* make debconf the same on every host: - dialog, - high
{{{
- echo "debconf debconf/priority select high" | debconf-set-selections
- echo "debconf debconf/frontend select Dialog" | debconf-set-selections
+ apt-get install dialog &&
+ echo "debconf debconf/priority select high" | debconf-set-selections &&
+ echo "debconf debconf/frontend select Dialog" | debconf-set-selections
}}}
* add db.d.o to sources.list:
cd /etc/ssh/ && rm -f ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub &&
mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root &&
- sed -e -i 's/^HostKey.*_dsa_key/# &/;
+ sed -i -e 's/^HostKey.*_dsa_key/# &/;
s/^X11Forwarding yes/X11Forwarding no/;
$ a AuthorizedKeysFile /etc/ssh/userkeys/%u
$ a AuthorizedKeysFile2 /var/lib/misc/userkeys/%u' sshd_config &&
* make ca-certificates sane: (choose to *not* trust new certs, and we only want the spi cert activated)
{{{
- echo "ca-certificates ca-certificates/trust_new_crts select no" | debconf-set-selections
+ echo "ca-certificates ca-certificates/trust_new_crts select no" | debconf-set-selections
sed -i -e 's/^[^#!].*/!&/; s#^!spi-inc.org/spi-cacert-2008.crt#spi-inc.org/spi-cacert-2008.crt#' /etc/ca-certificates.conf
dpkg-reconfigure ca-certificates
}}}
* Add debian-admin@debian.org to root in /etc/aliases
+{{{
+ if ! egrep '^root:' /etc/aliases > /dev/null; then
+ echo "root: debian-admin@debian.org" >> /etc/aliases
+ elif ! egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
+ sed -i -e 's/^root: .*/&, debian-admin@debian.org/' /etc/aliases
+ fi
+ newaliases
+}}}
* sane default editor
{{{
* disable password auth with ssh, once you verified you can log in
and become root using keys.
{{{
- vi /etc/ssh/sshd_config
- | PasswordAuthentication no
+ #vi /etc/ssh/sshd_config
+ # | PasswordAuthentication no
+
+ sed -i -e 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
(cd / && env -i /etc/init.d/ssh restart)
}}}
projects / mirror / dsa-wiki.git / blobdiff