1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/usr/bin/env bash
#
# Install a demo user for SSH purposes
#
# All of the "conditional sudo" is to do container-based builds on
# Travis which are much, much faster.
set -ex
U=travis
H=/home/$U
USUDO()
{
if [[ "$USER" == "travis" ]];
then
$*
else
sudo -u $U $*
fi
}
if [[ "$USER" == "travis" ]];
then
rm -f ~/.ssh/*
else
# Create the new user account
# Disable password login for the user, and ensure the account is not locked
sudo useradd -m $U
sudo passwd --delete --unlock $U
fi
# Generate a new key so that we can log into it
ssh-keygen -t rsa -f ~/.ssh/$U -N ''
chmod og-rw ~/.ssh
# Load the public key into a memory for below
pubkey=$(cat ~/.ssh/$U.pub)
# Set the authorized_keys entry to only permit login from localhost,
# and only with
USUDO mkdir $H/.ssh || true
USUDO tee -a $H/.ssh/authorized_keys <<EOF
from="127.0.0.1" $pubkey
EOF
USUDO chmod 700 $H $H/.ssh $H/.ssh/authorized_keys
# In the pwntools examples, we ssh to 'example.pwnme'
# Set up an SSH config entry to make this actually work
cat >> ~/.ssh/config <<EOF
Host example.pwnme
User $U
HostName 127.0.0.1
IdentityFile ~/.ssh/$U
StrictHostKeyChecking no
EOF
chmod 700 ~ ~/.ssh
ls -la ~/.ssh
USUDO ls -la $H/.ssh
ssh -v travis@example.pwnme id
set +ex
|
