Bootstrapping Linux VMs - Set up authorized keys

00_bootstrap_authorized_keys_on_linux

TITLE FOR GIST ;-)

01_prep_as_root.sh

#!/bin/bash

: "${VM_IP:? VM_IP must be set}"

exec ssh root@${VM_IP} \
    'bash -s' < 01_prereq_as_root.sh

01_prereq_as_root.sh

#/bin/bash
set -eu

wget -nc -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 || :
chmod +x /usr/local/bin/jq
python -mplatform | grep -qi centos && yum -y update curl nss

02_upload_authorized_keys.sh

#!/bin/bash

: "${VM_IP:? VM_IP must be set}"
: "${VM_USER:? VM_USER must be set}"
: "${GITHUB_USERNAME:? GITHUB_USERNAME must be set}"
: "${GITHUB_ACCESS_TOKEN:? GITHUB_ACCESS_TOKEN must be set}"

exec ssh ${VM_USER}@${VM_IP} \
    GITHUB_USERNAME=$GITHUB_USERNAME \
    GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN \
    'bash -s' < authorized_keys_from_public_keys.sh

authorized_keys_from_public_keys.sh

#/bin/bash
set -eu
: "${GITHUB_USERNAME:? GITHUB_USERNAME must be set}"
: "${GITHUB_ACCESS_TOKEN:? GITHUB_ACCESS_TOKEN must be set}"

now=$(date +%F_%H-%M-%S)
mkdir -p .ssh
SSH_AUTHORIZED_KEYS_FILE=.ssh/authorized_keys
touch $SSH_AUTHORIZED_KEYS_FILE
chmod -R 700 .ssh
cp $SSH_AUTHORIZED_KEYS_FILE ${SSH_AUTHORIZED_KEYS_FILE}_${now}.BAK 2>/dev/null || : # https://serverfault.com/a/153893

curl -s -u "$GITHUB_USERNAME:$GITHUB_ACCESS_TOKEN" https://api.github.com/user/keys | jq -r --arg github_user_id "$GITHUB_USERNAME" '.[] | select(.title | contains("authorized_key")) | "\(.key) \(.title) \($github_user_id)"' > $SSH_AUTHORIZED_KEYS_FILE
echo "Updated $SSH_AUTHORIZED_KEYS_FILE with keys from GitHub. Test with key access then turn off password access via /etc/ssh/sshd_config with PermitRootLogin no and PasswordAuthentication no"