From e87bc6f92a6e07efc6945390577150d6284d5dfc Mon Sep 17 00:00:00 2001 From: Roger Luethi Date: Fri, 3 Oct 2014 10:17:50 +0200 Subject: [PATCH] labs: rewrite enable_vagrant_ssh_keys.sh Split the code into two functions: get_vagrant_key: download a Vagrant insecure key (if necessary) and copy it to ~/.ssh. authorize_vagrant_key: authorize a Vagrant insecure key for logins into the VM. Change-Id: Id420aa14a48aac9e9c2814e0b4cdcbded90f0560 --- .../scripts/osbash/enable_vagrant_ssh_keys.sh | 58 ++++++++++++------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/labs/scripts/osbash/enable_vagrant_ssh_keys.sh b/labs/scripts/osbash/enable_vagrant_ssh_keys.sh index 7be3a77c..ec2b9d8f 100755 --- a/labs/scripts/osbash/enable_vagrant_ssh_keys.sh +++ b/labs/scripts/osbash/enable_vagrant_ssh_keys.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -o errexit -o nounset -# This script installs the unsecure Vagrant ssh keys. This allows users to +# This script installs the insecure Vagrant ssh keys. This allows users to # log into the VMs using these keys instead of a password. TOP_DIR=$(cd $(dirname "$0")/.. && pwd) @@ -12,27 +12,45 @@ indicate_current_auto exec_logfile -function install_vagrant_public_key { - local VAGRANT_KEY_NAME="vagrant.pub" - local KEY_URL=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$VAGRANT_KEY_NAME - local VAGRANT_KEY_DIR=$LIB_DIR/vagrant-ssh-keys +mkdir -p "$HOME/.ssh" +chmod 700 "$HOME/.ssh" - if [ ! -f "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" ]; then - wget --output-document "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" "$KEY_URL" - if [ $? -ne 0 ]; then - echo >&2 "Error when downloading $KEY_URL" - return 1 +# Install the requested Vagrant insecure key to $HOME/.ssh. Keep a copy in +# $LIB_DIR/vagrant-ssh-keys (cache if the directory is shared with the host). +function get_vagrant_key { + local key_name=$1 + local key_url=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$key_name + local vagrant_key_dir=$LIB_DIR/vagrant-ssh-keys + + if [ -f "$HOME/.ssh/$key_name" ]; then + echo "Vagrant insecure key already installed: $HOME/.ssh/$key_name." + else + if [ ! -f "$vagrant_key_dir/$key_name" ]; then + echo "Downloading Vagrant insecure key $key_name." + wget --output-document "$vagrant_key_dir/$key_name" "$key_url" + if [ $? -ne 0 ]; then + echo >&2 "Error when downloading $key_url" + return 1 + fi fi + echo "Installing Vagrant insecure key $key_name." + cp -v "$vagrant_key_dir/$key_name" "$HOME/.ssh" fi - - mkdir -p "$HOME/.ssh" - chmod 700 "$HOME/.ssh" - cat "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" >> "$HOME/.ssh/authorized_keys" - chmod 400 "$HOME/.ssh/authorized_keys" } -if grep -qs "vagrant insecure public key" "$HOME/.ssh/authorized_keys"; then - echo "Vagrant insecure public key already installed" -else - install_vagrant_public_key -fi +# Authorize named key for ssh logins into this VM. +function authorize_vagrant_key { + local pub_key_path=$1 + local auth_key_path=$HOME/.ssh/authorized_keys + if grep -qs "vagrant insecure public key" "$auth_key_path"; then + echo "Already authorized." + else + cat "$pub_key_path" >> "$auth_key_path" + fi +} + +get_vagrant_key "vagrant.pub" +chmod 444 "$HOME/.ssh/vagrant.pub" + +echo "Authorizing Vagrant public key (connections from host and other VMs)." +authorize_vagrant_key "$HOME/.ssh/vagrant.pub"