#!/usr/bin/env bash # Purpose: # # - Append ssh public key to `~/.ssh/authorized_keys` # - Set correct ownership and permission for `~/.ssh/` and # `~/.ssh/authorized_keys`. # - Setup /etc/sudoers (Linux) or /etc/doas.conf (OpenBSD) if necessary. # Make sure it's ran by root user. _uid="$(id -u)" if [[ X"${_uid}" != X'0' ]]; then echo "Please run this script as root user." exit 255 fi # Login username for iRedMail cloud platform. It's an email address. echo "* Initialize server." # SSH username export SSH_USER='root' cat < ${tmp_file} ssh-keygen -l -f ${tmp_file} >/dev/null 2>&1 rm -f ${tmp_file} if [[ X"$?" == X'0' ]]; then echo "- SSH public key is valid." else echo "<<< ERROR >>> Not a valid ssh public key." exit 255 fi # # Create ~/.ssh/authorized_keys # eval cd ~${SSH_USER} if [[ ! -d ${SSH_DOT_DIR} ]]; then echo "- Create ${SSH_DOT_DIR}" mkdir -p ${SSH_DOT_DIR} fi if [[ ! -f ${SSH_AUTH_KEY_FILE} ]]; then echo "- Create ${SSH_AUTH_KEY_FILE}" touch ${SSH_AUTH_KEY_FILE} fi if grep "${SSH_PUBKEY}" ${SSH_AUTH_KEY_FILE} >/dev/null 2>&1; then echo "- SSH public key already exists." else echo "- Append ssh public key to ${SSH_AUTH_KEY_FILE}." # Make sure pubkey will be appended after a new line. echo '' >> ${SSH_AUTH_KEY_FILE} echo ${SSH_PUBKEY} >> ${SSH_AUTH_KEY_FILE} fi # Always set ownership and permission echo "- Set owner of ${SSH_DOT_DIR} to ${SSH_USER}." chown ${SSH_USER} ${SSH_DOT_DIR} echo "- Set permission of ${SSH_DOT_DIR} to 0700." chmod 0700 ${SSH_DOT_DIR} echo "- ${SSH_AUTH_KEY_FILE}: set owner to ${SSH_USER}, permission to 0400." chown ${SSH_USER} ${SSH_AUTH_KEY_FILE} chmod 0400 ${SSH_AUTH_KEY_FILE} # # Setup sudo / doas # export KERNEL_NAME="$(uname -s)" if [[ X"${SSH_USER}" != X'root' ]]; then if [[ X"${KERNEL_NAME}" == X'Linux' ]]; then echo -e '*\n* Setup sudo\e*' if [[ -d /etc/sudoers.d ]]; then echo "- Add modular sudo config file: /etc/sudoers.d/${SSH_USER}" echo -e "Defaults:${SSH_USER} !requiretty" > /etc/sudoers.d/${SSH_USER} echo -e "${SSH_USER}\tALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${SSH_USER} elif [[ -f /etc/sudoers ]]; then echo "- Updating /etc/sudoers" if ! grep "^Defaults:${SSH_USER}.*!requiretty$" /etc/sudoers >/dev/null 2>&1; then echo -e "Defaults:${SSH_USER} !requiretty" >> /etc/sudoers fi echo -e "${SSH_USER}\tALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers else echo "<<< ERROR >>> No sudo config file found (/etc/sudoers or /etc/sudoers.d/). Please install sudo package manually first." exit 255 fi elif [[ X"${KERNEL_NAME}" == X'OpenBSD' ]]; then echo -e '*\n* Setup doas\e*' if ! grep "^permit nopass ${SSH_USER} as root$" /etc/doas.conf >/dev/null 2>&1; then echo "permit nopass ${SSH_USER} as root" >> /etc/doas.conf fi else echo "<<< ERROR >>> Unsupported Linux/BSD distribution, please contact iRedMail team: https://www.iredmail.org/contact.html" exit 255 fi