This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
forked from usertesting/aws-ec2-ssh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install.sh
executable file
·67 lines (57 loc) · 2.41 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash -ex
INSTALL_PREFIX=${INSTALL_PREFIX:-/usr/local}
PATH=${INSTALL_PREFIX}/bin:${PATH}
REPO=${REPO:-widdix/aws-ec2-ssh}
BRANCH=${BRANCH:-master}
SCHEDULER=${SCHEDULER:-cron}
SSH_CONFIG_FILE=${SSH_CONFIG_FILE:-/etc/ssh/sshd_config}
SSH_AUTHORIZED_KEYS_DIR=${SSH_AUTHORIZED_KEYS_DIR:-/etc/ssh/authorized_keys}
SSH_SERVICE=${SSH_SERVICE:-sshd}
IAM_AUTHORIZED_GROUPS=${IAM_AUTHORIZED_GROUPS:-}
LOCAL_GROUPS=${LOCAL_GROUPS:-}
LOCAL_MARKER_GROUP=${LOCAL_MARKER_GROUP:-iam-user}
export INSTALL_PREFIX PATH REPO BRANCH SCHEDULER SSH_CONFIG_FILE SSH_AUTHORIZED_KEYS_DIR IAM_AUTHORIZED_GROUPS \
LOCAL_GROUPS LOCAL_MARKER_GROUP
function fetch() {
curl -sL https://raw.github.com/${REPO}/${BRANCH}/${1}
}
mkdir -p ${INSTALL_PREFIX}/bin
fetch iam_user_sync.sh > ${INSTALL_PREFIX}/bin/iam_user_sync
chmod +x ${INSTALL_PREFIX}/bin/iam_user_sync
mkdir -p ${SSH_AUTHORIZED_KEYS_DIR}
sed -i '/^AuthorizedKeysFile/d' ${SSH_CONFIG_FILE}
sed -i '$a\' ${SSH_CONFIG_FILE}
echo "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 ${SSH_AUTHORIZED_KEYS_DIR}/%u" >> ${SSH_CONFIG_FILE}
getent group ${LOCAL_MARKER_GROUP} >/dev/null 2>&1 || groupadd ${LOCAL_MARKER_GROUP}
case $SCHEDULER in
cron)
fetch iam_user_sync.cron |
sed "s|@@SSH_AUTHORIZED_KEYS_DIR@@|${SSH_AUTHORIZED_KEYS_DIR}|g" |
sed "s|@@IAM_AUTHORIZED_GROUPS@@|${IAM_AUTHORIZED_GROUPS}|g" |
sed "s|@@LOCAL_GROUPS@@|${LOCAL_GROUPS}|g" |
sed "s|@@LOCAL_MARKER_GROUP@@|${LOCAL_MARKER_GROUP}|g" |
sed "s|@@INSTALL_PREFIX@@|${INSTALL_PREFIX}|g" |
sed "s|@@PATH@@|${PATH}|g" > /etc/cron.d/iam_user_sync
chmod 0644 /etc/cron.d/iam_user_sync
;;
systemd)
fetch iam_user_sync.service |
sed "s|@@SSH_AUTHORIZED_KEYS_DIR@@|${SSH_AUTHORIZED_KEYS_DIR}|g" |
sed "s|@@IAM_AUTHORIZED_GROUPS@@|${IAM_AUTHORIZED_GROUPS}|g" |
sed "s|@@LOCAL_GROUPS@@|${LOCAL_GROUPS}|g" |
sed "s|@@LOCAL_MARKER_GROUP@@|${LOCAL_MARKER_GROUP}|g" |
sed "s|@@INSTALL_PREFIX@@|${INSTALL_PREFIX}|g" |
sed "s|@@PATH@@|${PATH}|g" > /etc/systemd/system/iam_user_sync.service
fetch iam_user_sync.timer > /etc/systemd/system/iam_user_sync.timer
chmod 0644 /etc/systemd/system/iam_user_sync.{service,timer}
systemctl daemon-reload
systemctl enable iam_user_sync.timer
systemctl start iam_user_sync.timer
;;
*)
echo "Unknown scheduler: ${SCHEDULER}" >&1
exit 1
;;
esac
${INSTALL_PREFIX}/bin/iam_user_sync
command -v service && service ${SSH_SERVICE} restart || true