Raspi2-3_GenImage Files · bootstrap.d/32-sshd.sh · Collaboration Tremplin des Sciences

change qemu permissions in the chroot environment so that the _apt user can execute commands.

drtyhlpr - - Load All Authors

Fichier de la dernière révision:

r142:14de70396904


                r151:2e44635ee733

Download file

             32-sshd.sh
        
                    116 lines
            
             | 4.1 KiB
            
                | application/x-sh
            
             |
                BashLexer
            
             / bootstrap.d / 32-sshd.sh
          
                    Historique
                
                 |
                  Source
                 | Brut
                 |Copy content
                 |Copy permalink

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
      #

      # Setup SSH settings and public keys

      #

      # Load utility functions

      . ./functions.sh

      if [ "$ENABLE_SSHD" = true ] ; then

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
        DROPBEAR_ARGS=""

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        if [ "$SSH_ENABLE_ROOT" = false ] ; then

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
          if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

            # User root is not allowed to log in

            sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"

          else

            # User root is not allowed to log in

            DROPBEAR_ARGS="-w"

          fi

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        fi

        if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
          if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

            # Permit SSH root login

            sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"

          else

            # Permit SSH root login

            DROPBEAR_ARGS=""

          fi

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
          # Add SSH (v2) public key for user root

          if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then

        drtyhlpr
    
Fixed: Remove SSH_*_AUTHORIZED_KEYS, works with SSH_*_PUB_KEY only

              r126
            
            # Create root SSH config directory

            mkdir -p "${R}/root/.ssh"

            # Set permissions of root SSH config directory

            chroot_exec chmod 700 "/root/.ssh"

            chroot_exec chown root:root "/root/.ssh"

            # Add SSH (v2) public key(s) to authorized_keys file

        drtyhlpr
    
Fixed: Use authorized_keys file instead of authorized_keys2

              r123
            
            cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        drtyhlpr
    
Fixed: Remove SSH_*_AUTHORIZED_KEYS, works with SSH_*_PUB_KEY only

              r126
            
            # Set permissions of root SSH authorized_keys file

        drtyhlpr
    
Fixed: Use authorized_keys file instead of authorized_keys2

              r123
            
            chroot_exec chmod 600 "/root/.ssh/authorized_keys"

            chroot_exec chown root:root "/root/.ssh/authorized_keys"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
            if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

              # Allow SSH public key authentication

              sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"

            fi

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
          fi

        fi

        drtyhlpr
    
Fixed: ssh public key and AllowUsers for ENABLE_USER=false

              r122
            
        if [ "$ENABLE_USER" = true ] ; then

          # Add SSH (v2) public key for user $USER_NAME

          if [ ! -z "$SSH_USER_PUB_KEY" ] ; then

        drtyhlpr
    
Fixed: Remove SSH_*_AUTHORIZED_KEYS, works with SSH_*_PUB_KEY only

              r126
            
            # Create $USER_NAME SSH config directory

            mkdir -p "${R}/home/${USER_NAME}/.ssh"

            # Set permissions of $USER_NAME SSH config directory

            chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"

            chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"

            # Add SSH (v2) public key(s) to authorized_keys file

        drtyhlpr
    
Fixed: Use authorized_keys file instead of authorized_keys2

              r123
            
            cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        drtyhlpr
    
Fixed: Remove SSH_*_AUTHORIZED_KEYS, works with SSH_*_PUB_KEY only

              r126
            
            # Set permissions of $USER_NAME SSH config directory

        drtyhlpr
    
Fixed: Use authorized_keys file instead of authorized_keys2

              r123
            
            chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"

            chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
            if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

              # Allow SSH public key authentication

              sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"

            fi

        drtyhlpr
    
Fixed: ssh public key and AllowUsers for ENABLE_USER=false

              r122
            
          fi

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        fi

        # Limit the users that are allowed to login via SSH

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
        if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then

        drtyhlpr
    
Fixed: ssh public key and AllowUsers for ENABLE_USER=false

              r122
            
          allowed_users=""

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
          if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then

        drtyhlpr
    
Fixed: ssh public key and AllowUsers for ENABLE_USER=false

              r122
            
            allowed_users="root"

          fi

          if [ "$ENABLE_USER" = true ] ; then

            allowed_users="${allowed_users} ${USER_NAME}"

          fi

          if [ ! -z "$allowed_users" ] ; then

            echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
          fi

        fi

        # Disable password-based authentication

        if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then

          if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
            if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

              sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"

            else

              DROPBEAR_ARGS="-g"

            fi

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
          fi

        drtyhlpr
    
Updated: Dropping privileges, chroot compiler install, dropbear sshd config

              r142
            
          if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then

            sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"

            sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"

            sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"

          else

            DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"

          fi

        fi

        # Update dropbear SSH configuration

        if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then

          sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"

        drtyhlpr
    
Added: SSH public key auth, other fixes

              r120
            
        fi

      fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

drtyhlpr Added: SSH public key auth, other fixes	r120	#
		# Setup SSH settings and public keys
		#

		# Load utility functions
		. ./functions.sh

		if [ "$ENABLE_SSHD" = true ] ; then
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	DROPBEAR_ARGS=""

drtyhlpr Added: SSH public key auth, other fixes	r120	if [ "$SSH_ENABLE_ROOT" = false ] ; then
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		# User root is not allowed to log in
		sed -i "s\|[#]PermitRootLogin.\|PermitRootLogin no\|g" "${ETC_DIR}/ssh/sshd_config"
		else
		# User root is not allowed to log in
		DROPBEAR_ARGS="-w"
		fi
drtyhlpr Added: SSH public key auth, other fixes	r120	fi

		if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		# Permit SSH root login
		sed -i "s\|[#]PermitRootLogin.\|PermitRootLogin yes\|g" "${ETC_DIR}/ssh/sshd_config"
		else
		# Permit SSH root login
		DROPBEAR_ARGS=""
		fi
drtyhlpr Added: SSH public key auth, other fixes	r120
		# Add SSH (v2) public key for user root
		if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
drtyhlpr Fixed: Remove SSH__AUTHORIZED_KEYS, works with SSH__PUB_KEY only	r126	# Create root SSH config directory
		mkdir -p "${R}/root/.ssh"

		# Set permissions of root SSH config directory
		chroot_exec chmod 700 "/root/.ssh"
		chroot_exec chown root:root "/root/.ssh"

		# Add SSH (v2) public key(s) to authorized_keys file
drtyhlpr Fixed: Use authorized_keys file instead of authorized_keys2	r123	cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
drtyhlpr Added: SSH public key auth, other fixes	r120
drtyhlpr Fixed: Remove SSH__AUTHORIZED_KEYS, works with SSH__PUB_KEY only	r126	# Set permissions of root SSH authorized_keys file
drtyhlpr Fixed: Use authorized_keys file instead of authorized_keys2	r123	chroot_exec chmod 600 "/root/.ssh/authorized_keys"
		chroot_exec chown root:root "/root/.ssh/authorized_keys"
drtyhlpr Added: SSH public key auth, other fixes	r120
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		# Allow SSH public key authentication
		sed -i "s\|[#]PubkeyAuthentication.\|PubkeyAuthentication yes\|g" "${ETC_DIR}/ssh/sshd_config"
		fi
drtyhlpr Added: SSH public key auth, other fixes	r120	fi
		fi

drtyhlpr Fixed: ssh public key and AllowUsers for ENABLE_USER=false	r122	if [ "$ENABLE_USER" = true ] ; then
		# Add SSH (v2) public key for user $USER_NAME
		if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
drtyhlpr Fixed: Remove SSH__AUTHORIZED_KEYS, works with SSH__PUB_KEY only	r126	# Create $USER_NAME SSH config directory
		mkdir -p "${R}/home/${USER_NAME}/.ssh"

		# Set permissions of $USER_NAME SSH config directory
		chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
		chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"

		# Add SSH (v2) public key(s) to authorized_keys file
drtyhlpr Fixed: Use authorized_keys file instead of authorized_keys2	r123	cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
drtyhlpr Added: SSH public key auth, other fixes	r120
drtyhlpr Fixed: Remove SSH__AUTHORIZED_KEYS, works with SSH__PUB_KEY only	r126	# Set permissions of $USER_NAME SSH config directory
drtyhlpr Fixed: Use authorized_keys file instead of authorized_keys2	r123	chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
		chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
drtyhlpr Added: SSH public key auth, other fixes	r120
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		# Allow SSH public key authentication
		sed -i "s\|[#]PubkeyAuthentication.\|PubkeyAuthentication yes\|g" "${ETC_DIR}/ssh/sshd_config"
		fi
drtyhlpr Fixed: ssh public key and AllowUsers for ENABLE_USER=false	r122	fi
drtyhlpr Added: SSH public key auth, other fixes	r120	fi

		# Limit the users that are allowed to login via SSH
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
drtyhlpr Fixed: ssh public key and AllowUsers for ENABLE_USER=false	r122	allowed_users=""
drtyhlpr Added: SSH public key auth, other fixes	r120	if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
drtyhlpr Fixed: ssh public key and AllowUsers for ENABLE_USER=false	r122	allowed_users="root"
		fi

		if [ "$ENABLE_USER" = true ] ; then
		allowed_users="${allowed_users} ${USER_NAME}"
		fi

		if [ ! -z "$allowed_users" ] ; then
		echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
drtyhlpr Added: SSH public key auth, other fixes	r120	fi
		fi

		# Disable password-based authentication
		if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
		if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		sed -i "s\|[#]PermitRootLogin.\|PermitRootLogin without-password\|g" "${ETC_DIR}/ssh/sshd_config"
		else
		DROPBEAR_ARGS="-g"
		fi
drtyhlpr Added: SSH public key auth, other fixes	r120	fi

drtyhlpr Updated: Dropping privileges, chroot compiler install, dropbear sshd config	r142	if [ "$ENABLE_REDUCE" = false ] \|\| [ "$REDUCE_SSHD" = false ] ; then
		sed -i "s\|[#]PasswordAuthentication.\|PasswordAuthentication no\|g" "${ETC_DIR}/ssh/sshd_config"
		sed -i "s\|[#]ChallengeResponseAuthentication no.\|ChallengeResponseAuthentication no\|g" "${ETC_DIR}/ssh/sshd_config"
		sed -i "s\|[#]UsePAM.\|UsePAM no\|g" "${ETC_DIR}/ssh/sshd_config"
		else
		DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
		fi
		fi

		# Update dropbear SSH configuration
		if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
		sed "s\|^DROPBEAR_EXTRA_ARGS=.*\|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"\|g" "${ETC_DIR}/default/dropbear"
drtyhlpr Added: SSH public key auth, other fixes	r120	fi
		fi