search

gbraad-devenv / fedora

Fedora-based development environment of @gbraad
https://fedora.devenv.gbraad.nl
5 stars 7 forks source link

Make SSH keys part of /usr (read-only on immutable system) #27

Open gbraad opened 8 months ago

gbraad commented 8 months ago 
RUN mkdir -p /usr/etc-system/ && \
    echo 'PermitRootLogin prohibit-password' > /etc/ssh/sshd_config.d/35-no-root-pw.conf && \
    echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
    curl https://github.com/gbraad.keys | tee -a /usr/etc-system/root.keys && \
    chmod 0600 /usr/etc-system/*.keys