From 69a74f1855df352e9a5016fefbacec71894e36f7 Mon Sep 17 00:00:00 2001 From: adam Date: Fri, 6 Dec 2024 20:39:16 -0500 Subject: [PATCH] don't command from within the new user's directory --- scripts/1clickservice.groovy | 4 +++- scripts/serviceaccount.sh | 14 +++++--------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/scripts/1clickservice.groovy b/scripts/1clickservice.groovy index 9e7bfb8..03ed754 100644 --- a/scripts/1clickservice.groovy +++ b/scripts/1clickservice.groovy @@ -215,7 +215,9 @@ pipeline { script { withCredentials([sshUserPrivateKey(credentialsId: env.SUDOERSSHID, keyFileVariable: 'PK')]) { - sh 'scp ${servicename}-ssh.pub -i \"${PK}\" ${SUDOER_USR}@${targetHost}:~/ssh.pub' + sh """#!/bin/bash + scp -i \"${PK}\" ${servicename}-ssh.pub ${SUDOER_USR}@${targetHost}:~/ssh.pub + """ sh """#!/bin/bash ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts diff --git a/scripts/serviceaccount.sh b/scripts/serviceaccount.sh index 56e3670..66aefbd 100644 --- a/scripts/serviceaccount.sh +++ b/scripts/serviceaccount.sh @@ -5,18 +5,14 @@ SUDOER_PSW= function restofscript(){ USERNAMETOADD= PASSWORDTOADD= - PUBKEYCONTENT= useradd -m -s /bin/bash ${USERNAMETOADD} echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd loginctl enable-linger ${USERNAMETOADD} - cd /home/${USERNAMETOADD} - mkdir .ssh - pushd .ssh - touch authorized_keys - popd - cat ssh.pub >> .ssh/authorized_keys - chmod 600 authorized_keys - chown -R "${USERNAMETOADD}:${USERNAMETOADD}" .ssh + mkdir /home/${USERNAMETOADD}/.ssh + touch /home/${USERNAMETOADD}/authorized_keys + cat ssh.pub >> /home/${USERNAMETOADD}/.ssh/authorized_keys + chmod 600 /home/${USERNAMETOADD}/authorized_keys + chown -R "${USERNAMETOADD}:${USERNAMETOADD}" /home/${USERNAMETOADD}/.ssh } echo "${SUDOER_PSW}" | sudo -S bash -c "$(declare -f restofscript); restofscript"