sudo sed -i.orig '/key *<KPMU> *{/,/}/s/KP_Multiply/underscore/g' /usr/share/X11/xkb/symbols/keypad
##### basic graphical packages
- pi konsole suckless-tools
+ pi konsole suckless-tools ssh-askpass
fi
if $allow; then
eval $SSH_ORIGINAL_COMMAND
else
- /a/opt/btrbk/ssh_filter_btrbk.sh --target --delete --source --info
+ f=/usr/local/bin/ssh_filter_btrbk.sh
+ if [[ ! -e $f ]]; then
+ f=/a/opt/btrbk/ssh_filter_btrbk.sh
+ fi
+ $f --target --delete --source --info
fi
rsync --exclude=/h --exclude=/h.pub --exclude /config --exclude /confighome -rtL --delete $user_ssh_dir/ /root/.ssh
rsync -tL $user_ssh_dir/config /root/.ssh/confighome
cp -a /q/root/h{,.pub} /root/.ssh
-# The h key is like the home key, but only a whitelist of commands allowed, and
+### The h key is like the home key, but only a whitelist of commands allowed, and
# not encrypted, so cron and whatnot can use it.
# For any interactive ssh command we want to run as root that is not in that
# whitelist, we need to ssh -F $HOME/.ssh/confighome
+### I run a separate ssh-agent for root where I add keys without
+# confirm. This the root ssh-agent is only available
+# to root, and it allows us to have a working ssh when X isnt available,
+# eg, in an ssh shell. confirm for regular user provides some protection
+# that a rouge user program cant use my ssh key.
sed 's,^IdentityFile ~/\.ssh/home$,IdentityFile ~/\.ssh/h,;s,^AddKeysToAgent confirm,AddKeysToAgent yes,' /root/.ssh/confighome >/root/.ssh/config
chown -R root:root /root/.ssh
# notably: installs hssh
/a/exe/install-my-scripts
-
+install /a/opt/btrbk/ssh_filter_btrbk.sh /usr/local/bin
systemctl enable --now ssh-agent-root
d=/etc/initramfs-tools
iankelling.org / git / distro-setup / commitdiff