free
/
freedombone
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
Kaynağa Gözat

Specify an ssh public key when adding new user

Bob Mottram 9 yıl önce
ebeveyn
0bebdb4b82
işleme
1e87576868
3 değiştirilmiş dosya ile 28 ekleme ve 4 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 6
    0
      doc/EN/faq.org
  2. BIN
      man/freedombone-adduser.1.gz
  3. 22
    4
      src/freedombone-adduser

+ 6
- 0
doc/EN/faq.org Dosyayı Görüntüle

46 
 freedombone-adduser [username]
 46 
 freedombone-adduser [username]
47 
 #+END_SRC
 47 
 #+END_SRC
48
48
49 
+Or optionally with an /ssh public key/, given either as a filename or directly pasted. Specifying an ssh key will allow the user to log in more securely if they need to (such as if they use the Mutt email client).
50 
+
51 
+#+BEGIN_SRC bash
52 
+freedombone-adduser [username] [ssh public key]
53 
+#+END_SRC
54 
+
49 
 Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have *complete trust* in the administrator.
 55 
 Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have *complete trust* in the administrator.
50
56
51 
 Another point is that Freedombone installations are not intended to support many users (maybe ten at most). Large numbers of users may make the system unstable, and the more users you have on one system the more it becomes a single point of failure and also perhaps a honeypot from the standpoint of adversaries. Think of what happened with Lavabit and the moral dilemma which an administrator can be faced with (comply with threats and betray the trust of your users or don't comply and suffer other consequences). Ideally, you never want to put yourself into a situation where you can be forced to betray others.
 57 
 Another point is that Freedombone installations are not intended to support many users (maybe ten at most). Large numbers of users may make the system unstable, and the more users you have on one system the more it becomes a single point of failure and also perhaps a honeypot from the standpoint of adversaries. Think of what happened with Lavabit and the moral dilemma which an administrator can be faced with (comply with threats and betray the trust of your users or don't comply and suffer other consequences). Ideally, you never want to put yourself into a situation where you can be forced to betray others.

BIN
man/freedombone-adduser.1.gz Dosyayı Görüntüle


+ 22
- 4
src/freedombone-adduser Dosyayı Görüntüle

1 
 #!/bin/bash
 1 
 #!/bin/bash
2 
 MY_USERNAME=$1
 2 
 MY_USERNAME=$1
3 
+SSH_PUBLIC_KEY=$2
3 
 GPG_KEYSERVER='hkp://keys.gnupg.net'
 4 
 GPG_KEYSERVER='hkp://keys.gnupg.net'
4 
 SSH_PORT=2222
 5 
 SSH_PORT=2222
5 
 COMPLETION_FILE=$HOME/freedombone-completed.txt
 6 
 COMPLETION_FILE=$HOME/freedombone-completed.txt
29 
     exit 4
 30 
     exit 4
30 
 fi
 31 
 fi
31
32
33 
+if [ $2 ]; then
34 
+    if [ -f $SSH_PUBLIC_KEY ]; then
35 
+        mkdir /home/$MY_USERNAME/.ssh
36 
+        cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
37 
+        echo 'ssh public key installed'
38 
+    else
39 
+        if [[ $SSH_PUBLIC_KEY == "ssh-"* ]]; then
40 
+            mkdir /home/$MY_USERNAME/.ssh
41 
+            echo $SSH_PUBLIC_KEY > /home/$MY_USERNAME/.ssh/authorized_keys
42 
+            echo 'ssh public key installed'
43 
+        else
44 
+            echo 'The second parameter does not look like an ssh key'
45 
+            exit 5
46 
+        fi
47 
+    fi
48 
+fi
49 
+
32 
 if [ ! -d /home/$MY_USERNAME/Maildir ]; then
 50 
 if [ ! -d /home/$MY_USERNAME/Maildir ]; then
33 
     echo 'Email directory was not created'
 51 
     echo 'Email directory was not created'
34 
     userdel -r $MY_USERNAME
 52 
     userdel -r $MY_USERNAME
35 
-    exit 5
53 
+    exit 6
36 
 fi
 54 
 fi
37
55
38 
 if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
 56 
 if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
77 
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
 95 
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
78 
     echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
 96 
     echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
79 
     userdel -r $MY_USERNAME
 97 
     userdel -r $MY_USERNAME
80 
-    exit 6
98 
+    exit 7
81 
 fi
 99 
 fi
82
100
83 
 # encrypt outgoing mail to the "sent" folder
 101 
 # encrypt outgoing mail to the "sent" folder
131 
 if [ ! "$?" = "0" ]; then
 149 
 if [ ! "$?" = "0" ]; then
132 
     echo "XMPP account not created"
 150 
     echo "XMPP account not created"
133 
     userdel -r $MY_USERNAME
 151 
     userdel -r $MY_USERNAME
134 
-    exit 7
152 
+    exit 8
135 
 fi
 153 
 fi
136
154
137 
 if grep -q "Blog domain" $COMPLETION_FILE; then
 155 
 if grep -q "Blog domain" $COMPLETION_FILE; then
139 
     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
 157 
     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
140 
         echo 'Blog users directory not found'
 158 
         echo 'Blog users directory not found'
141 
         userdel -r $MY_USERNAME
 159 
         userdel -r $MY_USERNAME
142 
-        exit 8
160 
+        exit 9
143 
     fi
 161 
     fi
144 
     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
 162 
     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
145 
     echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
 163 
     echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini