Add better configuration options for acquire-key-over-ssh

author: Josh Rahm <joshuarahm@gmail.com> 2023-02-24 16:04:57 -0700
committer: Josh Rahm <joshuarahm@gmail.com> 2023-02-24 16:04:57 -0700
commit: 10c1fe4071f248e976d920b3ca29971670893f33 (patch)
tree: 4898162eb77637bc2cfb85758052600f50c4e820
parent: 385c36b4870baf028fe3902e289fc412b454f9cd (diff)
download: acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.tar.gz
acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.tar.bz2
acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.zip
3 files changed, 23 insertions, 10 deletions
diff --git a/module-setup.sh b/module-setup.sh
index c4ad051..fd0bb5d 100755
--- a/module-setup.sh
+++ b/module-setup.sh
@@ -11,9 +11,24 @@ depends() {
 }
 
 install() {
+  local tmpdir=$(mktemp -d --tmpdir dracut-acquire-key-over-ssh.XXXX)
+  local genconf="${tmpdir}/acquire-key-over-ssh.conf"
+  local installconf="/etc/acquire-key-over-ssh.conf"
+
+  [[ -z "${keyserver_port}" ]] && keyserver_port=22
+
+  echo -e "#!/bin/bash\n\n" >> "$genconf"
+  echo "keyserver_interface='${keyserver_interface}'" >> "$genconf"
+  echo "keyserver_host='$keyserver_host'" >> "$genconf"
+  echo "keyserver_user='$keyserver_user'" >> "$genconf"
+  echo "keyserver_port='$keyserver_port'" >> "$genconf"
+
   inst_hook pre-udev 99 "$moddir/start-ssh-acquire.sh"
   inst_script "$moddir/poll-ssh-acquire.sh" "/bin/poll-ssh-acquire.sh"
   inst_simple "/root/.ssh/known_hosts"
   inst_simple "/root/.ssh/id_rsa.pub"
   inst_simple "/root/.ssh/id_rsa"
+  inst "$genconf" "$installconf"
+
+  rm -rf $tmpdir
 }
diff --git a/poll-ssh-acquire.sh b/poll-ssh-acquire.sh
index 5658c9c..225287c 100755
--- a/poll-ssh-acquire.sh
+++ b/poll-ssh-acquire.sh
@@ -8,17 +8,14 @@
 timeout=600
 count=0
 
-keyserver_user="keepr"
-keyserver_host="192.168.86.103"
-keyserver_file="/tmp/test-key"
+. /etc/acquire-key-over-ssh.conf
 
 # Wait for the given interface to come up and for a route to
 # be added.
-interface="$1"
-echo -n "Waiting for interface $interface ... "
-while ! ( ip route list dev "$interface" &>/dev/null ) ; do
+echo -n "Waiting for interface $keyserver_interface ... "
+while ! ( ip route list dev "$keyserver_interface" &>/dev/null ) ; do
   if [[ "$count" -eq "$timeout" ]] ; then
-    echo "Timedout waiting for $interface. Exiting."
+    echo "Timedout waiting for $keyserver_interface. Exiting."
     exit 1
   fi
 
@@ -33,12 +30,12 @@ count=0
 
 while /bin/true ; do
   if [[ "$count" -eq "$tries" ]] ; then
-    echo "Unable to connect to $keyserver_user@$keyserver_host after 5 tries."
+    echo "Unable to connect to $keyserver_user@$keyserver_host after 10 tries."
     exit 1
   fi
 
   echo "Trying $keyserver_user@$keyserver_host ..."
-  ssh "$keyserver_user@$keyserver_host" "cat '$keyserver_file'" > /tmp/enc-key
+  ssh "$keyserver_user@$keyserver_host" -p "$keyserver_port" > /tmp/enc-key
 
   if [[ "$?" -eq 0 ]] ; then
     break;
@@ -53,4 +50,5 @@ echo "Passphrase acquired. Stored in /tmp/enc-key."
 socket_file=$(cat /run/systemd/ask-password/ask.* | grep -E '^Socket' | cut -d'=' -f2)
 echo "running: /lib/systemd/systemd-reply-password 1 $socket_file < /tmp/enc-key"
 /lib/systemd/systemd-reply-password 1 "$socket_file" < /tmp/enc-key
+
 shred /tmp/enc-key
diff --git a/start-ssh-acquire.sh b/start-ssh-acquire.sh
index 428b0c0..1b3b684 100755
--- a/start-ssh-acquire.sh
+++ b/start-ssh-acquire.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-nohup /bin/poll-ssh-acquire.sh "eno1" &>/var/log/ssh-acquire.log &
+nohup /bin/poll-ssh-acquire.sh "eno2" &>/var/log/ssh-acquire.log &
author	Josh Rahm <joshuarahm@gmail.com>	2023-02-24 16:04:57 -0700
committer	Josh Rahm <joshuarahm@gmail.com>	2023-02-24 16:04:57 -0700
commit	10c1fe4071f248e976d920b3ca29971670893f33 (patch)
tree	4898162eb77637bc2cfb85758052600f50c4e820
parent	385c36b4870baf028fe3902e289fc412b454f9cd (diff)
download	acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.tar.gz acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.tar.bz2 acquire-key-over-ssh-10c1fe4071f248e976d920b3ca29971670893f33.zip