From f35e7443794e56423d59cd7dba23b498402ae469 2017-01-23 04:55:56 From: drtyhlpr Date: 2017-01-23 04:55:56 Subject: [PATCH] Fixed: Use authorized_keys file instead of authorized_keys2 --- diff --git a/README.md b/README.md index 0c8e57f..5ab0071 100644 --- a/README.md +++ b/README.md @@ -219,16 +219,16 @@ Disable password based SSH authentication. Only public key based SSH (v2) authen Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. ##### `SSH_ROOT_AUTHORIZED_KEYS`="" -Add specified SSH `authorized_keys2` file that contains keys for public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. +Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. ##### `SSH_ROOT_PUB_KEY`="" -Add specified SSH (v2) public key file to `authorized_keys2` file to enable public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. +Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. ##### `SSH_USER_AUTHORIZED_KEYS`="" -Add specified SSH `authorized_keys2` file that contains keys for public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. +Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. ##### `SSH_USER_PUB_KEY`="" -Add specified SSH (v2) public key file to `authorized_keys2` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. +Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. #### Kernel compilation: ##### `BUILD_KERNEL`=false diff --git a/bootstrap.d/32-sshd.sh b/bootstrap.d/32-sshd.sh index 41b4096..b297188 100644 --- a/bootstrap.d/32-sshd.sh +++ b/bootstrap.d/32-sshd.sh @@ -24,18 +24,18 @@ if [ "$ENABLE_SSHD" = true ] ; then # Install SSH (v2) authorized keys file for user root if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then - install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys2" + install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys" fi # Add SSH (v2) public key for user root if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then - cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys2" + cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys" fi # Set permissions of root SSH authorized keys file - if [ -f "${R}/root/.ssh/authorized_keys2" ] ; then - chroot_exec chmod 600 "/root/.ssh/authorized_keys2" - chroot_exec chown root:root "/root/.ssh/authorized_keys2" + if [ -f "${R}/root/.ssh/authorized_keys" ] ; then + chroot_exec chmod 600 "/root/.ssh/authorized_keys" + chroot_exec chown root:root "/root/.ssh/authorized_keys" # Allow SSH public key authentication sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config" @@ -52,18 +52,18 @@ if [ "$ENABLE_SSHD" = true ] ; then # Install SSH (v2) authorized keys file for user $USER_NAME if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then - install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2" + install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys" fi # Add SSH (v2) public key for user $USER_NAME if [ ! -z "$SSH_USER_PUB_KEY" ] ; then - cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2" + cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" fi # Set permissions of $USER_NAME SSH authorized keys file - if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then - chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2" - chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2" + if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys" ] ; then + chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" + chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" # Allow SSH public key authentication sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config" diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 9fad608..b497bd9 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -261,7 +261,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then APT_INCLUDES="${APT_INCLUDES},device-tree-compiler" fi -# Check if root SSH (v2) authorized keys file exists +# Check if root SSH authorized keys file exists if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then if [ ! -f "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then echo "error: '$SSH_ROOT_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_ROOT_AUTHORIZED_KEYS)!" @@ -269,7 +269,7 @@ if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then fi fi -# Check if $USER_NAME SSH (v2) authorized keys file exists +# Check if $USER_NAME SSH authorized keys file exists if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then if [ ! -f "$SSH_USER_AUTHORIZED_KEYS" ] ; then echo "error: '$SSH_USER_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_USER_AUTHORIZED_KEYS)!"