Skip to content
Snippets Groups Projects
Commit a19b9843 authored by nimrod's avatar nimrod
Browse files

- ssh_config is generated by a Make target, removed copy from git and listed in

  gitignore.
- Split test Make target to a few targets (files that are generated).
- Adjusted test Make target for different key types.
parent 51a362ba
Branches
No related tags found
No related merge requests found
......@@ -8,3 +8,4 @@ hosts/
sshd.pid
known_hosts
sshd_config
ssh_config
.PHONY: install clean test lint
USERNAME = $$(whoami)
CA CA.pub users hosts:
./ssh-ca init
users/$(USERNAME): users CA CA.pub
./ssh-ca newuser $(USERNAME)
hosts/localhost: hosts CA CA.pub
./ssh-ca newhost localhost
known_hosts: CA.pub
echo "@cert-authority * $$(cat CA.pub)" > known_hosts
sshd_config:
@echo "ListenAddress 127.0.0.1:22222" > sshd_config
@echo "HostKey $$PWD/hosts/localhost" >> sshd_config
@echo "TrustedUserCAKeys $$PWD/CA.pub" >> sshd_config
@echo "HostCertificate $$PWD/hosts/localhost-cert.pub" >> sshd_config
@echo "HostKey $$PWD/hosts/localhost/ssh_host_rsa_key" >> sshd_config
@echo "HostKey $$PWD/hosts/localhost/ssh_host_dsa_key" >> sshd_config
@echo "HostKey $$PWD/hosts/localhost/ssh_host_ecdsa_key" >> sshd_config
@echo "HostKey $$PWD/hosts/localhost/ssh_host_ed25519_key" >> sshd_config
@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_rsa_key-cert.pub" >> sshd_config
@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_dsa_key-cert.pub" >> sshd_config
@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_ecdsa_key-cert.pub" >> sshd_config
@echo "HostCertificate $$PWD/hosts/localhost/ssh_host_ed25519_key-cert.pub" >> sshd_config
@echo "PidFile sshd.pid" >> sshd_config
@echo "UsePrivilegeSeparation no" >> sshd_config
@echo "MaxAuthTries 20" >> sshd_config
@echo "TrustedUserCAKeys $$PWD/CA.pub" >> sshd_config
ssh_config:
@echo "Host test" > ssh_config
@echo "HostName localhost" >> ssh_config
@echo "Port 22222" >> ssh_config
@echo "IdentityFile users/%u/id_rsa" >> ssh_config
@echo "IdentityFile users/%u/id_dsa" >> ssh_config
@echo "IdentityFile users/%u/id_ecdsa" >> ssh_config
@echo "IdentityFile users/%u/id_ed25519" >> ssh_config
@echo "UserKnownHostsFile known_hosts" >> ssh_config
@echo "StrictHostKeyChecking yes" >> ssh_config
@echo "BatchMode yes" >> ssh_config
install:
cp ssl-ca /usr/local/bin/ssh-ca
......@@ -15,16 +47,12 @@ install:
clean:
if [ -f sshd.pid ] && [ -d "/proc/$$(cat sshd.pid)" ]; then kill "$$(cat sshd.pid)"; fi
rm -rf CA CA.pub users hosts known_hosts sshd.pid sshd_config
rm -rf CA CA.pub users hosts known_hosts sshd.pid sshd_config ssh_config
lint:
/bin/sh -en ssh-ca
test: clean sshd_config lint
./ssh-ca init
./ssh-ca newuser $$USER
./ssh-ca newhost localhost
echo "@cert-authority * $$(cat CA.pub)" > known_hosts
test: lint clean ssh_config sshd_config CA CA.pub users/$(USERNAME) hosts/localhost known_hosts
$$(PATH=$$PATH:/usr/local/sbin:/usr/sbin:/sbin which sshd) -f sshd_config
test "$$(ssh -F ssh_config test whoami)" = "$$USER"
kill $$(cat sshd.pid)
......@@ -8,7 +8,7 @@ error () {
[ $(which ssh-keygen) ] || \
error "Can't find ssh-keygen. Is OpenSSH installed properly?"
local key_types="dsa ecdsa ed25519 rsa"
key_types="dsa ecdsa ed25519 rsa"
usage () {
echo "Usage: $0 init|newuser|newhost"
......@@ -21,7 +21,7 @@ init () {
}
is_initialized () {
if [ ! -r "CA" ] || [ ! -r "CA.pub" ] || [ -d "users" ] || [ -d "hosts" ]
if [ ! -r "CA" ] || [ ! -r "CA.pub" ] || [ ! -d "users" ] || [ ! -d "hosts" ]
then
error "Something seems wrong. Did you run $0 init?"
fi
......@@ -38,7 +38,7 @@ signuser () {
local flag="not empty"
fi
done
[ -z "$flag" ] && echo "Didn't find any public keys for $1."
[ -n "$flag" ] || echo "Didn't find any public keys for $1."
}
signhost () {
......@@ -53,14 +53,14 @@ signhost () {
local flag="not empty"
fi
done
[ -z "$flag" ] && echo "Didn't find any public keys for $1."
[ -n "$flag" ] || echo "Didn't find any public keys for $1."
}
newhost () {
[ -z "$1" ] && error "You must specify hostname."
echo "Creating new host $1 keypair."
mkdir -p "hosts/$1"
for type in "$key_types"
for type in $key_types
do
ssh-keygen -qf "hosts/$1/ssh_host_${type}_key" -P "" -C "$1"
done
......@@ -69,10 +69,10 @@ newhost () {
newuser () {
[ -z "$1" ] && error "You must specify username."
echo "Creating new user $1 keypair."
mkdir -p "users/$1"
for type in "$key_types"
for type in $key_types
do
echo "Creating new user $1 $type keypair."
ssh-keygen -qf "users/$1/id_${type}" -P "" -C "$1"
done
signuser "$1"
......
Host test
HostName localhost
Port 22222
IdentityFile users/%u
UserKnownHostsFile known_hosts
StrictHostKeyChecking yes
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment