@@ -224,17 +224,11 Disable password based SSH authentication. Only public key based SSH (v2) authen | |||||
224 | ##### `SSH_LIMIT_USERS`=false |
|
224 | ##### `SSH_LIMIT_USERS`=false | |
225 | Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. |
|
225 | Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. | |
226 |
|
226 | |||
227 | ##### `SSH_ROOT_AUTHORIZED_KEYS`="" |
|
|||
228 | Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. |
|
|||
229 |
|
||||
230 | ##### `SSH_ROOT_PUB_KEY`="" |
|
227 | ##### `SSH_ROOT_PUB_KEY`="" | |
231 | Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. |
|
228 | Add specified SSH (v2) public key from file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. | |
232 |
|
||||
233 | ##### `SSH_USER_AUTHORIZED_KEYS`="" |
|
|||
234 | Add specified SSH `authorized_keys` file that contains keys for public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. |
|
|||
235 |
|
229 | |||
236 | ##### `SSH_USER_PUB_KEY`="" |
|
230 | ##### `SSH_USER_PUB_KEY`="" | |
237 | Add specified SSH (v2) public key file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. SSH protocol version 1 is not supported. |
|
231 | Add specified SSH (v2) public key from file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. | |
238 |
|
232 | |||
239 | #### Kernel compilation: |
|
233 | #### Kernel compilation: | |
240 | ##### `BUILD_KERNEL`=false |
|
234 | ##### `BUILD_KERNEL`=false |
@@ -15,6 +15,8 if [ "$ENABLE_SSHD" = true ] ; then | |||||
15 | # Permit SSH root login |
|
15 | # Permit SSH root login | |
16 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config" |
|
16 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config" | |
17 |
|
17 | |||
|
18 | # Add SSH (v2) public key for user root | |||
|
19 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then | |||
18 | # Create root SSH config directory |
|
20 | # Create root SSH config directory | |
19 | mkdir -p "${R}/root/.ssh" |
|
21 | mkdir -p "${R}/root/.ssh" | |
20 |
|
22 | |||
@@ -22,18 +24,10 if [ "$ENABLE_SSHD" = true ] ; then | |||||
22 | chroot_exec chmod 700 "/root/.ssh" |
|
24 | chroot_exec chmod 700 "/root/.ssh" | |
23 | chroot_exec chown root:root "/root/.ssh" |
|
25 | chroot_exec chown root:root "/root/.ssh" | |
24 |
|
26 | |||
25 |
|
|
27 | # Add SSH (v2) public key(s) to authorized_keys file | |
26 | if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then |
|
|||
27 | install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys" |
|
|||
28 | fi |
|
|||
29 |
|
||||
30 | # Add SSH (v2) public key for user root |
|
|||
31 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then |
|
|||
32 | cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys" |
|
28 | cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys" | |
33 | fi |
|
|||
34 |
|
29 | |||
35 |
# Set permissions of root SSH authorized |
|
30 | # Set permissions of root SSH authorized_keys file | |
36 | if [ -f "${R}/root/.ssh/authorized_keys" ] ; then |
|
|||
37 | chroot_exec chmod 600 "/root/.ssh/authorized_keys" |
|
31 | chroot_exec chmod 600 "/root/.ssh/authorized_keys" | |
38 | chroot_exec chown root:root "/root/.ssh/authorized_keys" |
|
32 | chroot_exec chown root:root "/root/.ssh/authorized_keys" | |
39 |
|
33 | |||
@@ -43,6 +37,8 if [ "$ENABLE_SSHD" = true ] ; then | |||||
43 | fi |
|
37 | fi | |
44 |
|
38 | |||
45 | if [ "$ENABLE_USER" = true ] ; then |
|
39 | if [ "$ENABLE_USER" = true ] ; then | |
|
40 | # Add SSH (v2) public key for user $USER_NAME | |||
|
41 | if [ ! -z "$SSH_USER_PUB_KEY" ] ; then | |||
46 | # Create $USER_NAME SSH config directory |
|
42 | # Create $USER_NAME SSH config directory | |
47 | mkdir -p "${R}/home/${USER_NAME}/.ssh" |
|
43 | mkdir -p "${R}/home/${USER_NAME}/.ssh" | |
48 |
|
44 | |||
@@ -50,18 +46,10 if [ "$ENABLE_SSHD" = true ] ; then | |||||
50 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" |
|
46 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" | |
51 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" |
|
47 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" | |
52 |
|
48 | |||
53 | # Install SSH (v2) authorized keys file for user $USER_NAME |
|
49 | # Add SSH (v2) public key(s) to authorized_keys file | |
54 | if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then |
|
|||
55 | install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
|||
56 | fi |
|
|||
57 |
|
||||
58 | # Add SSH (v2) public key for user $USER_NAME |
|
|||
59 | if [ ! -z "$SSH_USER_PUB_KEY" ] ; then |
|
|||
60 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
50 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" | |
61 | fi |
|
|||
62 |
|
51 | |||
63 |
# Set permissions of $USER_NAME SSH |
|
52 | # Set permissions of $USER_NAME SSH config directory | |
64 | if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys" ] ; then |
|
|||
65 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" |
|
53 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" | |
66 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" |
|
54 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" | |
67 |
|
55 |
@@ -133,8 +133,6 ENABLE_ROOT=${ENABLE_ROOT:=false} | |||||
133 | SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} |
|
133 | SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} | |
134 | SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} |
|
134 | SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} | |
135 | SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} |
|
135 | SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} | |
136 | SSH_ROOT_AUTHORIZED_KEYS=${SSH_ROOT_AUTHORIZED_KEYS:=""} |
|
|||
137 | SSH_USER_AUTHORIZED_KEYS=${SSH_USER_AUTHORIZED_KEYS:=""} |
|
|||
138 | SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} |
|
136 | SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} | |
139 | SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} |
|
137 | SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} | |
140 |
|
138 | |||
@@ -263,22 +261,6 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
263 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler" |
|
261 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler" | |
264 | fi |
|
262 | fi | |
265 |
|
263 | |||
266 | # Check if root SSH authorized keys file exists |
|
|||
267 | if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then |
|
|||
268 | if [ ! -f "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then |
|
|||
269 | echo "error: '$SSH_ROOT_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_ROOT_AUTHORIZED_KEYS)!" |
|
|||
270 | exit 1 |
|
|||
271 | fi |
|
|||
272 | fi |
|
|||
273 |
|
||||
274 | # Check if $USER_NAME SSH authorized keys file exists |
|
|||
275 | if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then |
|
|||
276 | if [ ! -f "$SSH_USER_AUTHORIZED_KEYS" ] ; then |
|
|||
277 | echo "error: '$SSH_USER_AUTHORIZED_KEYS' specified SSH authorized keys file not found (SSH_USER_AUTHORIZED_KEYS)!" |
|
|||
278 | exit 1 |
|
|||
279 | fi |
|
|||
280 | fi |
|
|||
281 |
|
||||
282 | # Check if root SSH (v2) public key file exists |
|
264 | # Check if root SSH (v2) public key file exists | |
283 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then |
|
265 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then | |
284 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
|
266 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then | |
@@ -510,16 +492,6 rm -f "${R}/initrd.img" | |||||
510 | rm -f "${R}/vmlinuz" |
|
492 | rm -f "${R}/vmlinuz" | |
511 | rm -f "${R}${QEMU_BINARY}" |
|
493 | rm -f "${R}${QEMU_BINARY}" | |
512 |
|
494 | |||
513 | # Remove root .ssh directory if it's empty |
|
|||
514 | if [ -d "${R}/root/.ssh" ] ; then |
|
|||
515 | rmdir --ignore-fail-on-non-empty "${R}/root/.ssh" |
|
|||
516 | fi |
|
|||
517 |
|
||||
518 | # Remove $USER_NAME .ssh directory if it's empty |
|
|||
519 | if [ -d "${R}/home/${USER_NAME}/.ssh" ] ; then |
|
|||
520 | rmdir --ignore-fail-on-non-empty "${R}/home/${USER_NAME}/.ssh" |
|
|||
521 | fi |
|
|||
522 |
|
||||
523 | # Calculate size of the chroot directory in KB |
|
495 | # Calculate size of the chroot directory in KB | |
524 | CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`) |
|
496 | CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`) | |
525 |
|
497 |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant