1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-26 18:10:54 +00:00

Updated key setup

- made key lower in bits, but stronger (using -a option),
- made ssh-keygen run in background using nohup,
- added independent key file, as id_rsa_miab,
- added ssh-options to all duplicity calls to use the id_rsa_miab keyfile,
- changed path to the public key display

Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
This commit is contained in:
Bernard `Guyzmo` Pratz 2016-01-14 21:52:46 +00:00
parent 660a41f23e
commit 161b5236b6
2 changed files with 11 additions and 4 deletions

View File

@ -57,6 +57,7 @@ def backup_status(env):
"--archive-dir", backup_cache_dir, "--archive-dir", backup_cache_dir,
"--gpg-options", "--cipher-algo=AES256", "--gpg-options", "--cipher-algo=AES256",
"--log-fd", "1", "--log-fd", "1",
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"], config["target"],
], ],
get_env(env), get_env(env),
@ -249,6 +250,7 @@ def perform_backup(full_backup):
"--volsize", "250", "--volsize", "250",
"--gpg-options", "--cipher-algo=AES256", "--gpg-options", "--cipher-algo=AES256",
env["STORAGE_ROOT"], env["STORAGE_ROOT"],
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"], config["target"],
"--allow-source-mismatch" "--allow-source-mismatch"
], ],
@ -272,6 +274,7 @@ def perform_backup(full_backup):
"--verbosity", "error", "--verbosity", "error",
"--archive-dir", backup_cache_dir, "--archive-dir", backup_cache_dir,
"--force", "--force",
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"] config["target"]
], ],
get_env(env)) get_env(env))
@ -287,6 +290,7 @@ def perform_backup(full_backup):
"--verbosity", "error", "--verbosity", "error",
"--archive-dir", backup_cache_dir, "--archive-dir", backup_cache_dir,
"--force", "--force",
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"] config["target"]
], ],
get_env(env)) get_env(env))
@ -325,6 +329,7 @@ def run_duplicity_verification():
"--compare-data", "--compare-data",
"--archive-dir", backup_cache_dir, "--archive-dir", backup_cache_dir,
"--exclude", backup_root, "--exclude", backup_root,
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"], config["target"],
env["STORAGE_ROOT"], env["STORAGE_ROOT"],
], get_env(env)) ], get_env(env))
@ -337,6 +342,7 @@ def run_duplicity_restore(args):
"/usr/bin/duplicity", "/usr/bin/duplicity",
"restore", "restore",
"--archive-dir", backup_cache_dir, "--archive-dir", backup_cache_dir,
"--ssh-options='-i /root/.ssh/id_rsa_miab'",
config["target"], config["target"],
] + args, ] + args,
get_env(env)) get_env(env))
@ -360,7 +366,7 @@ def list_target_files(config):
rsync_command = [ 'rsync', rsync_command = [ 'rsync',
'-e', '-e',
'/usr/bin/ssh -o StrictHostKeyChecking=no -oBatchMode=yes', '/usr/bin/ssh -i /root/.ssh/id_rsa_miab -oStrictHostKeyChecking=no -oBatchMode=yes',
'--list-only', '--list-only',
'-r', '-r',
rsync_target.format( rsync_target.format(
@ -477,7 +483,7 @@ def get_backup_config(env, for_save=False, for_ui=False):
# Expand to the full URL. # Expand to the full URL.
config["target"] = "file://" + config["file_target_directory"] config["target"] = "file://" + config["file_target_directory"]
elif config["target"].startswith('rsync'): elif config["target"].startswith('rsync'):
ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa.pub') ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa_miab.pub')
if os.path.exists(ssh_pub_key): if os.path.exists(ssh_pub_key):
config["ssh_pub_key"] = open(ssh_pub_key, 'r').read() config["ssh_pub_key"] = open(ssh_pub_key, 'r').read()

View File

@ -144,8 +144,9 @@ pollinate -q -r
# Between these two, we really ought to be all set. # Between these two, we really ought to be all set.
echo 'Creating SSH public key... (might take a while)' echo 'Launching SSH public key creation...'
ssh-keygen -t rsa -b 8192 -f /root/.ssh/id_rsa -N '' -q
nohup ssh-keygen -t rsa -b 2048 -a 100 -f /root/.ssh/id_rsa_miab -N '' -q 2>&1 >/dev/null
# ### Package maintenance # ### Package maintenance
# #