29 lines
674 B

  1. #!/bin/bash
  2. ##
  3. ## code
  4. ##
  5. chmod 440 /etc/sudoers.d/* -R
  6. KEYS=/etc/rsync/keys
  7. RSYNC_HOME=/var/lib/rsync
  8. mkdir -p "$RSYNC_HOME/.ssh"
  9. for f in "$KEYS"/*.pub; do
  10. [ -e "$f" ] || continue
  11. content=$(cat "$f")
  12. ident="${f##*/}"
  13. ident="${ident%.pub}"
  14. if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then
  15. echo "bad: '$ident'"
  16. continue
  17. fi
  18. echo "command=\"/usr/local/sbin/ssh-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"
  19. done > "$RSYNC_HOME"/.ssh/authorized_keys
  20. chown rsync:rsync -R "$RSYNC_HOME"/.ssh -R
  21. ## Give back PID 1 so that ssh can receive signals
  22. exec /usr/sbin/sshd -D -e