Add backup user
Also provide a way to set the ssh public key for the backup user
This commit is contained in:
Sander Koenders
parent
65fc2dc320
commit
0042f61d04
@ -27,11 +27,55 @@ function update_script() {
|
|||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
msg_info "Updating $APP LXC"
|
CHOICE=$(msg_menu "BorgBackup Server Update Options" \
|
||||||
$STD apk -U upgrade
|
"1" "Update BorgBackup Server" \
|
||||||
msg_ok "Updated $APP LXC"
|
"2" "Reset SSH Access")
|
||||||
|
|
||||||
|
case $CHOICE in
|
||||||
|
1)
|
||||||
|
msg_info "Updating $APP LXC"
|
||||||
|
$STD apk -U upgrade
|
||||||
|
msg_ok "Updated $APP LXC successfully!"
|
||||||
|
;;
|
||||||
|
2)
|
||||||
|
if [[ "${PHS_SILENT:-0}" == "1" ]]; then
|
||||||
|
msg_warn "Reset SSH Public key requires interactive mode, skipping."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
msg_info "Setting up SSH Public Key for backup user"
|
||||||
|
|
||||||
|
# Get SSH public key from user
|
||||||
|
msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):"
|
||||||
|
read -r SSH_PUBLIC_KEY
|
||||||
|
|
||||||
|
if [[ -z "$SSH_PUBLIC_KEY" ]]; then
|
||||||
|
msg_error "No SSH public key provided!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Validate that it looks like an SSH public key
|
||||||
|
if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then
|
||||||
|
msg_error "Invalid SSH public key format!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set up SSH directory and authorized_keys file
|
||||||
|
msg_info "Setting up SSH access"
|
||||||
|
mkdir -p /home/backup/.ssh
|
||||||
|
echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# Set correct permissions
|
||||||
|
chown -R backup:backup /home/backup/.ssh
|
||||||
|
chmod 700 /home/backup/.ssh
|
||||||
|
chmod 600 /home/backup/.ssh/authorized_keys
|
||||||
|
|
||||||
|
msg_ok "SSH access configured for backup user"
|
||||||
|
msg_info "SSH access details:"
|
||||||
|
msg_info "Connection: ssh backup@${IP}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
msg_ok "Updated successfully!"
|
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -19,6 +19,16 @@ $STD rc-update add sshd
|
|||||||
$STD rc-service sshd start
|
$STD rc-service sshd start
|
||||||
msg_ok "Installed BorgBackup"
|
msg_ok "Installed BorgBackup"
|
||||||
|
|
||||||
|
msg_info "Creating backup user"
|
||||||
|
$STD adduser -D -s /bin/bash -h /home/backup backup
|
||||||
|
$STD passwd -d backup
|
||||||
|
msg_ok "Created backup user"
|
||||||
|
|
||||||
|
msg_info "Configure SSH, disabling password authentication and enabling public key authentication"
|
||||||
|
$STD sed -i -e 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||||
|
$STD rc-service sshd restart
|
||||||
|
msg_ok "Configured SSH"
|
||||||
|
|
||||||
motd_ssh
|
motd_ssh
|
||||||
customize
|
customize
|
||||||
cleanup_lxc
|
cleanup_lxc
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user