justin/tinyboard
1
0
Fork 0
forked from finn/tinyboard
Code Pull Requests Activity

spoke/setup-spoke.sh

Browse Source 
Fix check_permissions to check group bits; fix ssh-keyscan dedup to iterate per key type; fix HUB_USER@HUB_HOST sed regex to handle trailing whitespace
hub/offboard-spoke.sh
Drop root requirement; fix crontab running as root; fix registry .tmp not cleaned on failure
hub/onboard-spoke.sh
Fix registry .tmp not cleaned on failure; chmod 600 key immediately after generation
hub/setup-hub.sh
Check permissions on existing SSH private keys in setup
This commit is contained in:
Justin Oros
2026-04-18 14:12:05 -07:00
parent d925cd944a
commit e450456638
4 changed files with 35 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
spoke/setup-spoke.sh
View File

@@ -68,7 +68,7 @@ check_permissions() {
fi
local world="${perms: -1}"
local group="${perms: -2:1}"
if [ "$world" != "0" ]; then
if [ "$world" != "0" ] || [ "$group" != "0" ]; then
warn "UNSAFE PERMISSIONS on $label ($file): $perms — should be 600 or 400"
warn "Fixing permissions automatically..."
chmod 600 "$file"
@@ -280,10 +280,12 @@ chown "$SPOKE_USER":"$SPOKE_USER" "$SSH_DIR/known_hosts"
chmod 600 "$SSH_DIR/known_hosts"
HUB_KEYSCAN=$(ssh-keyscan -H "$HUB_HOST" 2>/dev/null)
if [ -n "$HUB_KEYSCAN" ]; then
HUB_KEYSCAN_KEY=$(echo "$HUB_KEYSCAN" | awk '{print $3}')
if ! grep -qF "$HUB_KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
echo "$HUB_KEYSCAN" >> "$SSH_DIR/known_hosts"
fi
while IFS= read -r KEYSCAN_LINE; do
KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $3}')
if ! grep -qF "$KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
echo "$KEYSCAN_LINE" >> "$SSH_DIR/known_hosts"
fi
done <<< "$HUB_KEYSCAN"
fi
check_permissions "$SSH_DIR/known_hosts" "known_hosts"
@@ -323,7 +325,7 @@ sed -i "s|-R [0-9]*:localhost:22|-R ${TUNNEL_PORT}:localhost:22|g" "$COMPOSE"
sed -i "s|-i /home/[^ ]*/\.ssh/[^ ]*|-i ${SSH_DIR}/${KEY_NAME}|g" "$COMPOSE"
sed -i "/known_hosts/!s|/home/[^/]*/\.ssh/[^:]*:/home/[^/]*/\.ssh/[^:]*:ro|${SSH_DIR}/${KEY_NAME}:${SSH_DIR}/${KEY_NAME}:ro|g" "$COMPOSE"
sed -i "s|/home/[^/]*/\.ssh/known_hosts|${SSH_DIR}/known_hosts|g" "$COMPOSE"
sed -i "s| [a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*\.[a-zA-Z0-9._-]*$| ${HUB_USER}@${HUB_HOST}|g" "$COMPOSE"
sed -i "s| [a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*\.[a-zA-Z0-9._-]*[[:space:]]*$| ${HUB_USER}@${HUB_HOST}|g" "$COMPOSE"
sed -i "s|/home/[^/]*/st:|${SYNCTHING_MOUNT}:|g" "$COMPOSE"
sed -i "s|PUID=[0-9]*|PUID=${SPOKE_UID}|g" "$COMPOSE"
sed -i "s|PGID=[0-9]*|PGID=${SPOKE_GID}|g" "$COMPOSE"