From bb86847152dd8173966d3239bee2336e8409efdf Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 6 Oct 2025 17:04:03 -0400 Subject: [PATCH 1/4] migrate: detect id_* for key file --- usr/local/share/bastille/migrate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index 56c93477..b4ce19ef 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -334,7 +334,7 @@ if [ "${OPT_PASSWORD}" -eq 1 ]; then _opt_ssh_key= else _migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)" - _migrate_user_ssh_key="${_migrate_user_home}/.ssh/id_rsa" + _migrate_user_ssh_key="find ${_migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'" _opt_ssh_key="-i ${_migrate_user_ssh_key}" # Exit if no keys found From 5cb6343cc4d4e44abc32c9254b549b375918793f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 7 Oct 2025 10:15:46 -0400 Subject: [PATCH 2/4] migrate: allow specifying custom keyfle --- usr/local/share/bastille/migrate.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index b4ce19ef..0f867c3d 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -40,6 +40,7 @@ usage() { bastille migrate attica migrate@192.168.10.100 bastille migrate attica migrate@192.168.1.10:20022 + bastille migrate --keyfile id_rsa attica migrate@192.168.1.10 Options: @@ -47,6 +48,7 @@ usage() { -b | --backup Retain archives on remote system. -d | --destroy Destroy local jail after migration. | --doas Use 'doas' instead of 'sudo'. + -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh` -l | --live Migrate a running jail (ZFS only). -p | --password Use password based authentication. -x | --debug Enable debug mode. @@ -60,6 +62,7 @@ AUTO=0 LIVE=0 OPT_BACKUP=0 OPT_DESTROY=0 +OPT_KEYFILE="" OPT_PASSWORD=0 OPT_SU="sudo" while [ "$#" -gt 0 ]; do @@ -83,6 +86,10 @@ while [ "$#" -gt 0 ]; do OPT_SU="doas" shift ;; + -k|--keyfile) + OPT_KEYFILE="${2}" + shift 2 + ;; -l|--live) LIVE=1 shift @@ -333,13 +340,29 @@ fi if [ "${OPT_PASSWORD}" -eq 1 ]; then _opt_ssh_key= else + _migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)" - _migrate_user_ssh_key="find ${_migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'" + + # Validate custom keyfile + if [ -n "${OPT_KEYFILE}" ]; then + if ! [ -f "${_migrate_user_home}/.ssh/${OPT_KEYFILE}" ]; then + error_exit "[ERROR]: Keyfile not found: ${_migrate_user_home}/.ssh/${OPT_KEYFILE}" + else + _migrate_user_ssh_key="${_migrate_user_home}/.ssh/${OPT_KEYFILE}" + fi + else + _migrate_user_ssh_key="find ${_migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'" + fi + _opt_ssh_key="-i ${_migrate_user_ssh_key}" # Exit if no keys found if [ -z "${_migrate_user_home}" ] || [ -z "${_migrate_user_ssh_key}" ]; then error_exit "[ERROR]: Could not find keys for user: ${USER}" + # Exit if multiple keys + elif [ "$(echo "${_migrate_user_ssh_key}" | wc -l)" -ne 1 ]; then + error_notify "[ERROR]: Multiple ssh keys found:\n${_migrate_user_ssh_key}" + error_exit "Please use -k|--keyfile to specify one." fi fi From 743eaeed0b772a8458c265763d61653e568f8e2e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 7 Oct 2025 10:16:18 -0400 Subject: [PATCH 3/4] fix `>' --- usr/local/share/bastille/migrate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index 0f867c3d..aaa44856 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -48,7 +48,7 @@ usage() { -b | --backup Retain archives on remote system. -d | --destroy Destroy local jail after migration. | --doas Use 'doas' instead of 'sudo'. - -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh` + -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' -l | --live Migrate a running jail (ZFS only). -p | --password Use password based authentication. -x | --debug Enable debug mode. From 5e53903531b2c3958e05233785082228ec8f5940 Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Tue, 7 Oct 2025 11:29:58 -0600 Subject: [PATCH 4/4] docs: migrate: update for -k --- docs/chapters/subcommands/migrate.rst | 18 ++++++++++-------- usr/local/share/bastille/migrate.sh | 16 ++++++++-------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/docs/chapters/subcommands/migrate.rst b/docs/chapters/subcommands/migrate.rst index c68d8497..f38e8bd3 100644 --- a/docs/chapters/subcommands/migrate.rst +++ b/docs/chapters/subcommands/migrate.rst @@ -1,7 +1,7 @@ migrate ======= -The ``migrate`` sub-command allows migrating the targeted jail(s) to +The ``migrate`` sub-command allows migrating the targeted jail(s) to another remote system. See the chapter on Migration. This sub-command supports multiple targets. @@ -18,13 +18,15 @@ port by supplying it as in ``user@host:port``. bastille migrate attica migrate@192.168.10.100 bastille migrate attica migrate@192.168.1.10:20022 + bastille migrate --keyfile id_rsa attica migrate@192.168.1.10 Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -d | --destroy Destroy local jail after migration. - -b | --backup Retain archives on remote system. - | --doas Use 'doas' instead of 'sudo'. - -l | --live Migrate a running jail (ZFS only). - -p | --password Use password based authentication. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -b | --backup Retain archives on remote system. + -d | --destroy Destroy local jail after migration. + | --doas Use 'doas' instead of 'sudo'. + -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' + -l | --live Migrate a running jail (ZFS only). + -p | --password Use password based authentication. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index aaa44856..54e2e007 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -44,14 +44,14 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -b | --backup Retain archives on remote system. - -d | --destroy Destroy local jail after migration. - | --doas Use 'doas' instead of 'sudo'. - -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' - -l | --live Migrate a running jail (ZFS only). - -p | --password Use password based authentication. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -b | --backup Retain archives on remote system. + -d | --destroy Destroy local jail after migration. + | --doas Use 'doas' instead of 'sudo'. + -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' + -l | --live Migrate a running jail (ZFS only). + -p | --password Use password based authentication. + -x | --debug Enable debug mode. EOF exit 1