CISS.debian.live.builder/config/includes.chroot/preseed/.ash/di_scripting_ssh.sh

#!/bin/sh
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

# No bash in the installer environment, only BusyBox.

set -o errexit
set -o nounset
set -o noclobber

if [ ! -d /target/root/.ssh ]; then
  mkdir -m 0700 /target/root/.ssh
fi

if [ -f /target/etc/ssh/ssh_host_ed25519_key ]; then
  rm -f /target/etc/ssh/ssh_host_ed25519_key
fi

if [ -f /target/etc/ssh/ssh_host_rsa_key ]; then
  rm -f /target/etc/ssh/ssh_host_rsa_key
fi

in-target ssh-keygen -o -a 1024 -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "root d-i $(date -I)"
in-target ssh-keygen -o -a 1024 -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -C "root d-i $(date -I)"

cp -a /target/etc/ssh/sshd_config /target/root/.d-i-backup/sshd_config.bak
rm -f /target/etc/ssh/sshd_config

cp /cdrom/install/.lib/sshd_config.lib /target/etc/ssh/sshd_config
chmod 0600 /target/etc/ssh/sshd_config

sed -i "s/Port					22/Port					37768/" /target/etc/ssh/sshd_config
sed -i "s/AllowUsers				DUMMYSTRING/AllowUsers				root/" /target/etc/ssh/sshd_config

cp /cdrom/install/.lib/banner.lib /target/etc/banner
chmod 0644 /target/etc/banner

umask 0077
wget --https-only --secure-protocol=TLSv1_3 -c -O /target/root/.ssh/authorized_keys https://coresecret.eu/download/developer/2024_rsa4096_developer_root.pub.key

exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh