Specify an ssh public key when adding new user

doc/EN/faq.org

@@ -46,6 +46,12 @@ Yes. Freedombone can support a small number of users, for a "/friends and family
 freedombone-adduser [username]
 #+END_SRC
 
+Or optionally with an /ssh public key/, given either as a filename or directly pasted. Specifying an ssh key will allow the user to log in more securely if they need to (such as if they use the Mutt email client).
+
+#+BEGIN_SRC bash
+freedombone-adduser [username] [ssh public key]
+#+END_SRC
+
 Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have *complete trust* in the administrator.
 
 Another point is that Freedombone installations are not intended to support many users (maybe ten at most). Large numbers of users may make the system unstable, and the more users you have on one system the more it becomes a single point of failure and also perhaps a honeypot from the standpoint of adversaries. Think of what happened with Lavabit and the moral dilemma which an administrator can be faced with (comply with threats and betray the trust of your users or don't comply and suffer other consequences). Ideally, you never want to put yourself into a situation where you can be forced to betray others.

src/freedombone-adduser

@@ -1,5 +1,6 @@
 #!/bin/bash
 MY_USERNAME=$1
+SSH_PUBLIC_KEY=$2
 GPG_KEYSERVER='hkp://keys.gnupg.net'
 SSH_PORT=2222
 COMPLETION_FILE=$HOME/freedombone-completed.txt
@@ -29,10 +30,27 @@ if [ ! -d /home/$MY_USERNAME ]; then
     exit 4
 fi
 
+if [ $2 ]; then
+    if [ -f $SSH_PUBLIC_KEY ]; then
+        mkdir /home/$MY_USERNAME/.ssh
+        cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
+        echo 'ssh public key installed'
+    else
+        if [[ $SSH_PUBLIC_KEY == "ssh-"* ]]; then
+            mkdir /home/$MY_USERNAME/.ssh
+            echo $SSH_PUBLIC_KEY > /home/$MY_USERNAME/.ssh/authorized_keys
+            echo 'ssh public key installed'
+        else
+            echo 'The second parameter does not look like an ssh key'
+            exit 5
+        fi
+    fi
+fi
+
 if [ ! -d /home/$MY_USERNAME/Maildir ]; then
     echo 'Email directory was not created'
     userdel -r $MY_USERNAME
-    exit 5
+    exit 6
 fi
 
 if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
@@ -77,7 +95,7 @@ su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" -
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
     userdel -r $MY_USERNAME
-    exit 6
+    exit 7
 fi
 
 # encrypt outgoing mail to the "sent" folder
@@ -131,7 +149,7 @@ freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"
 if [ ! "$?" = "0" ]; then
     echo "XMPP account not created"
     userdel -r $MY_USERNAME
-    exit 7
+    exit 8
 fi
 
 if grep -q "Blog domain" $COMPLETION_FILE; then
@@ -139,7 +157,7 @@ if grep -q "Blog domain" $COMPLETION_FILE; then
     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
         echo 'Blog users directory not found'
         userdel -r $MY_USERNAME
-        exit 8
+        exit 9
     fi
     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
     echo "password = '$NEW_USER_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini