create new ssh keys for new jails instead of copying those from the host
It increases the security by having different keys between jails. It reduces the risk of changing the keys of jails after creationtheir creation.
This commit is contained in:
parent
1f29162da4
commit
c141986a6d
|
@ -14,7 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
* bkctld-update: start jail after upgrade if it was started before
|
* bkctld-update: start jail after upgrade if it was started before
|
||||||
* Split check into check-jails and check-setup
|
* Split check into check-jails and check-setup
|
||||||
|
* bkctld-check-jails checks if jails
|
||||||
* bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started
|
* bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started
|
||||||
|
* create new ssh keys for new jails instead of copying those from the host
|
||||||
|
|
||||||
### Deprecated
|
### Deprecated
|
||||||
|
|
||||||
|
|
|
@ -249,9 +249,7 @@ setup_jail_chroot() {
|
||||||
touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
|
touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
|
||||||
|
|
||||||
info "2 - Copying essential files"
|
info "2 - Copying essential files"
|
||||||
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
|
ssh-keygen -A -f .
|
||||||
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
|
|
||||||
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
|
|
||||||
touch "./${AUTHORIZED_KEYS}"
|
touch "./${AUTHORIZED_KEYS}"
|
||||||
chmod 600 "./${AUTHORIZED_KEYS}"
|
chmod 600 "./${AUTHORIZED_KEYS}"
|
||||||
cp "${passwd}" ./etc
|
cp "${passwd}" ./etc
|
||||||
|
|
Loading…
Reference in a new issue