##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Fixed: ssh public key and AllowUsers for ENABLE_USER=false
drtyhlpr -
r122:1e776801295f
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,90 +1,99
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 9 if [ "$SSH_ENABLE_ROOT" = false ] ; then
10 10 # User root is not allowed to log in
11 11 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
12 12 fi
13 13
14 14 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
15 15 # Permit SSH root login
16 16 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
17 17
18 18 # Create root SSH config directory
19 19 mkdir -p "${R}/root/.ssh"
20 20
21 21 # Set permissions of root SSH config directory
22 22 chroot_exec chmod 700 "/root/.ssh"
23 23 chroot_exec chown root:root "/root/.ssh"
24 24
25 25 # Install SSH (v2) authorized keys file for user root
26 26 if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then
27 27 install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys2"
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
32 32 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys2"
33 33 fi
34 34
35 35 # Set permissions of root SSH authorized keys file
36 36 if [ -f "${R}/root/.ssh/authorized_keys2" ] ; then
37 37 chroot_exec chmod 600 "/root/.ssh/authorized_keys2"
38 38 chroot_exec chown root:root "/root/.ssh/authorized_keys2"
39 39
40 40 # Allow SSH public key authentication
41 41 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
42 42 fi
43 43 fi
44 44
45 # Create $USER_NAME SSH config directory
46 mkdir -p "${R}/home/${USER_NAME}/.ssh"
45 if [ "$ENABLE_USER" = true ] ; then
46 # Create $USER_NAME SSH config directory
47 mkdir -p "${R}/home/${USER_NAME}/.ssh"
47 48
48 # Set permissions of $USER_NAME SSH config directory
49 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
50 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
49 # Set permissions of $USER_NAME SSH config directory
50 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
51 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
51 52
52 # Install SSH (v2) authorized keys file for user $USER_NAME
53 if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then
54 install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
55 fi
53 # Install SSH (v2) authorized keys file for user $USER_NAME
54 if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then
55 install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
56 fi
56 57
57 # Add SSH (v2) public key for user $USER_NAME
58 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
59 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
60 fi
58 # Add SSH (v2) public key for user $USER_NAME
59 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
60 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
61 fi
61 62
62 # Set permissions of $USER_NAME SSH authorized keys file
63 if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then
64 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2"
65 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2"
63 # Set permissions of $USER_NAME SSH authorized keys file
64 if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then
65 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2"
66 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2"
66 67
67 # Allow SSH public key authentication
68 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
68 # Allow SSH public key authentication
69 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
70 fi
69 71 fi
70 72
71 73 # Limit the users that are allowed to login via SSH
72 74 if [ "$SSH_LIMIT_USERS" = true ] ; then
75 allowed_users=""
73 76 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
74 echo "AllowUsers root ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"
75 else
76 echo "AllowUsers ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"
77 allowed_users="root"
78 fi
79
80 if [ "$ENABLE_USER" = true ] ; then
81 allowed_users="${allowed_users} ${USER_NAME}"
82 fi
83
84 if [ ! -z "$allowed_users" ] ; then
85 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
77 86 fi
78 87 fi
79 88
80 89 # Disable password-based authentication
81 90 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
82 91 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
83 92 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
84 93 fi
85 94
86 95 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
87 96 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
88 97 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
89 98 fi
90 99 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant