From ddc22f20ec1c706f6597f7712592a7c16aa66450 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Mon, 20 Dec 2021 14:09:52 +0100
Subject: [PATCH] Updated ws.pm (added ssh to enable copying certbot data).

---
 sources/ws.pm/envvars                         |  3 +-
 sources/ws.pm/postinstall/01_setownership.sh  |  3 ++
 .../ws.pm/postinstall/02_setpermissions.sh    |  4 ++
 .../install/etc/ssh/ssh_host_ecdsa_key        |  8 ++++
 .../install/etc/ssh/ssh_host_ecdsa_key.pub    |  1 +
 .../install/etc/ssh/ssh_host_ed25519_key      |  7 ++++
 .../etc/ssh/ssh_host_ed25519_key-cert.pub     |  1 +
 .../install/etc/ssh/ssh_host_ed25519_key.pub  |  1 +
 .../install/etc/ssh/ssh_host_rsa_key          | 38 +++++++++++++++++++
 .../install/etc/ssh/ssh_host_rsa_key.pub      |  1 +
 .../etc/ssh/sshd_config.d/99-host-cert.conf   |  1 +
 .../etc/ssh/sshd_config.d/99-user-CA.conf     |  1 +
 .../install/etc/ssh/trusted-user-ca.keys      |  1 +
 13 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key.pub
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf
 create mode 100644 sources/ws.pm/postinstall/install/etc/ssh/trusted-user-ca.keys

diff --git a/sources/ws.pm/envvars b/sources/ws.pm/envvars
index 7b9d7b2..f3c7f02 100644
--- a/sources/ws.pm/envvars
+++ b/sources/ws.pm/envvars
@@ -2,4 +2,5 @@ DISTRIBUTION=Fedora
 DISTRIBUTION_VERSION=35
 ROOT_PACKAGES="hostname initscripts iproute rootfiles systemd-udev"
 BASE_PACKAGES="NetworkManager iputils logrotate rsyslog tar vim-minimal"
-SPEC_PACKAGES="httpd mailx mod_ssl php postfix python3-certbot-apache"
+SPEC_PACKAGES="openssh-server openssh-clients"
+SPEC_PACKAGES="$SPEC_PACKAGES httpd mailx mod_ssl php postfix python3-certbot-apache"
diff --git a/sources/ws.pm/postinstall/01_setownership.sh b/sources/ws.pm/postinstall/01_setownership.sh
index f2e6b94..5582786 100755
--- a/sources/ws.pm/postinstall/01_setownership.sh
+++ b/sources/ws.pm/postinstall/01_setownership.sh
@@ -4,4 +4,7 @@
 REAL_PATH=$(dirname $(realpath $0))
 SOURCE_PATH=$REAL_PATH/install
 
+
 chown -R root.root $SOURCE_PATH/*
+
+chgrp ssh_keys $SOURCE_PATH/etc/ssh/*_key
diff --git a/sources/ws.pm/postinstall/02_setpermissions.sh b/sources/ws.pm/postinstall/02_setpermissions.sh
index 241386a..8066ca2 100755
--- a/sources/ws.pm/postinstall/02_setpermissions.sh
+++ b/sources/ws.pm/postinstall/02_setpermissions.sh
@@ -3,3 +3,7 @@
 
 REAL_PATH=$(dirname $(realpath $0))
 SOURCE_PATH=$REAL_PATH/install
+
+
+chmod 400 $SOURCE_PATH/etc/ssh/*_key
+chmod 444 $SOURCE_PATH/etc/ssh/*.pub
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key
new file mode 100644
index 0000000..a620b3d
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRV9gPUp7JtrYKTmjnCfenOtimEhmj6
+zY6k631As6vvCH6QpLU3qxoPs+kdRbWD9gXhQDimJGZLnlIY8FeHFyfqAAAAoEJDyclCQ8
+nJAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFX2A9Snsm2tgpOa
+OcJ96c62KYSGaPrNjqTrfUCzq+8IfpCktTerGg+z6R1FtYP2BeFAOKYkZkueUhjwV4cXJ+
+oAAAAhAOPPGAEPClQE2nh3ba2NW2YBKHcYARhbYKADtnufmOe+AAAAAAECAwQFBgc=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000..16d3e2f
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFX2A9Snsm2tgpOaOcJ96c62KYSGaPrNjqTrfUCzq+8IfpCktTerGg+z6R1FtYP2BeFAOKYkZkueUhjwV4cXJ+o= 
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key
new file mode 100644
index 0000000..8eeb826
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDDnEGt+oDQ21ShuMBtp9pF6c/KbuGkyi7G87RC7sH0gwAAAIgsZ2UFLGdl
+BQAAAAtzc2gtZWQyNTUxOQAAACDDnEGt+oDQ21ShuMBtp9pF6c/KbuGkyi7G87RC7sH0gw
+AAAEBmAugNoMxjQJkGGyCIGFPE2NorShm1gcLuD1C0HnMzr8OcQa36gNDbVKG4wG2n2kXp
+z8pu4aTKLsbztELuwfSDAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub
new file mode 100644
index 0000000..619d992
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFw20kXef4L7ZnrOqpbiBBSICKjbF4BGUsSjjzTVxnhuAAAAIMOcQa36gNDbVKG4wG2n2kXpz8pu4aTKLsbztELuwfSDAAAAAAAAAAAAAAACAAAAEHdzLnBtLnVzZXJpYm0uaHUAAAAUAAAAEHdzLnBtLnVzZXJpYm0uaHUAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBF2CCM61EsfPwUOv7bZEq+aBMgeReWIOG6dQzpKgzjfQAAAFMAAAALc3NoLWVkMjU1MTkAAABABvS4I9z4yPUIdwPZeTK36B5S/yh16ccUBwPQdFbEkH+53OWETlsyL5EKiMEWZz90e1PRJSk83Reqv8JypGqjAA== /etc/ssh/ssh_host_ed25519_key.pub
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..b713ff6
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOcQa36gNDbVKG4wG2n2kXpz8pu4aTKLsbztELuwfSD 
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key
new file mode 100644
index 0000000..fde5d4a
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA2ZPCbpjTcIiERs2K8B0W9rMh/RoxzbUlvz2KPiNGuKkEx5aWtSzs
+KGXJj68xeFBILDeWloIHAbB2x9CflxD04BYdq3KdUWe/YjwrPrrXy/VjT4yWZO+fEcz6G/
+vLGzRq+5rNHZ8k5JYWjh0pBKchKGbPVOnP6PmkgFPJDGlrsBFtEWxaiucvYEn3hmqd0xKB
+Tb+aKL31vfGLzo94RoLrXpdc/nBz/Y9AYmD241pUp42TD2WvryhsF9XSreOMtAKkkj0R/j
+kJoYA8o4PwacrOwBZhyylTgZPUG3vUjG3R+fnegGDfLtJ+RmTOUZdpISBvFlVCyBG/U8C/
+pY0pqBTT7y2/EsGuuS34btHCsYrsUhyMcu6puP87fronqe/Q/01I9OsdxLLBz3eVZAUV3Q
+tSruojVlkf33GUqMW7ZR6RNDbfgjmFaEENcJqfLagq4PuP1BFvPtDZsQ8pha1/wgE01jTY
++T/SK8ShuR57XfbdjkJUVZ43VDKhLeZnq07DnLdPAAAFeEIvzCZCL8wmAAAAB3NzaC1yc2
+EAAAGBANmTwm6Y03CIhEbNivAdFvazIf0aMc21Jb89ij4jRripBMeWlrUs7ChlyY+vMXhQ
+SCw3lpaCBwGwdsfQn5cQ9OAWHatynVFnv2I8Kz6618v1Y0+MlmTvnxHM+hv7yxs0avuazR
+2fJOSWFo4dKQSnIShmz1Tpz+j5pIBTyQxpa7ARbRFsWornL2BJ94ZqndMSgU2/mii99b3x
+i86PeEaC616XXP5wc/2PQGJg9uNaVKeNkw9lr68obBfV0q3jjLQCpJI9Ef45CaGAPKOD8G
+nKzsAWYcspU4GT1Bt71Ixt0fn53oBg3y7SfkZkzlGXaSEgbxZVQsgRv1PAv6WNKagU0+8t
+vxLBrrkt+G7RwrGK7FIcjHLuqbj/O366J6nv0P9NSPTrHcSywc93lWQFFd0LUq7qI1ZZH9
+9xlKjFu2UekTQ234I5hWhBDXCany2oKuD7j9QRbz7Q2bEPKYWtf8IBNNY02Pk/0ivEobke
+e1323Y5CVFWeN1QyoS3mZ6tOw5y3TwAAAAMBAAEAAAGANfY9nKxulFRnaiAEO3Ubguf+oA
+VlIL2ytPGQXcTl/1p8AvxIOHsBvysviGFNBafznnPS91UcY8DeVMRbMF5WPVV+2ky807nF
+b5m4qAAzETS1Ar+9dR8w9ns99L7IKuEfP3OvN4+G2OKYiXqV979zq8+D0G2E0SVJNUKSdG
++Y87v+rvmOozCfQWRW7ZF3vyexxhSlKUGjtw43PG28yNAji/xCZiCBw/tJXpzp3o1CvaOR
+O5perjR6SpcPf20WMncM4ImDLBTIBYQBpCoQp+8CJ4owic7HJO9nu3oF0tTBP6TnHNAhJG
+JTQQIb1M6BqBKjG1PHpeQtjcxV3/hkuisHzxUVjh/GRFK+g/vaxCz5z0IkUGTZLyXLgVFl
+81cvY/eB2H2nZia4Mn8AAcjZLxm0oEN1CbaEyoUSgtzLILfkwv8XUxTQh+Il8s9fcvxowg
+MVnBES+O43YjmWc9T7RbwJKsKjKal8dMeHopC/2H9uCuYCbjNCKbymb+bkLjGHLlMxAAAA
+wQC1DqpGYalTGMCJHCcYJ9QYTuiXz7Wb5ZuLkQVhe1VUHY+0OKcK98vgUCqJJsFZaiBRJs
+MpU9vQPyuMb16epGZbOIf86EsLp1OvExlZh3UYDrsPaGSzd+H73L0Oypg/VEaxD5BnCIRi
+bgGaa27KhGVaN9YX/TE8rpTwdwBaSc+3pJMyhcu2be2RuCIGZssQXVbWxAijbsQDNODzrE
+SPmiqK9DAoQJdCen9Y2K1mYELe+uRvpxOWWt5Og77dEN4T2b0AAADBAP5/e2ByNagJxVE3
+VOWE7GZIHbiKzPPGgFaaZTVsFZYzKmQ3Bom7I+r30rXk3X6I3oPimJAH65PtY5IyXMFWb0
+T3Ys5LzM66iOw/2rCXuQWmOFFyvnqZqsFeKcaNNDfm+uvm45JDZf1OpnmbJoi2XHB4XkIb
+pcJai6KR2pz9j2MLU3oX8Do34gAtL7OAjQ9saEVKBQDhUaVxzQsyhzVtSazVttDPscgPj7
+GaR+BJ/YVm//5NgNxNtJc9+PHEY1buFQAAAMEA2tx+jogMCihD2Q+EJM1NEF+7PK6zmnTV
+WI5hb1jdDITbVPhEHVW6gWSnVNlId9eN1QZaTwk8xT7PpOFTXaDYvYoLs/sW7b4TxU//H8
+rhdUlyrWNzOqIA5LhUYBtpOhOm5YYigxq+jdljU7xzEB7ZbAYFAWkAgexmS+xHYn55wTvD
+sH8EhWfslOpEAGjjbUQQi23gNYm3+zgsOsvgeM6GmeyJsYwImlQTWdHXjfDP3rWCM6F5Dy
+z2OALeF2o5d4zTAAAAAAEC
+-----END OPENSSH PRIVATE KEY-----
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key.pub b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key.pub
new file mode 100644
index 0000000..3d979fc
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZk8JumNNwiIRGzYrwHRb2syH9GjHNtSW/PYo+I0a4qQTHlpa1LOwoZcmPrzF4UEgsN5aWggcBsHbH0J+XEPTgFh2rcp1RZ79iPCs+utfL9WNPjJZk758RzPob+8sbNGr7ms0dnyTklhaOHSkEpyEoZs9U6c/o+aSAU8kMaWuwEW0RbFqK5y9gSfeGap3TEoFNv5oovfW98YvOj3hGgutel1z+cHP9j0BiYPbjWlSnjZMPZa+vKGwX1dKt44y0AqSSPRH+OQmhgDyjg/Bpys7AFmHLKVOBk9Qbe9SMbdH5+d6AYN8u0n5GZM5Rl2khIG8WVULIEb9TwL+ljSmoFNPvLb8Swa65Lfhu0cKxiuxSHIxy7qm4/zt+uiep79D/TUj06x3EssHPd5VkBRXdC1Ku6iNWWR/fcZSoxbtlHpE0Nt+COYVoQQ1wmp8tqCrg+4/UEW8+0NmxDymFrX/CATTWNNj5P9IrxKG5Hntd9t2OQlRVnjdUMqEt5merTsOct08= 
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf
new file mode 100644
index 0000000..173b545
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf
@@ -0,0 +1 @@
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf
new file mode 100644
index 0000000..115882b
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf
@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys
diff --git a/sources/ws.pm/postinstall/install/etc/ssh/trusted-user-ca.keys b/sources/ws.pm/postinstall/install/etc/ssh/trusted-user-ca.keys
new file mode 100644
index 0000000..84d19e3
--- /dev/null
+++ b/sources/ws.pm/postinstall/install/etc/ssh/trusted-user-ca.keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA
-- 
2.54.0