All Downloads are FREE. Search and download functionalities are using the official Maven repository.

refcodes-batch.1.0.3.source-code.setup-ssh-server.job Maven / Gradle / Ivy

#!/bin/bash

. $SCRIPT_DIR/lib-filesystem.inc

if [[ $HELP = y ]] ; then
	echo "The switch \"-j $JOB\" uses a given configuration to create                     " >&2
	echo "a configured apache website. The website's folder will be created and an apache " >&2
	echo "vhost is created. The follwoing config must be provided in the config file:     " >&2
	# echo "--------------------------------------------------------------------------------" >&2
	logSeparator
fi

. $SCRIPT_DIR/validate-ssh-config.job

if [[ $HELP = y ]] ; then
	exit $EXIT_SUCCESS
fi

exitOnConfigOff "SSH"

SSH_PUB_KEY_FILE="$SSH_SERVER_KEY_DIR/$SSH_KEY_FILE_NAME.pub"
CHECK_SSH_COMMAND_FILE="$SCRIPT_DIR/check-ssh-command.sh"
SSH_SERVER_CHECK_SSH_COMMAND_FILE="$SSH_SERVER_SCRIPT_DIR/check-ssh-command.sh"

SSH_AUTHORIZED_KEYS_FILE="$SSH_SERVER_KEY_DIR/authorized_keys"
# CHECK_SSH_COMMAND_LINE="command=\"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\",from=\"$SSH_SERVER_HOSTNAME\",no-port-forwarding,no-X11-forwarding,no-pty "
CHECK_SSH_COMMAND_LINE="command=\"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\",no-port-forwarding,no-X11-forwarding,no-pty "

if [[ $VERBOSE = y ]] ; then
	echo "Assuming the path \"$SSH_SERVER_KEY_DIR\" to exist ..." >&2
	echo "Assuming the path \"$SSH_PUB_KEY_FILE\" to exist ..." >&2
	echo "Assuming the path \"$CHECK_SSH_COMMAND_FILE\" to exist ..." >&2
	# echo "--------------------------------------------------------------------------------" >&2
	logSeparator
fi

exitOnMissingPropertyPath "SSH_SERVER_KEY_DIR"
exitOnMissingVariablePath "CHECK_SSH_COMMAND_FILE"
exitOnMissingVariablePath "SSH_PUB_KEY_FILE"

# -----------------------------------------
# Create the SSH server's script directory:
# -----------------------------------------
if [ ! -e "$SSH_SERVER_SCRIPT_DIR" ] ; then
	if [[ $VERBOSE = y ]] ; then
		echo "Creating the \"$SSH_SERVER_SCRIPT_DIR\" directory ..." >&2
	fi
	
	makePath "$SSH_SERVER_SCRIPT_DIR" "$SSH_SERVER_FS_USER" "$SSH_SERVER_FS_GROUP" "og-rwx,u+rw"
	exitOnError "Unable to create directory \"$SSH_SERVER_SCRIPT_DIR\" !!!"
fi

# ----------------------------------------
# Copying the "check-ssh-command.sh" file:
# ----------------------------------------
if [[ $VERBOSE = y ]] ; then
	echo "Copying \"$CHECK_SSH_COMMAND_FILE\" to \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" ..." >&2
fi

cp $CHECK_SSH_COMMAND_FILE $SSH_SERVER_CHECK_SSH_COMMAND_FILE
exitOnError "Unable to copy \"$CHECK_SSH_COMMAND_FILE\" to \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" !!!"

if [[ $VERBOSE = y ]] ; then
	echo "Changing owner to \"$SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP\" for \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" ..." >&2
fi

chown $SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP $SSH_SERVER_CHECK_SSH_COMMAND_FILE
exitOnError "Unable to change owner to \"$SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP\" for \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" !!!"

if [[ $VERBOSE = y ]] ; then
	echo "Applying file access rights on \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" ..." >&2
fi

chmod og-rwx,u+rwx $SSH_SERVER_CHECK_SSH_COMMAND_FILE
exitOnError "Unable to change access rights for \"$SSH_SERVER_CHECK_SSH_COMMAND_FILE\" !!!"

# --------------------------------
# Creating "authorized_keys" file:
# --------------------------------
if [ ! -e "$SSH_AUTHORIZED_KEYS_FILE" ] ; then
	if [[ $VERBOSE = y ]] ; then
		echo "Creating the \"$SSH_AUTHORIZED_KEYS_FILE\" file ..." >&2
	fi
	
	touch $SSH_AUTHORIZED_KEYS_FILE
	exitOnError "Unable to create file \"$SSH_AUTHORIZED_KEYS_FILE\" !!!"
	
	if [[ $VERBOSE = y ]] ; then
		echo "Changing owner to \"$SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP\" for \"$SSH_AUTHORIZED_KEYS_FILE\" ..." >&2
	fi

	chown $SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP $SSH_AUTHORIZED_KEYS_FILE
	exitOnError "Unable to change owner to \"$SSH_SERVER_FS_USER:$SSH_SERVER_FS_GROUP\" for \"$SSH_AUTHORIZED_KEYS_FILE\" !!!"
	
	if [[ $VERBOSE = y ]] ; then
		echo "Applying file access rights on \"$SSH_AUTHORIZED_KEYS_FILE\" ..." >&2
	fi
	
	chmod og-rwx,u+rw $SSH_AUTHORIZED_KEYS_FILE
	exitOnError "Unable to change access rights for \"$SSH_AUTHORIZED_KEYS_FILE\" !!!"
fi

exitOnMissingVariablePath "SSH_AUTHORIZED_KEYS_FILE"

# ---------------------------------
# Modifying "authorized_keys" file:
# ---------------------------------
if [[ $VERBOSE = y ]] ; then
	echo "Appending \"allowed commands\" line to to file \"$SSH_AUTHORIZED_KEYS_FILE\" ..." >&2
fi

echo -n "$CHECK_SSH_COMMAND_LINE" >> $SSH_AUTHORIZED_KEYS_FILE
exitOnError "Unable to append \"allowed commands\" line to \"$SSH_AUTHORIZED_KEYS_FILE\" !!!"

if [[ $VERBOSE = y ]] ; then
	echo "Appending SSH keyfile \"$SSH_PUB_KEY_FILE\" to file \"$SSH_AUTHORIZED_KEYS_FILE\" ..." >&2
	# echo "--------------------------------------------------------------------------------" >&2
	logSeparator
fi

cat $SSH_PUB_KEY_FILE >> $SSH_AUTHORIZED_KEYS_FILE
exitOnError "Unable to append \"$SSH_PUB_KEY_FILE\" file to \"$SSH_AUTHORIZED_KEYS_FILE\" !!!"

# -----
# Done!
# -----

echo "SSH server was created:" >&2
# echo "--------------------------------------------------------------------------------" >&2
logSeparator
echo "* SSH public keyfile: \"$SSH_PUB_KEY_FILE\"" >&2
echo "* Authorized keysfile: \"$SSH_AUTHORIZED_KEYS_FILE\"" >&2
# echo "--------------------------------------------------------------------------------" >&2
logSeparator
echo "Add user \"$SSH_SERVER_USER_NAME\" to groups as needed (\"usermod -a G {someGroup} $SSH_SERVER_USER_NAME\") !" >&2
# echo "--------------------------------------------------------------------------------" >&2
logSeparator

showSuccess "SSH server setup for \"$SSH_SERVER_HOSTNAME\" !"




© 2015 - 2025 Weber Informatics LLC | Privacy Policy