Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

Sun, 05 Feb 2017 01:54:07 -0800 

On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> Hi,
> 
> when installing 'throwaway' VMs (manually, not always using autoinstall for
> $REASONS) i've often found myself having to do right after the install:
> install -d -m 700 /root/.ssh
> install -m 600 /dev/null /root/.ssh/authorized_keys
> (or touch /root/.ssh/authorized_keys && chmod 600
> /root/.ssh/authorized_keys, ymmv)
> 
> those are present in /etc/skel for "real" users, so why not creating
> them for the root account ? install.sub also creates /mnt/root/.ssh when
> using autoinstall and giving an ssh pubkey, so that'll be one less step
> to do there.
> 
> We advise ppl to set prohibit-password for PermitRootLogin, so why not make it
> easier to use it ? This ways, the correct modes are set.. i often fat-fingered
> this, to see sshd complaining (rightly!) about bad modes on 
> .ssh/authorized_keys.

Conceptually I'd like this going in.

> Conceptual (untested) diff below for discussion, i'll build a release with it
> depending on the feedback/opinions..
> 
> Landry
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.449
> diff -u -r1.449 Makefile
> --- Makefile  2 Feb 2017 21:35:05 -0000       1.449
> +++ Makefile  5 Feb 2017 09:34:58 -0000
> @@ -110,6 +110,8 @@
>                   ${DESTDIR}/root/.Xdefaults; \
>               ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
>                   ${DESTDIR}/root/.cvsrc; \
> +             ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> +                 ${DESTDIR}/root/.ssh/authorized_keys
>               rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
>               ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
>                   ${DESTDIR}/.cshrc; \
> Index: mtree/4.4BSD.dist
> ===================================================================
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.293
> diff -u -r1.293 4.4BSD.dist
> --- mtree/4.4BSD.dist 27 Dec 2016 09:17:52 -0000      1.293
> +++ mtree/4.4BSD.dist 5 Feb 2017 09:34:58 -0000
> @@ -118,6 +118,8 @@
>  mnt
>  ..
>  root                         mode=0700
> +    .ssh                     uname=root mode=0700
> +    ..
>  ..
>  sbin
>  ..
>

Reply via email to