2020-11-20 22:47:05 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
2020-11-20 22:47:50 +00:00
|
|
|
set -o errexit
|
|
|
|
|
set -o nounset
|
|
|
|
|
set -o pipefail
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Helper functions
|
|
|
|
|
#
|
|
|
|
|
declare -i term_width=120
|
|
|
|
|
|
2020-12-30 14:19:10 +00:00
|
|
|
host=${1}
|
|
|
|
|
key=${2}
|
2020-12-02 18:03:46 +00:00
|
|
|
|
2020-11-20 22:47:50 +00:00
|
|
|
h2() {
|
|
|
|
|
printf '\e[1;33m==>\e[37;1m %s\e[0m\n' "$*"
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-20 22:47:05 +00:00
|
|
|
SSHD_CONFIG=/etc/ssh/sshd_config
|
|
|
|
|
CA_FILE=/etc/ssh/trusted-ca.pem
|
2020-12-02 18:03:46 +00:00
|
|
|
VAULT_CERT="https://${host}/v1/${key}/public_key"
|
|
|
|
|
|
|
|
|
|
echo $VAULT_CERT
|
2020-11-20 22:47:05 +00:00
|
|
|
|
|
|
|
|
if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
|
2020-11-20 22:47:50 +00:00
|
|
|
h2 "Add new TrustedUserCAKeys"
|
|
|
|
|
curl -s -o $CA_FILE $VAULT_CERT
|
|
|
|
|
echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
|
2020-11-20 22:47:05 +00:00
|
|
|
else
|
|
|
|
|
CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
|
2020-11-20 22:47:50 +00:00
|
|
|
h2 "Attach trusted CA to ${CA_FILE}"
|
|
|
|
|
curl -s $VAULT_CERT >> $CA_FILE
|
2020-11-20 22:47:05 +00:00
|
|
|
fi
|
2020-11-20 22:47:50 +00:00
|
|
|
|
|
|
|
|
h2 "Restart sshd service"
|
|
|
|
|
systemctl restart sshd
|
|
|
|
|
h2 "Done."
|
