-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcopy_keys.sh
executable file
·43 lines (35 loc) · 1.27 KB
/
copy_keys.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
# create the ssh folder to store the downloaded certifcates
echo "Creating ssh_files directory under /tmp"
mkdir /tmp/ssh_files
cd /tmp/ssh_files/ || exit
touch config
echo "Copying certs down from the bastion node..."
docker cp bastion:/etc/ssh/bastion-user-key /tmp/ssh_files/
docker cp bastion:/etc/ssh/bastion-user-key-cert.pub /tmp/ssh_files/
echo "Copying certs from app node..."
docker cp app:/etc/ssh/app-user-key /tmp/ssh_files/
docker cp app:/etc/ssh/app-user-key-cert.pub /tmp/ssh_files/
echo "Copying CA pub keys down..."
docker cp app:/etc/ssh/app_host_ca.pub /tmp/ssh_files/
docker cp bastion:/etc/ssh/bastion_host_ca.pub /tmp/ssh_files/
echo "adding ca.pub to your ssh_known_hosts..."
echo "@cert-authority localhost $(cat /tmp/ssh_files/bastion_host_ca.pub)" >> ~/.ssh/known_hosts
echo "@cert-authority app-node $(cat /tmp/ssh_files/app_host_ca.pub)" >> ~/.ssh/known_hosts
echo "All files have been copied!"
echo "Now copying needed ssh config into /tmp/ssh_files/config"
#sleep 5s
cat >>config<<EOF
Host bastion-node
HostName localhost
Port 2222
User bastion
IdentityFile /tmp/ssh_files/bastion-user-key
ProxyJump none
Host app-node
HostName app-node
Port 2223
User appuser
IdentityFile /tmp/ssh_files/app-user-key
ProxyJump bastion-node
EOF