Skip to content

Commit

Permalink
Explicitly set SSH permissions in base.sh (trailofbits#1927)
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidemyers
davidemyers authored Jan 5, 2021
1 parent 4adb35d commit 654809f
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions files/cloud-init/base.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#!/bin/bash
#!/bin/sh
set -eux

# shellcheck disable=SC2230
which sudo || until \
apt-get update -y && \
apt-get install sudo -yf --install-suggests; do
Expand All @@ -15,9 +16,10 @@ cat <<EOF >/etc/ssh/sshd_config
{{ lookup('template', 'files/cloud-init/sshd_config') }}
EOF

test -d /home/algo/.ssh || (umask 077 && sudo -u algo mkdir -p /home/algo/.ssh/)
echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | (umask 177 && sudo -u algo tee /home/algo/.ssh/authorized_keys)
test -d /home/algo/.ssh || sudo -u algo mkdir -m 0700 /home/algo/.ssh
echo "{{ lookup('file', '{{ SSH_keys.public }}') }}" | (sudo -u algo tee /home/algo/.ssh/authorized_keys && chmod 0600 /home/algo/.ssh/authorized_keys)

# shellcheck disable=SC2015
dpkg -l sshguard && until apt-get remove -y --purge sshguard; do
sleep 3
done || true
Expand Down

0 comments on commit 654809f

Please sign in to comment.