feat(issue-11): add SSH setup script and kugetsu-setup documentation
- Add sshd-setup.sh: automated SSH setup inside container - Checks for systemd prerequisite - Creates non-root user (configurable via argument, fallback to 'kugetsu') - Configures sshd for key-only authentication - Configures passwordless sudo for the user - Enables and starts sshd via systemd - Add docs/kugetsu-setup.md: unified setup documentation - Container setup (Incus, Docker) - SSH setup (automated + manual steps) - Host-side port forwarding (Incus, firewall) - kugetsu installation - Usage guide - Remote access via SSH
This commit is contained in:
shokollm
79
skills/kugetsu/scripts/sshd-setup.sh
Executable file
79
skills/kugetsu/scripts/sshd-setup.sh
Executable file
@@ -0,0 +1,79 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
USERNAME="${1:-kugetsu}"
|
||||
|
||||
echo "=== kugetsu SSH Setup ==="
|
||||
echo "Target user: $USERNAME"
|
||||
echo ""
|
||||
|
||||
if ! command -v systemctl &> /dev/null; then
|
||||
echo "ERROR: systemd not found."
|
||||
echo ""
|
||||
echo "This script requires systemd to be installed and running inside the container."
|
||||
echo "Please install systemd first:"
|
||||
echo " apt-get update && apt-get install -y systemd"
|
||||
echo ""
|
||||
echo "If you are running in a container that doesn't support systemd, consider:"
|
||||
echo " - Using a container image with systemd support"
|
||||
echo " - Running sshd directly (without systemd) - manual setup required"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[1/6] Updating package lists..."
|
||||
apt-get update -qq
|
||||
|
||||
echo "[2/6] Installing openssh-server..."
|
||||
apt-get install -y -qq openssh-server sudo
|
||||
|
||||
echo "[3/6] Creating user '$USERNAME' if not exists..."
|
||||
if ! id "$USERNAME" &> /dev/null; then
|
||||
useradd -m -s /bin/bash "$USERNAME"
|
||||
echo "User '$USERNAME' created."
|
||||
else
|
||||
echo "User '$USERNAME' already exists."
|
||||
fi
|
||||
|
||||
echo "[4/6] Configuring SSH for key-only authentication..."
|
||||
SSHD_CONFIG="/etc/ssh/sshd_config"
|
||||
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG"
|
||||
sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONFIG"
|
||||
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONFIG"
|
||||
echo "SSH configured: key-only auth, root login disabled."
|
||||
|
||||
echo "[5/6] Configuring sudo for passwordless access..."
|
||||
SUDOERS_FILE="/etc/sudoers.d/$USERNAME"
|
||||
echo "$USERNAME ALL=(ALL) NOPASSWD: ALL" > "$SUDOERS_FILE"
|
||||
chmod 0440 "$SUDOERS_FILE"
|
||||
echo "Sudo configured: $USERNAME can run sudo without password."
|
||||
|
||||
echo "[6/6] Enabling and starting sshd..."
|
||||
systemctl enable sshd
|
||||
systemctl restart sshd
|
||||
|
||||
if systemctl is-active --quiet sshd; then
|
||||
echo "sshd is running."
|
||||
else
|
||||
echo "WARNING: sshd may not have started correctly. Check with: systemctl status sshd"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "=== Setup Complete ==="
|
||||
echo ""
|
||||
echo "Next steps:"
|
||||
echo ""
|
||||
echo "1. Add your SSH public key to authorized_keys:"
|
||||
echo " mkdir -p /home/$USERNAME/.ssh"
|
||||
echo " chmod 700 /home/$USERNAME/.ssh"
|
||||
echo " echo 'YOUR_PUBLIC_KEY' >> /home/$USERNAME/.ssh/authorized_keys"
|
||||
echo " chmod 600 /home/$USERNAME/.ssh/authorized_keys"
|
||||
echo " chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh"
|
||||
echo ""
|
||||
echo "2. Connect from remote:"
|
||||
echo " ssh -p 2222 $USERNAME@<container-host-ip>"
|
||||
echo ""
|
||||
echo " (Requires host-side port forwarding - see docs/kugetsu-setup.md)"
|
||||
echo ""
|
||||
echo "3. Verify SSH access:"
|
||||
echo " ssh -p 2222 $USERNAME@<container-host-ip> sudo systemctl status sshd"
|
||||
echo ""
|
||||
Reference in New Issue
Block a user