From a19b9843f78ecf2a6f67fe72c8ac3ef683d7482d Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 5 Apr 2016 12:39:24 +0300
Subject: [PATCH] - ssh_config is generated by a Make target, removed copy from
 git and listed in   gitignore. - Split test Make target to a few targets
 (files that are generated). - Adjusted test Make target for different key
 types.

---
 .gitignore |  1 +
 Makefile   | 46 +++++++++++++++++++++++++++++++++++++---------
 ssh-ca     | 14 +++++++-------
 ssh_config |  6 ------
 4 files changed, 45 insertions(+), 22 deletions(-)
 delete mode 100644 ssh_config

diff --git a/.gitignore b/.gitignore
index 14a9a04..1ab3379 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ hosts/
 sshd.pid
 known_hosts
 sshd_config
+ssh_config
diff --git a/Makefile b/Makefile
index 5ccf019..2924f50 100644
--- a/Makefile
+++ b/Makefile
@@ -1,13 +1,45 @@
 .PHONY: install clean test lint
 
+USERNAME = $$(whoami)
+
+CA CA.pub users hosts:
+	./ssh-ca init
+
+users/$(USERNAME): users CA CA.pub
+	./ssh-ca newuser $(USERNAME)
+
+hosts/localhost: hosts CA CA.pub
+	./ssh-ca newhost localhost
+
+known_hosts: CA.pub
+	echo "@cert-authority * $$(cat CA.pub)" > known_hosts
 
 sshd_config:
 	@echo "ListenAddress 127.0.0.1:22222" > sshd_config
-	@echo "HostKey $$PWD/hosts/localhost" >> sshd_config
-	@echo "TrustedUserCAKeys $$PWD/CA.pub" >> sshd_config
-	@echo "HostCertificate $$PWD/hosts/localhost-cert.pub" >> sshd_config
+	@echo "HostKey $$PWD/hosts/localhost/ssh_host_rsa_key" >> sshd_config
+	@echo "HostKey $$PWD/hosts/localhost/ssh_host_dsa_key" >> sshd_config
+	@echo "HostKey $$PWD/hosts/localhost/ssh_host_ecdsa_key" >> sshd_config
+	@echo "HostKey $$PWD/hosts/localhost/ssh_host_ed25519_key" >> sshd_config
+	@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_rsa_key-cert.pub" >> sshd_config
+	@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_dsa_key-cert.pub" >> sshd_config
+	@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_ecdsa_key-cert.pub" >> sshd_config
+	@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_ed25519_key-cert.pub" >> sshd_config
 	@echo "PidFile sshd.pid" >> sshd_config
 	@echo "UsePrivilegeSeparation no" >> sshd_config
+	@echo "MaxAuthTries 20" >> sshd_config
+	@echo "TrustedUserCAKeys $$PWD/CA.pub" >> sshd_config
+
+ssh_config:
+	@echo "Host test" > ssh_config
+	@echo "HostName localhost" >> ssh_config
+	@echo "Port 22222"  >> ssh_config
+	@echo "IdentityFile users/%u/id_rsa" >> ssh_config
+	@echo "IdentityFile users/%u/id_dsa" >> ssh_config
+	@echo "IdentityFile users/%u/id_ecdsa" >> ssh_config
+	@echo "IdentityFile users/%u/id_ed25519" >> ssh_config
+	@echo "UserKnownHostsFile known_hosts" >> ssh_config
+	@echo "StrictHostKeyChecking yes" >> ssh_config
+	@echo "BatchMode yes" >> ssh_config
 
 install:
 	cp ssl-ca /usr/local/bin/ssh-ca
@@ -15,16 +47,12 @@ install:
 
 clean:
 	if [ -f sshd.pid ] && [ -d "/proc/$$(cat sshd.pid)" ]; then kill "$$(cat sshd.pid)"; fi
-	rm -rf CA CA.pub users hosts known_hosts sshd.pid sshd_config
+	rm -rf CA CA.pub users hosts known_hosts sshd.pid sshd_config ssh_config
 
 lint:
 	/bin/sh -en ssh-ca
 
-test: clean sshd_config lint
-	./ssh-ca init
-	./ssh-ca newuser $$USER
-	./ssh-ca newhost localhost
-	echo "@cert-authority * $$(cat CA.pub)" > known_hosts
+test: lint clean ssh_config sshd_config CA CA.pub users/$(USERNAME) hosts/localhost known_hosts
 	$$(PATH=$$PATH:/usr/local/sbin:/usr/sbin:/sbin which sshd) -f sshd_config
 	test "$$(ssh -F ssh_config test whoami)" = "$$USER"
 	kill $$(cat sshd.pid)
diff --git a/ssh-ca b/ssh-ca
index cbcf63a..9a7b3d9 100755
--- a/ssh-ca
+++ b/ssh-ca
@@ -8,7 +8,7 @@ error () {
 [ $(which ssh-keygen) ] || \
     error "Can't find ssh-keygen. Is OpenSSH installed properly?"
 
-local key_types="dsa ecdsa ed25519 rsa"
+key_types="dsa ecdsa ed25519 rsa"
 
 usage () {
     echo "Usage: $0 init|newuser|newhost"
@@ -21,7 +21,7 @@ init () {
 }
 
 is_initialized () {
-    if [ ! -r "CA" ] || [ ! -r "CA.pub" ] || [ -d "users" ] || [ -d "hosts" ]
+    if [ ! -r "CA" ] || [ ! -r "CA.pub" ] || [ ! -d "users" ] || [ ! -d "hosts" ]
     then
         error "Something seems wrong. Did you run $0 init?"
     fi
@@ -38,7 +38,7 @@ signuser () {
             local flag="not empty"
         fi
     done
-    [ -z "$flag" ] && echo "Didn't find any public keys for $1."
+    [ -n "$flag" ] ||  echo "Didn't find any public keys for $1."
 }
 
 signhost () {
@@ -53,14 +53,14 @@ signhost () {
             local flag="not empty"
         fi
     done
-    [ -z "$flag" ] && echo "Didn't find any public keys for $1."
+    [ -n "$flag" ] || echo "Didn't find any public keys for $1."
 }
 
 newhost () {
     [ -z "$1" ] && error "You must specify hostname."
     echo "Creating new host $1 keypair."
     mkdir -p "hosts/$1"
-    for type in "$key_types"
+    for type in $key_types
     do
         ssh-keygen -qf "hosts/$1/ssh_host_${type}_key" -P "" -C "$1"
     done
@@ -69,10 +69,10 @@ newhost () {
 
 newuser () {
     [ -z "$1" ] && error "You must specify username."
-    echo "Creating new user $1 keypair."
     mkdir -p "users/$1"
-    for type in "$key_types"
+    for type in $key_types
     do
+        echo "Creating new user $1 $type keypair."
         ssh-keygen -qf "users/$1/id_${type}" -P "" -C "$1"
     done
     signuser "$1"
diff --git a/ssh_config b/ssh_config
deleted file mode 100644
index a841a3b..0000000
--- a/ssh_config
+++ /dev/null
@@ -1,6 +0,0 @@
-Host test
-HostName localhost
-Port 22222
-IdentityFile users/%u
-UserKnownHostsFile known_hosts
-StrictHostKeyChecking yes
-- 
GitLab