CI: Warn when setting up a buildkite agent with no SSH authorized_keys

2020-10-14 16:02:47 -06:00
parent c26512255d
commit f9e0ea112d
3 changed files with 36 additions and 0 deletions
--- a/ci/setup-new-buildkite-agent/utils.sh
+++ b/ci/setup-new-buildkite-agent/utils.sh
@ -14,3 +14,33 @@ ensure_env() {
  $RC
 }

+# Some scripts disable SSH password logins. If no one hash setup authorized_keys
+# this will result in the machine being remotely inaccessible. Check that the
+# user running this script has setup their keys
+check_ssh_authorized_keys() {
+  declare rc=false
+  declare user_home=
+  if [[ -n "$SUDO_USER" ]]; then
+    declare user uid gid home
+    declare passwd_entry
+    passwd_entry="$(grep "$SUDO_USER:[^:]*:$SUDO_UID:$SUDO_GID" /etc/passwd)"
+    IFS=: read -r user _ uid gid _ home _ <<<"$passwd_entry"
+    if [[ "$user" == "$SUDO_USER" && "$uid" == "$SUDO_UID" && "$gid" == "$SUDO_GID" ]]; then
+      user_home="$home"
+    fi
+  else
+    user_home="$HOME"
+  fi
+  declare authorized_keys="${user_home}/.ssh/authorized_keys"
+  if [[ -n "$user_home" ]]; then
+    [[ -s "$authorized_keys" ]] && rc=true
+  fi
+  if ! $rc; then
+    echo "ERROR! This script will disable SSH password logins and you don't"
+    echo "appear to have set up any authorized keys.  Please add you SSH"
+    echo "public key to ${authorized_keys} before continuing!"
+  fi
+  $rc
+}
+
+check_ssh_authorized_keys