~razzi/ronin

13d8396e427efd54cb192d7ca506961118dc232e — Razzi Abuissa 7 months ago a788bda
Idk if this is fully working but it has all the parts
6 files changed, 84 insertions(+), 47 deletions(-)

M Makefile
A guest-setup.sh
D ronin
M ronin2.sh
M setup-ssh.exp
A setup-ssh.sh
M Makefile => Makefile +1 -3
@@ 7,6 7,4 @@ lint:
	shellcheck ronin2.sh

clean:
	$(RM) ~/.ronin/ronin-disk.qcow2
	$(RM) ~/.ronin/ronin_key.priv
	$(RM) ~/.ronin/ronin_key.pub
	$(RM) -r ~/.ronin/

A guest-setup.sh => guest-setup.sh +23 -0
@@ 0,0 1,23 @@
#!/bin/sh

set -ex

# Setup ssh

ssh-keygen -A
mkdir -p /run/sshd

# Without this, you'll get:
#   sh.service: Start request repeated too quickly.
# because sshd tries to start several times at boot,
# but it doesn't have hostkeys available yet.
systemctl reset-failed sshd

systemctl start sshd

# Uncomment to debug output for ssh
# journalctl -xeu ssh.service --no-pager

# Setup ronin user
useradd --create-home ronin
mkdir /home/ronin/.ssh

D ronin => ronin +0 -10
@@ 1,10 0,0 @@
#!/bin/sh

mkdir -p ~/.ronin && cd ~/.ronin
if uname -r | grep microsoft; then
  wget https://git.sr.ht/~razzi/ronin/blob/main/wsl_vagrantfile/Vagrantfile -O Vagrantfile
else
  vagrant init debian/bookworm64
fi
vagrant up
vagrant ssh

M ronin2.sh => ronin2.sh +24 -12
@@ 1,36 1,48 @@
#!/bin/sh
# ronin2: this time using qemu

set -x
set -ex

mkdir -p ~/.ronin && cd ~/.ronin || return
mkdir -p ~/.cache/ronin && \
  mkdir -p ~/.ronin # && \
  # cd ~/.ronin || return

DEBIAN_VERSION=12

DEBIAN_CLOUD_IMAGE=debian-$DEBIAN_VERSION-nocloud-amd64.qcow2
DEBIAN_IMAGE_URL=https://cloud.debian.org/images/cloud/bookworm/latest/$DEBIAN_CLOUD_IMAGE

test ! -f $DEBIAN_CLOUD_IMAGE && \
  wget $DEBIAN_IMAGE_URL
CACHED_DEBIAN_IMAGE=$HOME/.cache/ronin/$DEBIAN_CLOUD_IMAGE

RONIN_DISK=ronin-disk.qcow2
test ! -f $CACHED_DEBIAN_IMAGE && \
  wget $DEBIAN_IMAGE_URL --output-document $CACHED_DEBIAN_IMAGE

RONIN_DEBIAN_IMAGE=$HOME/.ronin/$DEBIAN_CLOUD_IMAGE
test ! -f $RONIN_DEBIAN_IMAGE &&
  cp $CACHED_DEBIAN_IMAGE $RONIN_DEBIAN_IMAGE

RONIN_DISK=$HOME/.ronin/ronin-disk.qcow2

test ! -f $RONIN_DISK && \
  cp $DEBIAN_CLOUD_IMAGE $RONIN_DISK && \
  qemu-img resize $DEBIAN_CLOUD_IMAGE 20G \
  cp $RONIN_DEBIAN_IMAGE $RONIN_DISK && \
  qemu-img resize $RONIN_DEBIAN_IMAGE 20G \

RONIN_PRIVATE_KEY=$HOME/.ronin/ronin_key.priv

ssh-keygen -t ed25519 -f ronin_key.priv -N ''
mv ronin_key.priv.pub ronin_key.pub
# could be encapsulated
ssh-keygen -t ed25519 -f $RONIN_PRIVATE_KEY -N ''
mv $HOME/.ronin/ronin_key.priv.pub $HOME/.ronin/ronin_key.pub

GUEST_SSHD_KEY=guest_ssh_host_ed25519_key.pub
# TODO could leave known_hosts in weird state
GUEST_SSHD_KEY=$HOME/.ronin/guest_ssh_host_ed25519_key.pub
test ! -f $GUEST_SSHD_KEY && ./setup-ssh.sh

# Launch the VM for prime time
qemu-system-x86_64 \
  -hda ronin-disk.qcow2 \
  -hda $RONIN_DEBIAN_IMAGE \
  -m 4096 \
  -nic hostfwd=tcp::2022-:22 \
  -display none
  -daemonize

ssh ronin@localhost -p 2022 -i ronin_key.priv
ssh ronin@localhost -p 2022 -i $HOME/.ronin/ronin_key.priv

M setup-ssh.exp => setup-ssh.exp +23 -22
@@ 1,50 1,51 @@
#!/usr/bin/expect -f

# exp_internal 1

set timeout 100

spawn qemu-system-x86_64 \
  -hda ronin-disk.qcow2 \
  -hda $::env(HOME)/.ronin/ronin-disk.qcow2 \
  -nographic \
  -m 2048 \
  -m 4096 \
  -nic hostfwd=tcp::2022-:22

# Skip grub 5 second wait
expect "*Debian GNU/Linux"
send "\n"

expect "login: "
# Login
expect "localhost login: "
send "root\n"

expect "# "
send "ssh-keygen -A\n"

expect "# "
send "mkdir -p /run/sshd\n"
set guest_setup_script [open guest-setup.sh]
set guest_setup_contents [read $guest_setup_script]
close $guest_setup_script

expect "# "
set pubkey_file_pointer [open ronin_key.pub]
set pubkey_contents [read $pubkey_file_pointer]
close $pubkey_file_pointer
send "cat > guest-setup.sh << __EOF__
$guest_setup_contents
__EOF__\n"

expect "# "
send "useradd --create-home ronin\n"
send "sh guest-setup.sh\n"

expect "# "
send "mkdir /home/ronin/.ssh\n"

set pubkey_file_pointer [open $::env(HOME)/.ronin/ronin_key.pub]
set pubkey_contents [string trimright [read $pubkey_file_pointer] "\r\n"]
close $pubkey_file_pointer

send "cat > /home/ronin/.ssh/authorized_keys << __EOF__
$pubkey_contents
__EOF__\n"

expect "# "
send "systemctl restart sshd\n"

# Get the guest ssh key to add to host known_hosts
expect "# "
send "cat /etc/ssh/ssh_host_ed25519_key.pub"
expect EOF
set output [open known_hosts a]
puts -nonewline $output $expect_out(buffer)
close $output

echo ok got $expect_out(buffer)
send "cat /etc/ssh/ssh_host_ed25519_key.pub\n"
expect -re {(ssh-ed25519 \S+) root@localhost} {
  set guest_ssh_key [open $::env(HOME)/.ronin/guest_ssh_host_ed25519_key.pub w]
  puts -nonewline $guest_ssh_key $expect_out(1,string)
  close $guest_ssh_key
}

A setup-ssh.sh => setup-ssh.sh +13 -0
@@ 0,0 1,13 @@
#!/bin/sh
BASEDIR=$(dirname "$0")
ABSOLUTE_SCRIPT_PATH=$(readlink -f "$BASEDIR")

cp $ABSOLUTE_SCRIPT_PATH/guest-setup.sh ~/.ronin/

"$ABSOLUTE_SCRIPT_PATH"/setup-ssh.exp

# Add guest ssh key to host known_hosts
echo -n 'localhost ' >> ~/.ssh/known_hosts
cat $HOME/.ronin/guest_ssh_host_ed25519_key.pub >> ~/.ssh/known_hosts

ssh-keygen -Hf ~/.ssh/known_hosts