An insecure proof of concept way to add ssh-keys to a server using a sinatra webserver.
Creating Linux User
useradd jack
passwd jack
usermod --shell /bin/bash jack
mkhomedir_helper jack
usermod -aG sudo jack
Installing RVM
sudo apt-get install software-properties-common
sudo apt-add-repository -y ppa:rael-gc/rvm
sudo apt-get update
sudo apt-get install rvm
echo 'source "/etc/profile.d/rvm.sh"' >> ~/.bashrc
sudo reboot
Gems
rvm install ruby-2.7.0
mkdir rubytest
cd rubytest
touch Gemfile
touch main.rb
Gemfile:
source 'https://rubygems.org'
ruby '2.7.0'
gem 'sinatra'
gem 'open3'
main.rb:
require 'sinatra'
require 'open3'
get '/' do
'Hello world!'
end
post '/addsshkey' do
key = JSON.parse(request.body.read)["sshkey"]
Open3.capture3("echo #{key} >> ~/.ssh/authorized_keys") do |output, error|
puts output
end
puts key
end
Curl:
curl --header "Content-Type: application/json" -X POST -d '{"sshkey": "$ENV[KEY]"}' localhost:4567/addsshkey
From a Container
guest user with ~/.ssh/authorized_keys volume read/writable by the jack user.