b6ba3cc975
since gl-shell-setup runs as root, the comment in the generated key was 'root@...' instead of whatever userid it was being created for. This does not affect gitolite or ssh but it seems some people don't treat "comment" and "comment" and actually *do* stuff with it. (only code is from author; commit message is from committer)
78 lines
2.1 KiB
Bash
Executable file
78 lines
2.1 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# WARNING 1: probably contains bashisms galore. If you don't have bash,
|
|
# please install it.
|
|
|
|
# NOTE 1: this script is run as root.
|
|
|
|
# ------------------------------------------------------------------------------
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# BEGIN site-local changes
|
|
|
|
# the full path to the new login shell to replace these users' existing shell
|
|
new_shell="/usr/local/bin/gl-shell"
|
|
|
|
my_chsh() {
|
|
# please replace with appropriate command for your OS/distro. This one is
|
|
# suitable at least for Fedora, maybe others also
|
|
chsh -s $new_shell $1 >&2
|
|
}
|
|
|
|
# remove these 2 lines after you have done your customisation
|
|
[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using >&2; exit 1; }
|
|
|
|
# END site-local changes
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
die() { echo "FATAL: $@" >&2; exit 1; }
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
euid=$(perl -e 'print $>')
|
|
if [ "$euid" = "0" ]
|
|
then
|
|
|
|
[ -n "$1" ] || die "need a valid username"
|
|
user=$1
|
|
id $user >/dev/null || die "need a valid username"
|
|
|
|
# now fix up the user's login shell
|
|
my_chsh $user
|
|
|
|
pubkey="$PWD/$user.pub"
|
|
[ -f "$pubkey" ] && {
|
|
echo "$user.pub already exists. Shell changed, exiting..." >&2
|
|
exit 0
|
|
}
|
|
|
|
# drat... 'cd ~$user` doesn't work...
|
|
cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"
|
|
|
|
# now set up her rsa key, creating it if needed. This will get used if
|
|
# she comes in via password or without agent forwarding.
|
|
[ -d .ssh ] || {
|
|
mkdir .ssh
|
|
chown $user .ssh
|
|
chmod go-w .ssh
|
|
}
|
|
|
|
[ -f .ssh/id_rsa.pub ] || {
|
|
ssh-keygen -q -N "" -C $user@`hostname` -f .ssh/id_rsa >&2
|
|
chown $user .ssh/id_rsa .ssh/id_rsa.pub
|
|
chmod go-rw .ssh/id_rsa
|
|
chmod go-w .ssh/id_rsa.pub
|
|
}
|
|
|
|
# create alice.pub
|
|
cat .ssh/id_rsa.pub > $pubkey
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
die "needs to run as root"
|
|
|
|
fi
|