Module Name: src
Committed By: jmcneill
Date: Thu Jul 1 18:05:45 UTC 2021
Modified Files:
src/distrib/utils/embedded/files: ec2_init
Log Message:
AWS marketplace does not allow root ssh logins. Create an ec2-user account
and install the ssh key in that user's home directory instead.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/distrib/utils/embedded/files/ec2_init
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/utils/embedded/files/ec2_init
diff -u src/distrib/utils/embedded/files/ec2_init:1.1 src/distrib/utils/embedded/files/ec2_init:1.2
--- src/distrib/utils/embedded/files/ec2_init:1.1 Fri Nov 30 20:53:02 2018
+++ src/distrib/utils/embedded/files/ec2_init Thu Jul 1 18:05:45 2021
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $
+# $NetBSD: ec2_init,v 1.2 2021/07/01 18:05:45 jmcneill Exp $
#
# PROVIDE: ec2_init
# REQUIRE: NETWORKING
@@ -13,24 +13,37 @@ rcvar=${name}
start_cmd="ec2_init"
stop_cmd=":"
+EC2_USER="ec2-user"
METADATA_URL="http://169.254.169.254/latest/meta-data/";
SSH_KEY_URL="public-keys/0/openssh-key"
HOSTNAME_URL="hostname"
-SSH_KEY_FILE="/root/.ssh/authorized_keys"
+SSH_KEY_FILE="/home/${EC2_USER}/.ssh/authorized_keys"
+
+ec2_newuser()
+{
+ echo "Creating EC2 user account ${EC2_USER}"
+ useradd -g users -G wheel,operator -m "${EC2_USER}"
+}
ec2_init()
{
(
umask 022
+
+ # create EC2 user
+ id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser
+
# fetch the key pair from Amazon Web Services
EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}")
if [ -n "$EC2_SSH_KEY" ]; then
# A key pair is associated with this instance, add it
- # to root 'authorized_keys' file
+ # to EC2_USER's 'authorized_keys' file
mkdir -p $(dirname "$SSH_KEY_FILE")
+ chown "${EC2_USER}:users" $(dirname "$SSH_KEY_FILE")
touch "$SSH_KEY_FILE"
+ chown "${EC2_USER}:users" "$SSH_KEY_FILE"
cd $(dirname "$SSH_KEY_FILE")
grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE"
