Commit 4b368a51 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

support for /var/ssh_ids

parent f146b30e
......@@ -34,10 +34,16 @@ If that file exists, it is used as a template for `/etc/ssh/ssh_known_hosts` wit
This is where cron's public key will be placed. Volume-mount it into other containers to be able to use it (you can even use `inotify-watch` to watch it).
- `/var/known_hosts`
- `/var/known_hosts`
This directory contains public keys to be used in `/etc/ssh/ssh_known_hosts`; the directory is *not* watched for changes! Host public keys found there will be added to `/etc/ssh/ssh_known_hosts` with "`* `" appended in front of it. If you're looking for a more fine-grained control, look at `SSH_KNOWN_HOSTS` and `/etc/ssh/ssh_known_hosts.template`.
- `/var/ssh_ids`
This directory contains private SSH ID keys to be used copied into `/home/$SSH_USER/.ssh/`; the directory is *not* watched for changes! It is useful when an SSH ID private key file is to be volume-mounted within the container, but the permissions on the host system cannot be changed in a way that would let `$SSH_USER` access it (and hence direct volume-mounting in `/home/$SSH_USER/.ssh/` will not work).
Files are copied and ownership of the copies is changed to let `$SSH_USER` use them.
- `/etc/cron.d/` (this has to be read-write, for `root`->`cron` user replacements)
- `/etc/cron.daily/` (can be read-only)
- `/etc/cron.weekly/` (can be read-only)
......
......@@ -7,6 +7,10 @@ HOMEDIR="/home/cron"
KEYSDIR="/var/pubkeys"
KNOWNHOSTSDIR="/var/known_hosts"
# directory with ssh id files to make available to the SSH_USER
# used when keyfiles are root-owned and ownership cannot be changed
SSHIDSDIR="/var/ssh_ids"
# add our own keys to /etc/ssh/ssh_known_hosts
if [ ! -e /etc/ssh/ssh_known_hosts ]; then
echo "+-- setting up /etc/ssh/ssh_known_hosts..."
......@@ -41,8 +45,15 @@ fi
echo "+-- .ssh dir..."
[ ! -e "$HOMEDIR/.ssh/" ] && mkdir -p "${HOMEDIR}/.ssh"
# handle ssh id files, if any
echo "+-- copying SSH ID files from $SSHIDSDIR, if any"
for sshid in "$SSHIDSDIR"/*; do
echo " +-- $sshid..."
cp "$sshid" "${HOMEDIR}/.ssh/$( basename $sshid )"
done
# do we have the keys? if not, create...
echo "+-- id_rsa..."
echo "+-- id_rsa, if doesn't exist yet..."
if [ ! -e "${HOMEDIR}/.ssh/id_rsa" ]; then
echo " +-- creating..."
# ...with an empty password, of course
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment