Le Tue, Aug 10, 2010 at 04:49:51PM -0400, Kyle Moffett a écrit : > > When performing partially-automated virtual-server installations (using > services such as Eucalyptus or Amazon EC2, for example), it's not really > practical or secure to use password-based authentication for the > installer. > > Furthermore, such virtual server environments provide an automatic > method of provisioning public SSH keys during the installation process > via an HTTP URL. > > The Ubuntu guys seem to have a patch for this that never got merged: > https://bugs.launchpad.net/ubuntu/+source/network-console/+bug/184108
Dear all, I think that it would wonderful if Ubuntu's patch were applied in Debian. Here is a slimmed down version of it, where I removed the Ubuntu-specific parts changing debian/control, the changelog and .gitignore files, … http://patches.ubuntu.com/n/network-console/network-console_1.28ubuntu1.patch --- 1.28/debian/network-console.postinst 2011-01-19 04:51:17.000000000 +0000 +++ 1.28ubuntu1/debian/network-console.postinst 2011-05-04 00:19:29.000000000 +0100 @@ -26,7 +26,30 @@ case "$ARCHDETECT" in ;; esac -while [ -z "$PASSWORD" ]; do +db_get $TEMPLATE_ROOT/authorized_keys_url + +AUTHORIZED_KEYS_URL="$RET" +AUTHORIZED_KEYS_DIRECTORY="/.ssh" +AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys" + +if [ -n "$AUTHORIZED_KEYS_URL" ]; then + if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then + [ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \ + mkdir "$AUTHORIZED_KEYS_DIRECTORY" + chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY" + if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then + db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \ + LOCATION "$AUTHORIZED_KEYS_URL" + db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \ + || true + db_go + exit 1 + fi + chmod 0644 "$AUTHORIZED_KEYS_FILE" || true + fi +fi + +while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do db_input critical $TEMPLATE_ROOT/password || true COMPARE_PW='' db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true diff -pruN 1.28/debian/network-console.templates 1.28ubuntu1/debian/network-console.templates --- 1.28/debian/network-console.templates 2011-01-19 04:51:17.000000000 +0000 +++ 1.28ubuntu1/debian/network-console.templates 2011-05-04 00:19:29.000000000 +0100 @@ -75,3 +75,19 @@ _Description: Start SSH . Please check this carefully against the fingerprint reported by your SSH client. + +Template: network-console/authorized_keys_url +Type: string +Description: for internal use; can be preseeded + What URL contains a list of authorized SSH public keys? + . + The file at the given URL should be of the same form as a standard OpenSSH + authorized_keys file. + +Template: network-console/authorized_keys_fetch_failure +Type: error +# should be translated when committed upstream +Description: Could not fetch OpenSSH authorized keys + An error occurred while fetching OpenSSH authorized keys from ${LOCATION}. + . + Check /var/log/syslog or see virtual console 4 for the details. Please let me know how I can help to make this happen. Cheers, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110910133008.ga4...@plessy.org
