From 530be7a508dd030b2133a71f851df9146eda5213 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Sat, 2 May 2020 10:58:06 -0400
Subject: [PATCH] Setup host based authentication in ssh in ubuntu

---
 misc/ubuntu20.04deploy/custom-installation/post.sh | 11 +++++++++++
 misc/ubuntu20.04deploy/custom-installation/pre.sh  |  4 ++++
 2 files changed, 15 insertions(+)

diff --git a/misc/ubuntu20.04deploy/custom-installation/post.sh b/misc/ubuntu20.04deploy/custom-installation/post.sh
index b10cd416..0f21f260 100755
--- a/misc/ubuntu20.04deploy/custom-installation/post.sh
+++ b/misc/ubuntu20.04deploy/custom-installation/post.sh
@@ -7,4 +7,15 @@ done
 
 cp -a /etc/ssh/ssh_host* /target/etc/confluent/ssh/
 cp -a /etc/ssh/sshd_config.d/confluent.conf /target/etc/confluent/ssh/sshd_config.d/
+sshconf=/target/etc/ssh/ssh_config
+if [ -d /target/etc/ssh/ssh_config.d/ ]; then
+    sshconf=/target/etc/ssh/ssh_config.d/01-confluent.conf
+fi
+echo 'Host *' >> $sshconf
+echo '    HostbasedAuthentication yes' >> $sshconf
+echo '    EnableSSHKeysign yes' >> $sshconf
+echo '    HostbasedKeyTypes *ed25519*' >> $sshconf
+
 cp /custom-installation/firstboot.sh /target/etc/confluent/firstboot.sh
+cp /tmp/allnodes /target/root/.shosts
+cp /tmp/allnodes /target/etc/ssh/shosts.equiv
diff --git a/misc/ubuntu20.04deploy/custom-installation/pre.sh b/misc/ubuntu20.04deploy/custom-installation/pre.sh
index 072b40a4..ea0d3dc3 100755
--- a/misc/ubuntu20.04deploy/custom-installation/pre.sh
+++ b/misc/ubuntu20.04deploy/custom-installation/pre.sh
@@ -11,7 +11,11 @@ for pubkey in /etc/ssh/ssh_host*key.pub; do
     echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf
     echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf
 done
+echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf
+echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf
+echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf
 systemctl restart sshd
+curl -f X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
 curl https://$mgr/confluent-public/confluent/util/getinstalldisk > /custom-installation/getinstalldisk
 python3 /custom-installation/getinstalldisk
 sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml