Commit | Line | Data |
---|---|---|
99248ed2 MW |
1 | #! /bin/sh |
2 | ||
3 | set -e | |
4 | ||
5 | quis=${0##*/} | |
6 | ||
7 | usage="usage: $quis [-nqv] HOST ..." | |
8 | ||
9 | verbose=nil | |
10 | noact=nil | |
11 | while getopts "hnvq" opt; do | |
12 | case "$opt" in | |
13 | h) echo "$usage"; exit ;; | |
14 | n) noact=t verbose=t ;; | |
15 | v) verbose=t ;; | |
16 | q) verbose=nil ;; | |
17 | *) echo >&2 "$usage"; exit 1 ;; | |
18 | esac | |
19 | done | |
20 | shift $(( $OPTIND - 1 )) | |
21 | ||
22 | case $# in 0) echo "$usage"; exit 1 ;; esac | |
23 | ||
24 | defrun=' | |
25 | run () { | |
26 | case $verbose in t) echo >&2 "- $*" ;; esac | |
27 | case $noact in nil) "$@" ;; esac | |
28 | }' | |
29 | eval "$defrun" | |
30 | ||
31 | if getent group backup >/dev/null; then | |
32 | echo >&2 "$quis: group \`backup' already exists" | |
33 | else | |
34 | run addgroup --gid 200 backup | |
35 | fi | |
36 | ||
37 | for host in "$@"; do | |
38 | ||
39 | if getent passwd bkp-$host >/dev/null; then | |
40 | echo >&2 "$quis: backup user \`bkp-$host' already exists" | |
41 | else | |
42 | uid=201 | |
43 | while { getent passwd $uid || getent group $uid; } >/dev/null; do | |
44 | uid=$(( $uid + 1 )) | |
45 | done | |
46 | run addgroup --system --gid $uid bkp-$host | |
47 | run adduser --system --uid $uid --gid $uid \ | |
48 | --home /var/lib/bkp/$host \ | |
49 | --shell /bin/bash \ | |
50 | --gecos "Backup user for host $host" \ | |
51 | --disabled-password \ | |
52 | bkp-$host | |
53 | fi | |
54 | ||
55 | getent group backup | { | |
56 | IFS=: read name passwd gid members | |
57 | case ",$members," in | |
58 | ",bkp-$host,") | |
59 | echo >&2 "$quis: user \`bkp-$host' already in group \`backup'" | |
60 | ;; | |
61 | *) | |
62 | run adduser bkp-$host backup | |
63 | ;; | |
64 | esac | |
65 | } | |
66 | ||
67 | settings="verbose=$verbose noact=$noact" | |
68 | run mkdir -p -m755 /var/lib/bkp/$host/.ssh | |
69 | ssh root@$host "$settings; $defrun" ' | |
70 | cd $HOME | |
71 | mkdir -p -m755 .ssh | |
72 | cd .ssh | |
73 | if [ ! -f id_rsa.pub ]; then | |
74 | genp=t | |
75 | else | |
76 | genp=$( | |
77 | ssh-keygen -l -fid_rsa.pub | { | |
78 | read bits fpr fname type | |
79 | case "$bits,$type" in | |
80 | *[!0-9]*,*) | |
81 | echo t | |
82 | ;; | |
83 | *,"(RSA)") | |
84 | if [ $bits -ge 3072 ]; then echo nil; else echo t; fi | |
85 | ;; | |
86 | *) | |
87 | echo t | |
88 | ;; | |
89 | esac | |
90 | } | |
91 | ) | |
92 | fi | |
93 | ||
94 | case $genp in | |
95 | t) | |
96 | run ssh-keygen -trsa -fid_rsa -b3072 -N "" | |
97 | ;; | |
98 | esac | |
99 | ' | |
100 | run scp root@$host:.ssh/id_rsa.pub /var/lib/bkp/$host/.ssh/authorized_keys | |
101 | ||
102 | done |