testnet/dtrfs
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create server key on install and allow download

Browse Source
This commit is contained in:
ghe0 2025-01-11 18:16:02 +02:00
parent 7864c53236
commit b028a2e947
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
3 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
dtrfs_api/src/main.rs
View File

@ -132,8 +132,17 @@ struct SSHKeyForm {
ssh_key: String,
}
#[get("/ssh_key")]
async fn get_ssh_keys(req: HttpRequest) -> HttpResponse {
#[get("/server_ssh_pubkeys")]
async fn get_server_pubkeys() -> HttpResponse {
match os::get_server_ssh_pubkeys() {
Ok(keys) => HttpResponse::Ok().body(keys),
Err(e) => HttpResponse::InternalServerError()
.body(format!("Could not get pubkeys due to error: {e:?}\nDid you install the OS?")),
}
}
#[get("/authorized_keys")]
async fn get_authorized_keys(req: HttpRequest) -> HttpResponse {
if let Err(e) = verify(&req) {
return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e));
};
@ -143,13 +152,13 @@ async fn get_ssh_keys(req: HttpRequest) -> HttpResponse {
}
}
#[post("/ssh_key")]
async fn post_ssh_key(req: HttpRequest, form: web::Form<SSHKeyForm>) -> HttpResponse {
#[post("/authorized_keys")]
async fn post_authorized_keys(req: HttpRequest, form: web::Form<SSHKeyForm>) -> HttpResponse {
if let Err(e) = verify(&req) {
return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e));
};
let ssh_key = &form.ssh_key;
match os::add_ssh_key(ssh_key) {
match os::add_authorized_key(ssh_key) {
Ok(()) => HttpResponse::Ok().body("Key added to authorized_keys"),
Err(e) => HttpResponse::BadRequest().body(format!("{e:?}")),
}
@ -183,7 +192,7 @@ async fn main() -> std::io::Result<()> {
Ok(_) => {
println!("Hot decryption successful. Booting OS...");
return Ok(());
},
}
Err(e) => {
println!("Hot decryption failed: {e:?}");
}
@ -194,8 +203,9 @@ async fn main() -> std::io::Result<()> {
.service(post_install_form)
.service(post_decrypt_form)
.service(post_process_exit)
.service(post_ssh_key)
.service(get_ssh_keys)
.service(get_server_pubkeys)
.service(post_authorized_keys)
.service(get_authorized_keys)
.service(get_report)
.service(homepage)
})

15
dtrfs_api/src/os.rs
View File

@ -102,7 +102,7 @@ pub fn replace_hot_keyfile() -> Result<String> {
Ok("Succesfully replaced hot keyfile using SNP KDF.".to_string())
}
pub fn add_ssh_key(key: &str) -> Result<()> {
pub fn add_authorized_key(key: &str) -> Result<()> {
use std::os::unix::fs::PermissionsExt;
if !Path::new("/mnt/etc/os-release").try_exists().is_ok_and(|found| found == true) {
return Err(anyhow!(
@ -142,6 +142,19 @@ pub fn add_ssh_key(key: &str) -> Result<()> {
Ok(())
}
pub fn get_server_ssh_pubkeys() -> Result<String> {
let files = vec![
"/mnt/etc/ssh/ssh_host_rsa_key.pub",
"/mnt/etc/ssh/ssh_host_ecdsa_key.pub",
"/mnt/etc/ssh/ssh_host_ed25519_key.pub",
];
Ok(files
.iter()
.map(|f| std::fs::read_to_string(f))
.collect::<Result<String, std::io::Error>>()?)
}
pub fn list_ssh_keys() -> Result<String> {
Ok(std::fs::read_to_string("/mnt/root/.ssh/authorized_keys")?)
}

10
scripts/install_os.sh
View File

@ -58,3 +58,13 @@ echo "" > /mnt/etc/fstab
hostname=$(cat /proc/cmdline | grep -oE 'detee_name=[0-9a-z\_\.\-]+' | cut -d '=' -f2)
echo "=== Setting up guest hostname as $hostname"
[[ -n "$hostname" ]] && echo $hostname > /mnt/etc/hostname
echo "=== Generating SSH public keys"
echo "root:x:0:0:root:/root:/bin/sh" > /etc/passwd
[[ -f "/mnt/etc/ssh/ssh_host_rsa_key" ]] ||
/mnt/usr/bin/ssh-keygen -t rsa -f /mnt/etc/ssh/ssh_host_rsa_key -N '' > /dev/null
[[ -f "/mnt/etc/ssh/ssh_host_ecdsa_key" ]] ||
/mnt/usr/bin/ssh-keygen -t ecdsa -f /mnt/etc/ssh/ssh_host_ecdsa_key -N '' > /dev/null
[[ -f "/mnt/etc/ssh/ssh_host_ed25519_key" ]] ||
/mnt/usr/bin/ssh-keygen -t ed25519 -f /mnt/etc/ssh/ssh_host_ed25519_key -N '' > /dev/null
echo "=== Done! Download keys from /server_pubkeys"