setup-sshd: Ask for authorized key for root

Fixes #10459.

1 files changed, 23 insertions, 2 deletions

diff --git a/setup-sshd.in b/setup-sshd.in
index 67cb8a0..caf8f1c 100644
--- a/setup-sshd.in
+++ b/setup-sshd.in
@@ -6,21 +6,23 @@ PREFIX=
 
 usage() {
 	cat <<-__EOF__
-		usage: setup-sshd [-h] [-c choice of SSH daemon]
+		usage: setup-sshd [-h] [-c choice of SSH daemon] [-k authorized key]
 
 		Setup sshd daemon
 
 		options:
 		 -h  Show this help
 		 -c  Choice of SSH daemon: openssh dropbear none
+		 -k  Authorized key for root (HTTP(S)/FTP URL, the public key itself or 'none')
 	__EOF__
 	exit 1
 }
 
-while getopts "hc:" opt; do
+while getopts "hc:k:" opt; do
 	case $opt in
 		h) usage;;
 		c) sshdchoice="$OPTARG";;
+		k) authorized_key="$OPTARG";;
 	esac
 done
 
@@ -50,3 +52,22 @@ if [ -n "$svc" ]; then
 	rc-update add $svc default
 	rc-service $svc start
 fi
+
+if [ -z "$authorized_key" ]; then
+	ask "Authorized SSH public key for root? (HTTP(S)/FTP URL or the public key itself)" none
+	authorized_key="$resp"
+fi
+
+if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then
+	# if the argument is an HTTP(S)/FTP URL, try to fetch the file contents
+	if [ -z "$(echo "$authorized_key" | sed -E 's~^(https?|ftp)://.+$~~')" ]; then
+		key_url="$authorized_key"
+		authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
+
+		echo "Received authorized SSH key from '$key_url':"
+		echo "$authorized_key"
+	fi
+
+	mkdir -p ${ROOT}/root/.ssh
+	echo "$authorized_key" >> ${ROOT}/root/.ssh/authorized_keys
+fi