[rear-devel] [rear/rear] b57aa3: Update 501_check_ssh_keys.sh

Johannes Meixner noreply at github.com
Tue Jun 9 11:39:47 CEST 2020


  Branch: refs/heads/master
  Home:   https://github.com/rear/rear
  Commit: b57aa3ca9b87dad0b90ddfde0cf559eda01d3262
      https://github.com/rear/rear/commit/b57aa3ca9b87dad0b90ddfde0cf559eda01d3262
  Author: Johannes Meixner <jsmeix at suse.com>
  Date:   2020-06-08 (Mon, 08 Jun 2020)

  Changed paths:
    M usr/share/rear/build/default/501_check_ssh_keys.sh

  Log Message:
  -----------
  Update 501_check_ssh_keys.sh

Overhauled how SSH config files are parsed for IdentityFile values
to find (and remove) unprotected SSH keys in the recovery system.
Now "find ./etc/ssh" ensures that SSH 'Include' config files
e.g. in /etc/ssh/ssh_config.d/ are also parsed,
see https://github.com/rear/rear/issues/2421


  Commit: 4933de3c5e4a29f2bc519f465854cfa3d917f8cf
      https://github.com/rear/rear/commit/4933de3c5e4a29f2bc519f465854cfa3d917f8cf
  Author: Johannes Meixner <jsmeix at suse.com>
  Date:   2020-06-08 (Mon, 08 Jun 2020)

  Changed paths:
    M usr/share/rear/build/default/501_check_ssh_keys.sh

  Log Message:
  -----------
  Update 501_check_ssh_keys.sh

Simpler grep regex '^[^#]*IdentityFile' instead of '^[^#]*IdentityFile.*'


  Commit: 19eea34d3e9eb080009de9df7ec1e98d0b01ed61
      https://github.com/rear/rear/commit/19eea34d3e9eb080009de9df7ec1e98d0b01ed61
  Author: Johannes Meixner <jsmeix at suse.com>
  Date:   2020-06-08 (Mon, 08 Jun 2020)

  Changed paths:
    M usr/share/rear/build/default/501_check_ssh_keys.sh

  Log Message:
  -----------
  Update 501_check_ssh_keys.sh

Use a './' prefix for './$ROOT_HOME_DIR' in sed ... -e "s#~#./$ROOT_HOME_DIR#g"
to ensure that all paths are relative paths inside the recovery system and
to let the sed result match root_key_files=( ... ./$ROOT_HOME_DIR/.ssh/id_* )
so that duplicates can be filtered out by key_files=( $( echo ... | sort -u )
cf. https://github.com/rear/rear/pull/2422#issuecomment-640617360


  Commit: 9eba2829e4420996cd6bae27ab55d49e0dc3f913
      https://github.com/rear/rear/commit/9eba2829e4420996cd6bae27ab55d49e0dc3f913
  Author: Johannes Meixner <jsmeix at suse.com>
  Date:   2020-06-09 (Tue, 09 Jun 2020)

  Changed paths:
    M usr/share/rear/build/default/501_check_ssh_keys.sh

  Log Message:
  -----------
  Merge pull request #2422 from rear/also_parse_SSH_Include_files

Overhauled how SSH config files are parsed for IdentityFile values
to find (and remove) unprotected SSH keys in the recovery system.
Now "find ./etc/ssh" ensures that SSH 'Include' config files
e.g. in /etc/ssh/ssh_config.d/ are also parsed, see
https://github.com/rear/rear/issues/2421


Compare: https://github.com/rear/rear/compare/4019b7813b99...9eba2829e442


More information about the rear-devel mailing list