commit 292af726a22a34e25fcf89363684be8fd77bce9b parent 13374a88b74ac17b8a84d639c553e71716eb768b Author: pyratebeard <root@pyratebeard.net> Date: Fri, 22 Dec 2023 21:33:46 +0000 install expect and sudo Diffstat:
| M | forge | | | 10 | ++++++---- |
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/forge b/forge @@ -49,9 +49,11 @@ apt-get update && \ bash \ coreutils \ dnsutils \ + expect \ fail2ban \ secure-delete \ stow \ + sudo \ tmux \ tree \ unzip \ @@ -115,10 +117,10 @@ sed -i "/^#\ Ciphers\ and\ keying/i TrustedUserCAKeys\ \/etc\/ssh\/${USERCA_KEY} /etc/ssh/sshd_config # hostca self sign -bw get notes "${HOSTCA_KEY}" | tee /etc/ssh/${HOSTCA_KEY} - -ssh-keygen -s /etc/ssh/${HOSTCA_KEY} -h -I $(hostname -s)@$(hostname -d) -n $(hostname -f),$(hostname -s) -V +52w /etc/ssh/ssh_host_ed25519_key.pub -sed -i '/HostKey\ \/etc\/ssh\/ssh_host_ed25519_key/a HostCertificate\ \/etc\/ssh\/ssh_host_ed25519_key-cert.pub' +#bw get notes "5f1af206-bc1c-4900-abc0-b0d90113fb41" | tee /etc/ssh/${HOSTCA_KEY} >/dev/null +#chmod 400 /etc/ssh/${HOSTCA_KEY} +#ssh-keygen -s /etc/ssh/${HOSTCA_KEY} -h -I $(hostname -s)@$(hostname -d) -n $(hostname -f),$(hostname -s) -V +52w /etc/ssh/ssh_host_ed25519_key.pub +#sed -i '/HostKey\ \/etc\/ssh\/ssh_host_ed25519_key/a HostCertificate\ \/etc\/ssh\/ssh_host_ed25519_key-cert.pub' /etc/ssh/sshd_config ## ensure root login is allowed with keys only sed -i 's/.*\(PermitRootLogin\).*/\1 prohibit-password/' /etc/ssh/sshd_config