diff --git a/dtrfs_api/src/main.rs b/dtrfs_api/src/main.rs index cd11718..a7bf42f 100644 --- a/dtrfs_api/src/main.rs +++ b/dtrfs_api/src/main.rs @@ -132,8 +132,17 @@ struct SSHKeyForm { ssh_key: String, } -#[get("/ssh_key")] -async fn get_ssh_keys(req: HttpRequest) -> HttpResponse { +#[get("/server_ssh_pubkeys")] +async fn get_server_pubkeys() -> HttpResponse { + match os::get_server_ssh_pubkeys() { + Ok(keys) => HttpResponse::Ok().body(keys), + Err(e) => HttpResponse::InternalServerError() + .body(format!("Could not get pubkeys due to errr: {e:?}\nDid you install the OS?")), + } +} + +#[get("/authorized_keys")] +async fn get_authorized_keys(req: HttpRequest) -> HttpResponse { if let Err(e) = verify(&req) { return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e)); }; @@ -143,13 +152,13 @@ async fn get_ssh_keys(req: HttpRequest) -> HttpResponse { } } -#[post("/ssh_key")] -async fn post_ssh_key(req: HttpRequest, form: web::Form) -> HttpResponse { +#[post("/authorized_keys")] +async fn post_authorized_keys(req: HttpRequest, form: web::Form) -> HttpResponse { if let Err(e) = verify(&req) { return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e)); }; let ssh_key = &form.ssh_key; - match os::add_ssh_key(ssh_key) { + match os::add_authorized_key(ssh_key) { Ok(()) => HttpResponse::Ok().body("Key added to authorized_keys"), Err(e) => HttpResponse::BadRequest().body(format!("{e:?}")), } @@ -183,7 +192,7 @@ async fn main() -> std::io::Result<()> { Ok(_) => { println!("Hot decryption successful. Booting OS..."); return Ok(()); - }, + } Err(e) => { println!("Hot decryption failed: {e:?}"); } @@ -194,8 +203,8 @@ async fn main() -> std::io::Result<()> { .service(post_install_form) .service(post_decrypt_form) .service(post_process_exit) - .service(post_ssh_key) - .service(get_ssh_keys) + .service(post_authorized_keys) + .service(get_authorized_keys) .service(get_report) .service(homepage) }) diff --git a/dtrfs_api/src/os.rs b/dtrfs_api/src/os.rs index 7ed90b9..f46b975 100644 --- a/dtrfs_api/src/os.rs +++ b/dtrfs_api/src/os.rs @@ -102,7 +102,7 @@ pub fn replace_hot_keyfile() -> Result { Ok("Succesfully replaced hot keyfile using SNP KDF.".to_string()) } -pub fn add_ssh_key(key: &str) -> Result<()> { +pub fn add_authorized_key(key: &str) -> Result<()> { use std::os::unix::fs::PermissionsExt; if !Path::new("/mnt/etc/os-release").try_exists().is_ok_and(|found| found == true) { return Err(anyhow!( @@ -142,6 +142,19 @@ pub fn add_ssh_key(key: &str) -> Result<()> { Ok(()) } +pub fn get_server_ssh_pubkeys() -> Result { + let files = vec![ + "/mnt/etc/ssh/ssh_host_rsa_key.pub", + "/mnt/etc/ssh/ssh_host_ecdsa_key.pub", + "/mnt/etc/ssh/ssh_host_ed25519_key.pub", + ]; + + Ok(files + .iter() + .map(|f| std::fs::read_to_string(f)) + .collect::>()?) +} + pub fn list_ssh_keys() -> Result { Ok(std::fs::read_to_string("/mnt/root/.ssh/authorized_keys")?) } diff --git a/scripts/install_os.sh b/scripts/install_os.sh index 38d6701..3cc0cc2 100755 --- a/scripts/install_os.sh +++ b/scripts/install_os.sh @@ -58,3 +58,12 @@ echo "" > /mnt/etc/fstab hostname=$(cat /proc/cmdline | grep -oE 'detee_name=[0-9a-z\_\.\-]+' | cut -d '=' -f2) echo "=== Setting up guest hostname as $hostname" [[ -n "$hostname" ]] && echo $hostname > /mnt/etc/hostname + +echo "=== Generating SSH public keys" +[[ -f "/mnt/etc/ssh/ssh_host_rsa_key" ]] || + /mnt/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' > /dev/null +[[ -f "/mnt/etc/ssh/ssh_host_ecdsa_key" ]] || + /mnt/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' > /dev/null +[[ -f "/mnt/etc/ssh/ssh_host_ed25519_key" ]] || + /mnt/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' > /dev/null +echo "=== Done! Download keys from /server_pubkeys"