Disable the insecure SSH key by default

2026-02-27 17:41:59 +01:00 · 2014-02-06 13:07:47 +01:00
parent a5f521b1b1
commit 37cd856425
5 changed files with 58 additions and 13 deletions
--- a/image/enable_insecure_key
+++ b/image/enable_insecure_key
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+AUTHORIZED_KEYS=/root/.ssh/authorized_keys
+
+if [[ -e "$AUTHORIZED_KEYS" ]] && grep -q baseimage-docker-insecure-key "$AUTHORIZED_KEYS"; then
+	echo "Insecure key has already been added to $AUTHORIZED_KEYS."
+else
+	DIR=`dirname "$AUTHORIZED_KEYS"`
+	echo "Creating directory $DIR..."
+	mkdir -p "$DIR"
+	chmod 700 "$DIR"
+	chown root:root "$DIR"
+	echo "Editing $AUTHORIZED_KEYS..."
+	cat /etc/insecure_key.pub > "$AUTHORIZED_KEYS"
+	echo "Success: insecure key has been added to $AUTHORIZED_KEYS"
+fi
--- a/image/system_services.sh
+++ b/image/system_services.sh
@@ -28,7 +28,10 @@ cp /build/00_regen_ssh_host_keys.sh /etc/my_init.d/
 mkdir -p /root/.ssh
 chmod 700 /root/.ssh
 chown root:root /root/.ssh
-cat /build/insecure_key.pub > /root/.ssh/authorized_keys
+cp /build/insecure_key.pub /etc/insecure_key.pub
+chmod 644 /etc/insecure_key.pub
+chown root:root /etc/insecure_key.pub
+cp /build/enable_insecure_key /usr/sbin/

 ## Install cron daemon.
 $minimal_apt_get_install cron