##// END OF EJS Templates
Fixed: ssh public key and AllowUsers for ENABLE_USER=false
drtyhlpr -
r122:1e776801295f
parent child
Show More
@@ -1,90 +1,99
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 9 if [ "$SSH_ENABLE_ROOT" = false ] ; then
10 10 # User root is not allowed to log in
11 11 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
12 12 fi
13 13
14 14 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
15 15 # Permit SSH root login
16 16 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
17 17
18 18 # Create root SSH config directory
19 19 mkdir -p "${R}/root/.ssh"
20 20
21 21 # Set permissions of root SSH config directory
22 22 chroot_exec chmod 700 "/root/.ssh"
23 23 chroot_exec chown root:root "/root/.ssh"
24 24
25 25 # Install SSH (v2) authorized keys file for user root
26 26 if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then
27 27 install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys2"
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
32 32 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys2"
33 33 fi
34 34
35 35 # Set permissions of root SSH authorized keys file
36 36 if [ -f "${R}/root/.ssh/authorized_keys2" ] ; then
37 37 chroot_exec chmod 600 "/root/.ssh/authorized_keys2"
38 38 chroot_exec chown root:root "/root/.ssh/authorized_keys2"
39 39
40 40 # Allow SSH public key authentication
41 41 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
42 42 fi
43 43 fi
44 44
45 if [ "$ENABLE_USER" = true ] ; then
45 46 # Create $USER_NAME SSH config directory
46 47 mkdir -p "${R}/home/${USER_NAME}/.ssh"
47 48
48 49 # Set permissions of $USER_NAME SSH config directory
49 50 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
50 51 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
51 52
52 53 # Install SSH (v2) authorized keys file for user $USER_NAME
53 54 if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then
54 55 install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
55 56 fi
56 57
57 58 # Add SSH (v2) public key for user $USER_NAME
58 59 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
59 60 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2"
60 61 fi
61 62
62 63 # Set permissions of $USER_NAME SSH authorized keys file
63 64 if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then
64 65 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2"
65 66 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2"
66 67
67 68 # Allow SSH public key authentication
68 69 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
69 70 fi
71 fi
70 72
71 73 # Limit the users that are allowed to login via SSH
72 74 if [ "$SSH_LIMIT_USERS" = true ] ; then
75 allowed_users=""
73 76 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
74 echo "AllowUsers root ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"
75 else
76 echo "AllowUsers ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config"
77 allowed_users="root"
78 fi
79
80 if [ "$ENABLE_USER" = true ] ; then
81 allowed_users="${allowed_users} ${USER_NAME}"
82 fi
83
84 if [ ! -z "$allowed_users" ] ; then
85 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
77 86 fi
78 87 fi
79 88
80 89 # Disable password-based authentication
81 90 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
82 91 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
83 92 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
84 93 fi
85 94
86 95 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
87 96 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
88 97 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
89 98 fi
90 99 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant