27 lines
831 B
Bash
27 lines
831 B
Bash
#!/usr/bin/env sh
|
|
# Install as /etc/profile.d/pikit-first-login.sh
|
|
# Prints a one-time SSH hardening tip after the forced password change.
|
|
|
|
FLAG="/var/lib/pikit/first-login.notice"
|
|
DONE_FILE=".pikit-first-login.done"
|
|
|
|
case "$-" in
|
|
*i*) interactive=1 ;;
|
|
*) interactive=0 ;;
|
|
esac
|
|
|
|
USER_NAME="$(id -un 2>/dev/null || echo "")"
|
|
DONE_PATH="${HOME:-}/$DONE_FILE"
|
|
|
|
if [ "$interactive" -eq 1 ] && [ -f "$FLAG" ] && [ "$USER_NAME" = "dietpi" ]; then
|
|
if [ -n "${HOME:-}" ] && [ -d "${HOME:-}" ] && [ ! -f "$DONE_PATH" ]; then
|
|
echo ""
|
|
echo "Pi-Kit: For better security, set up an SSH key and disable password auth once working."
|
|
echo " Run these from your computer (not the Pi):"
|
|
echo " ssh-keygen -t ed25519"
|
|
echo " ssh-copy-id dietpi@pikit.local"
|
|
echo ""
|
|
:> "$DONE_PATH" 2>/dev/null || true
|
|
fi
|
|
fi
|