Raspi2-3_GenImage Commit - r122:1e776801295f · Collaboration Tremplin des Sciences

Fixed: ssh public key and AllowUsers for ENABLE_USER=false

drtyhlpr -

r122:1e776801295f

parent child

Context file:

r122:1e776801295f

Collapse all files

bootstrap.d/32-sshd.sh +31 -22

@@ -42,38 +42,47 if [ "$ENABLE_SSHD" = true ] ; then
42	fi	42	fi
43	fi	43	fi
44		44
45	# Create $USER_NAME SSH config directory	45	if [ "$ENABLE_USER" = true ] ; then
46	mkdir -p "${R}/home/${USER_NAME}/.ssh"	46	# Create $USER_NAME SSH config directory
		47	mkdir -p "${R}/home/${USER_NAME}/.ssh"
47		48
48	# Set permissions of $USER_NAME SSH config directory	49	# Set permissions of $USER_NAME SSH config directory
49	chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"	50	chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
50	chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"	51	chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
51		52
52	# Install SSH (v2) authorized keys file for user $USER_NAME	53	# Install SSH (v2) authorized keys file for user $USER_NAME
53	if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then	54	if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then
54	install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2"	55	install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
55	fi	56	fi
56		57
57	# Add SSH (v2) public key for user $USER_NAME	58	# Add SSH (v2) public key for user $USER_NAME
58	if [ ! -z "$SSH_USER_PUB_KEY" ] ; then	59	if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
59	cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2"	60	cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
60	fi	61	fi
61		62
62	# Set permissions of $USER_NAME SSH authorized keys file	63	# Set permissions of $USER_NAME SSH authorized keys file
63	if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then	64	if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then
64	chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2"	65	chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2"
65	chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2"	66	chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2"
66		67
67	# Allow SSH public key authentication	68	# Allow SSH public key authentication
68	sed -i "s\|[#]PubkeyAuthentication.\|PubkeyAuthentication yes\|g" "${ETC_DIR}/ssh/sshd_config"	69	sed -i "s\|[#]PubkeyAuthentication.\|PubkeyAuthentication yes\|g" "${ETC_DIR}/ssh/sshd_config"
		70	fi
69	fi	71	fi
70		72
71	# Limit the users that are allowed to login via SSH	73	# Limit the users that are allowed to login via SSH
72	if [ "$SSH_LIMIT_USERS" = true ] ; then	74	if [ "$SSH_LIMIT_USERS" = true ] ; then
		75	allowed_users=""
73	if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then	76	if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
74	echo "AllowUsers root ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"	77	allowed_users="root"
75	else	78	fi
76	echo "AllowUsers ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"	79
		80	if [ "$ENABLE_USER" = true ] ; then
		81	allowed_users="${allowed_users} ${USER_NAME}"
		82	fi
		83
		84	if [ ! -z "$allowed_users" ] ; then
		85	echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
77	fi	86	fi
78	fi	87	fi
79		88

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages