gitolite/contrib/real-users/gl-shell-setup
Tomas Paladin Volf b6ba3cc975 (password access) specify comment field in generated ssh pub key
since gl-shell-setup runs as root, the comment in the generated key was
'root@...' instead of whatever userid it was being created for.

This does not affect gitolite or ssh but it seems some people don't
treat "comment" and "comment" and actually *do* stuff with it.

(only code is from author; commit message is from committer)
2011-11-27 08:24:06 +05:30

77 lines
2.1 KiB
Bash
Executable file

#!/bin/bash
# WARNING 1: probably contains bashisms galore. If you don't have bash,
# please install it.
# NOTE 1: this script is run as root.
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# BEGIN site-local changes
# the full path to the new login shell to replace these users' existing shell
new_shell="/usr/local/bin/gl-shell"
my_chsh() {
# please replace with appropriate command for your OS/distro. This one is
# suitable at least for Fedora, maybe others also
chsh -s $new_shell $1 >&2
}
# remove these 2 lines after you have done your customisation
[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using >&2; exit 1; }
# END site-local changes
# ------------------------------------------------------------------------------
die() { echo "FATAL: $@" >&2; exit 1; }
# ------------------------------------------------------------------------------
euid=$(perl -e 'print $>')
if [ "$euid" = "0" ]
then
[ -n "$1" ] || die "need a valid username"
user=$1
id $user >/dev/null || die "need a valid username"
# now fix up the user's login shell
my_chsh $user
pubkey="$PWD/$user.pub"
[ -f "$pubkey" ] && {
echo "$user.pub already exists. Shell changed, exiting..." >&2
exit 0
}
# drat... 'cd ~$user` doesn't work...
cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"
# now set up her rsa key, creating it if needed. This will get used if
# she comes in via password or without agent forwarding.
[ -d .ssh ] || {
mkdir .ssh
chown $user .ssh
chmod go-w .ssh
}
[ -f .ssh/id_rsa.pub ] || {
ssh-keygen -q -N "" -C $user@`hostname` -f .ssh/id_rsa >&2
chown $user .ssh/id_rsa .ssh/id_rsa.pub
chmod go-rw .ssh/id_rsa
chmod go-w .ssh/id_rsa.pub
}
# create alice.pub
cat .ssh/id_rsa.pub > $pubkey
exit 0
else
die "needs to run as root"
fi