@@ -224,17 +224,11 Disable password based SSH authentication. Only public key based SSH (v2) authen | |||
|
224 | 224 | ##### `SSH_LIMIT_USERS`=false |
|
225 | 225 | Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. |
|
226 | 226 | |
|
227 | ##### `SSH_ROOT_AUTHORIZED_KEYS`="" | |
|
228 | Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. | |
|
229 | ||
|
230 | 227 | ##### `SSH_ROOT_PUB_KEY`="" |
|
231 | Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. | |
|
232 | ||
|
233 | ##### `SSH_USER_AUTHORIZED_KEYS`="" | |
|
234 | Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. | |
|
228 | Add specified SSH (v2) public key from file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. | |
|
235 | 229 | |
|
236 | 230 | ##### `SSH_USER_PUB_KEY`="" |
|
237 | Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. | |
|
231 | Add specified SSH (v2) public key from file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. | |
|
238 | 232 | |
|
239 | 233 | #### Kernel compilation: |
|
240 | 234 | ##### `BUILD_KERNEL`=false |
@@ -15,25 +15,19 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
15 | 15 | # Permit SSH root login |
|
16 | 16 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config" |
|
17 | 17 | |
|
18 | # Create root SSH config directory | |
|
19 | mkdir -p "${R}/root/.ssh" | |
|
20 | ||
|
21 | # Set permissions of root SSH config directory | |
|
22 | chroot_exec chmod 700 "/root/.ssh" | |
|
23 | chroot_exec chown root:root "/root/.ssh" | |
|
24 | ||
|
25 | # Install SSH (v2) authorized keys file for user root | |
|
26 | if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then | |
|
27 | install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys" | |
|
28 | fi | |
|
29 | ||
|
30 | 18 | # Add SSH (v2) public key for user root |
|
31 | 19 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then |
|
20 | # Create root SSH config directory | |
|
21 | mkdir -p "${R}/root/.ssh" | |
|
22 | ||
|
23 | # Set permissions of root SSH config directory | |
|
24 | chroot_exec chmod 700 "/root/.ssh" | |
|
25 | chroot_exec chown root:root "/root/.ssh" | |
|
26 | ||
|
27 | # Add SSH (v2) public key(s) to authorized_keys file | |
|
32 | 28 | cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys" |
|
33 | fi | |
|
34 | 29 | |
|
35 |
# Set permissions of root SSH authorized |
|
|
36 | if [ -f "${R}/root/.ssh/authorized_keys" ] ; then | |
|
30 | # Set permissions of root SSH authorized_keys file | |
|
37 | 31 | chroot_exec chmod 600 "/root/.ssh/authorized_keys" |
|
38 | 32 | chroot_exec chown root:root "/root/.ssh/authorized_keys" |
|
39 | 33 | |
@@ -43,25 +37,19 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
43 | 37 | fi |
|
44 | 38 | |
|
45 | 39 | if [ "$ENABLE_USER" = true ] ; then |
|
46 | # Create $USER_NAME SSH config directory | |
|
47 | mkdir -p "${R}/home/${USER_NAME}/.ssh" | |
|
48 | ||
|
49 | # Set permissions of $USER_NAME SSH config directory | |
|
50 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" | |
|
51 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" | |
|
52 | ||
|
53 | # Install SSH (v2) authorized keys file for user $USER_NAME | |
|
54 | if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then | |
|
55 | install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys" | |
|
56 | fi | |
|
57 | ||
|
58 | 40 | # Add SSH (v2) public key for user $USER_NAME |
|
59 | 41 | if [ ! -z "$SSH_USER_PUB_KEY" ] ; then |
|
42 | # Create $USER_NAME SSH config directory | |
|
43 | mkdir -p "${R}/home/${USER_NAME}/.ssh" | |
|
44 | ||
|
45 | # Set permissions of $USER_NAME SSH config directory | |
|
46 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" | |
|
47 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" | |
|
48 | ||
|
49 | # Add SSH (v2) public key(s) to authorized_keys file | |
|
60 | 50 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
61 | fi | |
|
62 | 51 | |
|
63 |
# Set permissions of $USER_NAME SSH |
|
|
64 | if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys" ] ; then | |
|
52 | # Set permissions of $USER_NAME SSH config directory | |
|
65 | 53 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" |
|
66 | 54 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" |
|
67 | 55 |
@@ -133,8 +133,6 ENABLE_ROOT=${ENABLE_ROOT:=false} | |||
|
133 | 133 | SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} |
|
134 | 134 | SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} |
|
135 | 135 | SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} |
|
136 | SSH_ROOT_AUTHORIZED_KEYS=${SSH_ROOT_AUTHORIZED_KEYS:=""} | |
|
137 | SSH_USER_AUTHORIZED_KEYS=${SSH_USER_AUTHORIZED_KEYS:=""} | |
|
138 | 136 | SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} |
|
139 | 137 | SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} |
|
140 | 138 | |
@@ -263,22 +261,6 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
263 | 261 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler" |
|
264 | 262 | fi |
|
265 | 263 | |
|
266 | # Check if root SSH authorized keys file exists | |
|
267 | if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then | |
|
268 | if [ ! -f "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then | |
|
269 | echo "error: '$SSH_ROOT_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_ROOT_AUTHORIZED_KEYS)!" | |
|
270 | exit 1 | |
|
271 | fi | |
|
272 | fi | |
|
273 | ||
|
274 | # Check if $USER_NAME SSH authorized keys file exists | |
|
275 | if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then | |
|
276 | if [ ! -f "$SSH_USER_AUTHORIZED_KEYS" ] ; then | |
|
277 | echo "error: '$SSH_USER_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_USER_AUTHORIZED_KEYS)!" | |
|
278 | exit 1 | |
|
279 | fi | |
|
280 | fi | |
|
281 | ||
|
282 | 264 | # Check if root SSH (v2) public key file exists |
|
283 | 265 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then |
|
284 | 266 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
@@ -510,16 +492,6 rm -f "${R}/initrd.img" | |||
|
510 | 492 | rm -f "${R}/vmlinuz" |
|
511 | 493 | rm -f "${R}${QEMU_BINARY}" |
|
512 | 494 | |
|
513 | # Remove root .ssh directory if it's empty | |
|
514 | if [ -d "${R}/root/.ssh" ] ; then | |
|
515 | rmdir --ignore-fail-on-non-empty "${R}/root/.ssh" | |
|
516 | fi | |
|
517 | ||
|
518 | # Remove $USER_NAME .ssh directory if it's empty | |
|
519 | if [ -d "${R}/home/${USER_NAME}/.ssh" ] ; then | |
|
520 | rmdir --ignore-fail-on-non-empty "${R}/home/${USER_NAME}/.ssh" | |
|
521 | fi | |
|
522 | ||
|
523 | 495 | # Calculate size of the chroot directory in KB |
|
524 | 496 | CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`) |
|
525 | 497 |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant