Commit 165a61f4 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

/var/known_hosts support added

parent b5fd005b
......@@ -34,6 +34,10 @@ If that file exists, it is used as a template for `/etc/ssh/ssh_known_hosts` wit
This is where cron's public key will be placed. Volume-mount it into other containers to be able to use it (you can even use `inotify-watch` to watch it).
- `/var/known_hosts`
This directory contains public keys to be used in `/etc/ssh/ssh_known_hosts`; the directory is *not* watched for changes! Host public keys found there will be added to `/etc/ssh/ssh_known_hosts` with "`* `" appended in front of it. If you're looking for a more fine-grained control, look at `SSH_KNOWN_HOSTS` and `/etc/ssh/ssh_known_hosts.template`.
- `/etc/cron.d/` (this has to be read-write, for `root`->`cron` user replacements)
- `/etc/cron.daily/` (can be read-only)
- `/etc/cron.weekly/` (can be read-only)
......
......@@ -5,6 +5,7 @@ set -e
# users' home directory
HOMEDIR="/home/cron"
KEYSDIR="/var/pubkeys"
KNOWNHOSTSDIR="/var/known_hosts"
# add our own keys to /etc/ssh/ssh_known_hosts
if [ ! -e /etc/ssh/ssh_known_hosts ]; then
......@@ -14,8 +15,16 @@ if [ ! -e /etc/ssh/ssh_known_hosts ]; then
echo " +-- basing on template file: /etc/ssh/ssh_known_hosts.template"
cat /etc/ssh/ssh_known_hosts.template > /etc/ssh/ssh_known_hosts
fi
# own host pubkey
echo " +-- adding local ECDSA pubkey from: /etc/ssh/ssh_host_ecdsa_key.pub"
echo -e "\n* $( cat /etc/ssh/ssh_host_ecdsa_key.pub )" >> /etc/ssh/ssh_known_hosts
# individual known hosts keys from $KNOWNHOSTSDIR
echo "+-- adding local host keys from $KNOWNHOSTSDIR, if any..."
for kh in "$KNOWNHOSTSDIR"/*; do
echo " +-- $kh"
echo -e "\n* $( cat "$kh" )" >> /etc/ssh/ssh_known_hosts
done
echo " +-- done."
# if SSH_KNOWN_HOSTS is nonempty, let's add that to ssh_known_hosts
if [ ! -z ${SSH_KNOWN_HOSTS+x} ]; then
echo " +-- adding known hosts from SSH_KNOWN_HOSTS:"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment