Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ssh-rsa <the Gateway's generated key> Gateway
ssh-rsa <the Satellite generated key> Satellite
ssh-rsa <the generated key> User 1
ssh-rsa <the generated key> User 2
ssh-rsa <the generated key> User 3
#!/bin/bash
alias ls='ls --color=auto'
# start ssh-agent
# pipe the keychain output to /dev/null or you'll see it everytime you ssh in
keychain id_airlock 2>/dev/null
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
[ -f $HOME/.keychain/$HOSTNAME-sh ] && . $HOME/.keychain/$HOSTNAME-sh
# Colour the terminal.
#Green for the hostname as we're on the Airlock.
RED="\[\033[0;31m\]"
WHITE="\[\033[00m\]"
export PS1="$RED\h $WHITE\w$WHITE\$ "
[gitosis]
[group gateway]
members = user1 user2
writable = gateway
[group satellite]
members = user1 user2
writable = satellite
[group users-auth]
members = user1 user2
writable = users-auth
# list of all the hosts with access to the system
# Gateway: 127.0.0.1, xxx.xxx.xxx.xxx
# Satellite 1: xxx.xxx.xxx.xxx
# Satellite 2: xxx.xxx.xxx.xxx
sshd: 127.0.0.1, xxx.xxx.xxx.xxx
# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID
# Block all ssh connections - specific ips are allowed in hosts.allow
sshd: ALL
*filter
:INPUT ACCEPT [1:52]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 12345 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT
#!/bin/bash
while read oldrev newrev refname
do
if [ "$refname" == "refs/heads/master" ]; then
WORKDIR=/home/office/source/airlock
export GIT_DIR=$WORKDIR/.git
pushd $WORKDIR >/dev/null
git pull --quiet >/dev/null
echo "===================================================="
echo "Deployed Gateway config changes"
echo "If changes were made to the iptables, you must run:"
echo "sudo iptables-restore < /etc/iptables.up.rules"
echo "to reapply them."
echo "===================================================="
popd >/dev/null
fi
done
Host gateway
HostName 127.0.0.1
Host sat1
HostName satellite1.example.com
Host *
AddressFamily inet
Port 12345
User office
Port 12345
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication no
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment