forked from 0k/0k-charms
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1002 B
41 lines
1002 B
#!/bin/bash
|
|
|
|
|
|
##
|
|
## code
|
|
##
|
|
|
|
KEYS=/etc/rsync/keys
|
|
RSYNC_HOME=/var/lib/rsync
|
|
|
|
mkdir -p "$RSYNC_HOME/.ssh"
|
|
|
|
##
|
|
## New
|
|
##
|
|
|
|
touch "$RSYNC_HOME"/.ssh/authorized_keys.new
|
|
|
|
for f in "$KEYS"/backup/*.pub; do
|
|
[ -e "$f" ] || continue
|
|
content=$(cat "$f")
|
|
ident="${f##*/}"
|
|
ident="${ident%.pub}"
|
|
if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then
|
|
echo "bad: '$ident'" >&2
|
|
continue
|
|
fi
|
|
echo "command=\"/usr/local/sbin/ssh-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"
|
|
done >> "$RSYNC_HOME"/.ssh/authorized_keys.new
|
|
|
|
for f in "$KEYS"/admin/*.pub; do
|
|
[ -e "$f" ] || continue
|
|
content=$(cat "$f")
|
|
echo "command=\"/usr/local/sbin/ssh-admin-cmd-validate\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content"
|
|
done >> "$RSYNC_HOME"/.ssh/authorized_keys.new
|
|
|
|
mv "$RSYNC_HOME"/.ssh/authorized_keys{,.old}
|
|
mv "$RSYNC_HOME"/.ssh/authorized_keys{.new,}
|
|
|
|
chown rsync:rsync -R "$RSYNC_HOME"/.ssh -R
|
|
|