xcat-core/xCAT/postscripts/remoteshell
jbjohnso 5540ae512b -Change .directories in postscripts dir for wget traversal
-Change remoteshell to retrieve ssh host keys via credentials plugin
-Change allowcred.awk to be persistant in execution for multiple runs
-Move stunnel setup to the post.rh scripts (post.sles to do)
-Migrate to no longer have per-node postscripts generated for redhat installs
-Change to no longer use a postscripts tar file, recursive ftp instead
-Change to setup vsftpd



git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@1238 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
2008-04-30 20:54:57 +00:00

66 lines
2.0 KiB
Bash
Executable File

#!/bin/sh
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
#egan@us.ibm.com
#(C)IBM Corp
#
if [ -r /etc/ssh/sshd_config ]
then
logger -t xcat "Install: setup /etc/ssh/sshd_config"
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
perl -pi -e 's/^X11Forwarding .*$/X11Forwarding yes/' /etc/ssh/sshd_config
perl -pi -e 's/^KeyRegenerationInterval .*$/KeyRegenerationInterval 0/' /etc/ssh/sshd_config
perl -pi -e 's/(.*MaxStartups.*)/#\1/' /etc/ssh/sshd_config
echo "MaxStartups 1024" >>/etc/ssh/sshd_config
echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
fi
if [ -r /etc/ssh/sshd_config ]
then
echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config
fi
if [ -d /xcatpost/_ssh ]
then
logger -t xcat "Install: setup root .ssh"
cd /xcatpost/_ssh
mkdir -p /root/.ssh
cp -f * /root/.ssh
cd -
chmod 700 /root/.ssh
chmod 600 /root/.ssh/*
fi
allowcred.awk &
sleep 1
if [ -d /xcatpost/hostkeys ]
then
logger -t xcat "Install: using server provided host key for convenience."
cp /xcatpost/hostkeys/*_key /etc/ssh/
fi
getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_dsa_key
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then
rm /etc/ssh/ssh_host_dsa_key
fi
getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then
rm /etc/ssh/ssh_host_rsa_key
fi
if [ ! -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
exit 0
fi
umask 0077
mkdir -p /root/.ssh/
sleep 1
getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /root/.ssh/id_rsa
if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then
rm /root/.ssh/id_rsa
fi