From c141986a6d31fc588930fe89cbe3c5c1260d5140 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 7 Aug 2020 14:24:17 +0200 Subject: [PATCH] create new ssh keys for new jails instead of copying those from the host It increases the security by having different keys between jails. It reduces the risk of changing the keys of jails after creationtheir creation. --- CHANGELOG.md | 2 ++ lib/includes | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6a7fba..69694d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * bkctld-update: start jail after upgrade if it was started before * Split check into check-jails and check-setup +* bkctld-check-jails checks if jails * bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started +* create new ssh keys for new jails instead of copying those from the host ### Deprecated diff --git a/lib/includes b/lib/includes index 4ca709e..0c0f297 100755 --- a/lib/includes +++ b/lib/includes @@ -249,9 +249,7 @@ setup_jail_chroot() { touch ./var/log/lastlog ./var/log/wtmp ./run/utmp info "2 - Copying essential files" - [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh - [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh - [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh + ssh-keygen -A -f . touch "./${AUTHORIZED_KEYS}" chmod 600 "./${AUTHORIZED_KEYS}" cp "${passwd}" ./etc