wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-06 15:13:56 +02:00
Code Issues Projects Releases Wiki Activity

Explicitly set SSH permissions in base.sh (#1927)

Browse source
This commit is contained in:
David Myers 2021-01-05 14:22:45 -05:00 committed by GitHub
parent 4adb35db80
commit 654809f126
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
files/cloud-init/base.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/sh
set -eux set -eux
# shellcheck disable=SC2230
which sudo || until \ which sudo || until \
apt-get update -y && \ apt-get update -y && \
apt-get install sudo -yf --install-suggests; do apt-get install sudo -yf --install-suggests; do
@ -15,9 +16,10 @@ cat <<EOF >/etc/ssh/sshd_config
{{ lookup('template', 'files/cloud-init/sshd_config') }} {{ lookup('template', 'files/cloud-init/sshd_config') }}
EOF EOF
test -d /home/algo/.ssh || (umask 077 && sudo -u algo mkdir -p /home/algo/.ssh/) test -d /home/algo/.ssh || sudo -u algo mkdir -m 0700 /home/algo/.ssh
echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | (umask 177 && sudo -u algo tee /home/algo/.ssh/authorized_keys) echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | (sudo -u algo tee /home/algo/.ssh/authorized_keys && chmod 0600 /home/algo/.ssh/authorized_keys)
# shellcheck disable=SC2015
dpkg -l sshguard && until apt-get remove -y --purge sshguard; do dpkg -l sshguard && until apt-get remove -y --purge sshguard; do
sleep 3 sleep 3
done || true done || true