66 lines
1.7 KiB
Bash
Executable File
66 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# setup-ssh.sh - Configure SSH for the toes CLI user
|
|
#
|
|
# This script:
|
|
# 1. Creates a `cli` system user with /usr/local/bin/toes as shell
|
|
# 2. Sets an empty password on `cli` for passwordless SSH
|
|
# 3. Adds a Match block in sshd_config to allow empty passwords for `cli`
|
|
# 4. Adds /usr/local/bin/toes to /etc/shells
|
|
# 5. Restarts sshd
|
|
#
|
|
# Run as root on the toes machine.
|
|
# Usage: ssh cli@toes.local
|
|
|
|
set -euo pipefail
|
|
|
|
TOES_SHELL="/usr/local/bin/toes"
|
|
SSHD_CONFIG="/etc/ssh/sshd_config"
|
|
|
|
echo "==> Setting up SSH CLI user for toes"
|
|
|
|
# 1. Create cli system user
|
|
if ! id cli &>/dev/null; then
|
|
useradd --system --home-dir /home/cli --shell "$TOES_SHELL" --create-home cli
|
|
echo " Created cli user"
|
|
else
|
|
echo " cli user already exists"
|
|
fi
|
|
|
|
# 2. Set empty password
|
|
passwd -d cli
|
|
echo " Set empty password on cli"
|
|
|
|
# 3. Add Match block for cli user in sshd_config
|
|
if ! grep -q 'Match User cli' "$SSHD_CONFIG"; then
|
|
cat >> "$SSHD_CONFIG" <<EOF
|
|
|
|
# toes CLI: allow passwordless SSH for the cli user
|
|
Match User cli
|
|
PermitEmptyPasswords yes
|
|
EOF
|
|
echo " Added Match User cli block to sshd_config"
|
|
else
|
|
echo " sshd_config already has Match User cli block"
|
|
fi
|
|
|
|
# 4. Ensure /usr/local/bin/toes is in /etc/shells
|
|
if ! grep -q "^${TOES_SHELL}$" /etc/shells; then
|
|
echo "$TOES_SHELL" >> /etc/shells
|
|
echo " Added $TOES_SHELL to /etc/shells"
|
|
else
|
|
echo " $TOES_SHELL already in /etc/shells"
|
|
fi
|
|
|
|
# Warn if toes binary doesn't exist yet
|
|
if [ ! -f "$TOES_SHELL" ]; then
|
|
echo " WARNING: $TOES_SHELL does not exist yet"
|
|
echo " Create it with: ln -sf /path/to/toes/cli $TOES_SHELL"
|
|
fi
|
|
|
|
# 5. Restart sshd
|
|
echo " Restarting sshd..."
|
|
systemctl restart sshd || service ssh restart || true
|
|
|
|
echo "==> Done. Connect with: ssh cli@toes.local"
|