diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-26 12:36:05 +0100 | 
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-26 12:36:05 +0100 | 
| commit | f1e31e9aeb67fa90a383cc1213dea7c2f0867484 (patch) | |
| tree | d395e97d9ee1d20b19423d504e9862c6c8d2fdb2 | |
| parent | 7a34ebc25677507c65af341d56591977d299c55d (diff) | |
| download | itzks-systems-f1e31e9aeb67fa90a383cc1213dea7c2f0867484.tar.gz itzks-systems-f1e31e9aeb67fa90a383cc1213dea7c2f0867484.tar.bz2 itzks-systems-f1e31e9aeb67fa90a383cc1213dea7c2f0867484.zip | |
LTSP: Support providing SSH access to diskless clients.
| -rw-r--r-- | etc/ltsp/image-local.omit-excludes | 2 | ||||
| -rw-r--r-- | etc/ltsp/ltsp.conf.itzks-systems-disklserver.in | 4 | ||||
| -rwxr-xr-x | sbin/itzks-update-disklserver-squashfs-images | 8 | 
3 files changed, 13 insertions, 1 deletions
| diff --git a/etc/ltsp/image-local.omit-excludes b/etc/ltsp/image-local.omit-excludes new file mode 100644 index 0000000..18d36b8 --- /dev/null +++ b/etc/ltsp/image-local.omit-excludes @@ -0,0 +1,2 @@ +root/.* +etc/ssh/ssh_host_* diff --git a/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in b/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in index 900d975..e6cc553 100644 --- a/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in +++ b/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in @@ -43,7 +43,7 @@ SEARCH_DOMAIN=intern  KERNEL_PARAMETERS="quiet splash"  ADD_IMAGE_EXCLUDES="/etc/ltsp/image-local.excludes" -OMIT_IMAGE_EXCLUDES="root/.*" +OMIT_IMAGE_EXCLUDES="/etc/ltsp/image-local.omit-excludes"  [clients] @@ -55,6 +55,8 @@ LIGHTDM_CONF="greeter-hide-users=true"  POST_INIT_USE_FQDN="sed -i '/10.0.2.2/ s/server/tjener.intern tjener/' /etc/hosts"  POST_INIT_SITESUMMARY="sed -i 's/main-server/ltsp-client/' /etc/sitesummary/hostclass"  MASK_SYSTEM_SERVICES="apache2 etckeeper icinga2 nmbd smbd systemd-journald isc-dhcp-server" +# uncomment this to enable SSH access to LTSP clients +#KEEP_SYSTEM_SERVICES="ssh"  # Allow local root logins by setting a password hash for the root user.  # The hash contains $, making it hard to escape in POST_INIT_x="sed ...". diff --git a/sbin/itzks-update-disklserver-squashfs-images b/sbin/itzks-update-disklserver-squashfs-images index e9906c6..c577fcf 100755 --- a/sbin/itzks-update-disklserver-squashfs-images +++ b/sbin/itzks-update-disklserver-squashfs-images @@ -138,6 +138,14 @@ for chroot in ${ltsp_chroots}; do  	done +	# Copy the host's SSH host keys to the LTSP client chroot if it doesn't have any host keys +	host_keys="$(find /etc/ssh/ssh_host_*)" +	if [ -n "${host_keys}" ]; then +		for host_key in ${host_keys}; do +			cp "${host_key}" "${LTSP_OPT}/${chroot}/etc/ssh/" +		done +	fi +  	# Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys)  	# Use host's authorized_keys file for granting DLW access via SSH as root without password  	if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then | 
