Insert Google DNS Server instead of ungleich's

Put ssh configuration in sshd_config instead of ssh_config
Fix growpart command argument
Correctly, insert ssh keys
This commit is contained in:
ahmadbilalkhalid 2019-08-24 10:53:34 +00:00
parent 3d3d83ad07
commit 793056b72b
1 changed files with 19 additions and 15 deletions

View File

@ -14,6 +14,7 @@ get_distro() {
ssh_authorized_keys_path='/root/.ssh/authorized_keys'
ssh_config_path='/etc/ssh/ssh_config'
sshd_config_path='/etc/ssh/sshd_config'
etc_resolv_path='/etc/resolv.conf'
# Show output of this script
if [[ ! -e /etc/conf.d/local ]] && ! grep -q "rc_verbose=yes" /etc/conf.d/local; then
@ -23,8 +24,10 @@ fi
# Check if rdnssd is installed, if not put ungleich DNS
# into /etc/resolv.conf and install rdnssd for the next time
if ! $(which rdnssd); then
echo "nameserver 2a0a:e5c0::3" >> /etc/resolv.conf
echo "nameserver 2a0a:e5c0::4" >> /etc/resolv.conf
echo "nameserver 2001:4860:4860::8888" >> $etc_resolv_path
echo "nameserver 2001:4860:4860::8844" >> $etc_resolv_path
echo "nameserver 8.8.8.8" >> $etc_resolv_path
echo "nameserver 8.8.4.4" >> $etc_resolv_path
apk add ndisc6
fi
@ -39,14 +42,13 @@ if [[ $(get_distro) = "alpine" ]]; then
apk add openssh-server sfdisk util-linux jq
touch $ssh_authorized_keys_path
if ! grep -q "PasswordAuthentication no" $ssh_config_path; then
echo "PasswordAuthentication no" >> $ssh_config_path
if ! grep -q "PasswordAuthentication no" $sshd_config_path; then
echo "PasswordAuthentication no" >> $sshd_config_path
fi
if ! grep -q "PermitRootLogin prohibit-password" $sshd_config_path; then
echo "PermitRootLogin prohibit-password" >> $sshd_config_path
if ! grep -q "PermitRootLogin yes" $sshd_config_path; then
echo "PermitRootLogin yes" >> $sshd_config_path
fi
service sshd restart
else
echo "Unsupported OS"
exit 1
@ -56,19 +58,21 @@ fi
wget https://git.launchpad.net/ubuntu/+source/cloud-utils/plain/bin/growpart
if [ -e growpart ]; then
sh ./growpart /dev/vda3; rm growpart
sh ./growpart /dev/vda 3; rm growpart
fi
# TODO: Make sure to replace the following address with http://metadata
# whenever we got http://metadata resolving to url work successfully.
metadata=$(curl http://[2a0a:e5c1:144::]:5000)
echo "$metadata" | jq -r '.["ssh-key-list"] | .[]' > ssh-key-list.txt
while read ssh_key; do
if ! grep -q "$ssh_key" $ssh_authorized_keys_path; then
echo $ssh_key >> $ssh_authorized_keys_path
fi
ssh_key=$(echo $metadata | jq '.["ssh-key"]')
ssh_key=echo $metadata | sed 's/"//g' # Removes quotation marks
done < ssh-key-list.txt
rm -f ssh-key-list.txt
# ssh_key="${ssh_key:1:-1}" # Removes quotation marks
if ! grep -q "$ssh_key" $ssh_authorized_keys_path; then
echo $ssh_key >> $ssh_authorized_keys_path
fi
service sshd restart