Add workaround if keys fail to fetch

This commit is contained in:
Joshua Boniface 2023-09-01 15:41:57 -04:00
parent 795b8d0caf
commit 2622595344
1 changed files with 8 additions and 2 deletions

View File

@ -786,10 +786,10 @@ chroot ${target} mkdir -p /var/home/${target_deploy_user}/.ssh
if [[ -n ${target_keys_path} ]]; then
case ${target_keys_method} in
wget)
wget -O ${target}/var/home/${target_deploy_user}/.ssh/authorized_keys ${target_keys_path}
wget -O ${target}/var/home/${target_deploy_user}/.ssh/authorized_keys ${target_keys_path} || failed_keys="y"
;;
tftp)
tftp -m binary "${seed_host}" -c get "${target_keys_path}" ${target}/var/home/${target_deploy_user}/.ssh/authorized_keys
tftp -m binary "${seed_host}" -c get "${target_keys_path}" ${target}/var/home/${target_deploy_user}/.ssh/authorized_keys || failed_keys="y"
;;
esac
chroot ${target} chmod 0600 /var/home/${target_deploy_user}/.ssh/authorized_keys
@ -798,6 +798,12 @@ else
echo "${target_deploy_user}:${target_password}" | chroot ${target} chpasswd >&2
fi
echo "done."
if [[ -n ${failed_keys} ]]; then
target_password="$( pwgen -s 8 1 )"
echo "WARNING: Failed to fetch keys; target deploy user SSH keyauth will fail."
echo "Setting temporary random password '${temp_password}' instead."
echo "${target_deploy_user}:${target_password}" | chroot ${target} chpasswd >&2
fi
echo -n "Setting NOPASSWD for sudo group... "
sed -i 's/^%sudo\tALL=(ALL:ALL) ALL/%sudo\tALL=(ALL:ALL) NOPASSWD: ALL/' ${target}/etc/sudoers