blob: 71bb8e2fe11313062a5596df12ec424dc2bcb5aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# Remote accountd server process
adduser --disabled-password --shell /bin/sh \
--home /home/lacme-account \
--gecos "lacme account user" \
--quiet lacme-account
chown lacme-account: /etc/lacme/account.key
DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends \
openssh-client openssh-server
ssh-keygen -N "" -f ~root/.ssh/id_rsa
install -olacme-account -glacme-account -dm0700 ~lacme-account/.ssh
install -olacme-account -glacme-account -m0644 ~root/.ssh/id_rsa.pub ~lacme-account/.ssh/authorized_keys
{ echo -n "[127.0.0.1]:2222 "; cat /etc/ssh/ssh_host_rsa_key.pub; } >~root/.ssh/known_hosts
cat >/etc/ssh/sshd_config <<-EOF
Port 2222
ListenAddress 127.0.0.1
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes
EOF
install -oroot -groot -dm0755 /run/sshd
/usr/sbin/sshd
sed -ri 's|^#?command\s*=.*/lacme-accountd$|command = ssh -Tp2222 -llacme-account 127.0.0.1 lacme-accountd|' /etc/lacme/lacme.conf
sed -ri 's|^#?config\s*=.*|config = /etc/lacme/lacme-accountd.conf|' /etc/lacme/lacme.conf
lacme newOrder --debug 2>"$STDERR" || fail # intentionally use --debug, ssh should tunnel stdin + stdout + stderr
test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
# vim: set filetype=sh :
|
