `authorized_keys` is cleared and a header is added. I also fix the file permissions to be sure we're using the minimal permissions required for `authorized_keys`. --- includes/90-root-authorized-keys.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 includes/90-root-authorized-keys.sh diff --git a/includes/90-root-authorized-keys.sh b/includes/90-root-authorized-keys.sh new file mode 100644 index 0000000..730907f --- /dev/null +++ b/includes/90-root-authorized-keys.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Configure root ssh authorized_keys file if available via mdata + +if mdata-get root_authorized_keys 1>/dev/null 2>&1; then + install --directory --mode=700 /root/.ssh + echo "# This file is managed by mdata-get root_authorized_keys" \ + > /root/.ssh/authorized_keys + mdata-get root_authorized_keys >> /root/.ssh/authorized_keys + chmod 644 /root/.ssh/authorized_keys +fi