@@ -1,90 +1,99 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup SSH settings and public keys |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | if [ "$ENABLE_SSHD" = true ] ; then |
|
9 | 9 | if [ "$SSH_ENABLE_ROOT" = false ] ; then |
|
10 | 10 | # User root is not allowed to log in |
|
11 | 11 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config" |
|
12 | 12 | fi |
|
13 | 13 | |
|
14 | 14 | if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then |
|
15 | 15 | # Permit SSH root login |
|
16 | 16 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config" |
|
17 | 17 | |
|
18 | 18 | # Create root SSH config directory |
|
19 | 19 | mkdir -p "${R}/root/.ssh" |
|
20 | 20 | |
|
21 | 21 | # Set permissions of root SSH config directory |
|
22 | 22 | chroot_exec chmod 700 "/root/.ssh" |
|
23 | 23 | chroot_exec chown root:root "/root/.ssh" |
|
24 | 24 | |
|
25 | 25 | # Install SSH (v2) authorized keys file for user root |
|
26 | 26 | if [ ! -z "$SSH_ROOT_AUTHORIZED_KEYS" ] ; then |
|
27 | 27 | install_readonly "$SSH_ROOT_AUTHORIZED_KEYS" "${R}/root/.ssh/authorized_keys2" |
|
28 | 28 | fi |
|
29 | 29 | |
|
30 | 30 | # Add SSH (v2) public key for user root |
|
31 | 31 | if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then |
|
32 | 32 | cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys2" |
|
33 | 33 | fi |
|
34 | 34 | |
|
35 | 35 | # Set permissions of root SSH authorized keys file |
|
36 | 36 | if [ -f "${R}/root/.ssh/authorized_keys2" ] ; then |
|
37 | 37 | chroot_exec chmod 600 "/root/.ssh/authorized_keys2" |
|
38 | 38 | chroot_exec chown root:root "/root/.ssh/authorized_keys2" |
|
39 | 39 | |
|
40 | 40 | # Allow SSH public key authentication |
|
41 | 41 | sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config" |
|
42 | 42 | fi |
|
43 | 43 | fi |
|
44 | 44 | |
|
45 | if [ "$ENABLE_USER" = true ] ; then | |
|
45 | 46 | # Create $USER_NAME SSH config directory |
|
46 | 47 | mkdir -p "${R}/home/${USER_NAME}/.ssh" |
|
47 | 48 | |
|
48 | 49 | # Set permissions of $USER_NAME SSH config directory |
|
49 | 50 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" |
|
50 | 51 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" |
|
51 | 52 | |
|
52 | 53 | # Install SSH (v2) authorized keys file for user $USER_NAME |
|
53 | 54 | if [ ! -z "$SSH_USER_AUTHORIZED_KEYS" ] ; then |
|
54 | 55 | install_readonly "$SSH_USER_AUTHORIZED_KEYS" "${R}/home/${USER_NAME}/.ssh/authorized_keys2" |
|
55 | 56 | fi |
|
56 | 57 | |
|
57 | 58 | # Add SSH (v2) public key for user $USER_NAME |
|
58 | 59 | if [ ! -z "$SSH_USER_PUB_KEY" ] ; then |
|
59 | 60 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys2" |
|
60 | 61 | fi |
|
61 | 62 | |
|
62 | 63 | # Set permissions of $USER_NAME SSH authorized keys file |
|
63 | 64 | if [ -f "${R}/home/${USER_NAME}/.ssh/authorized_keys2" ] ; then |
|
64 | 65 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys2" |
|
65 | 66 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys2" |
|
66 | 67 | |
|
67 | 68 | # Allow SSH public key authentication |
|
68 | 69 | sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config" |
|
69 | 70 | fi |
|
71 | fi | |
|
70 | 72 | |
|
71 | 73 | # Limit the users that are allowed to login via SSH |
|
72 | 74 | if [ "$SSH_LIMIT_USERS" = true ] ; then |
|
75 | allowed_users="" | |
|
73 | 76 | if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then |
|
74 | echo "AllowUsers root ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config" | |
|
75 | else | |
|
76 | echo "AllowUsers ${USER_NAME}" >> "${ETC_DIR}/ssh/sshd_config" | |
|
77 | allowed_users="root" | |
|
78 | fi | |
|
79 | ||
|
80 | if [ "$ENABLE_USER" = true ] ; then | |
|
81 | allowed_users="${allowed_users} ${USER_NAME}" | |
|
82 | fi | |
|
83 | ||
|
84 | if [ ! -z "$allowed_users" ] ; then | |
|
85 | echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" | |
|
77 | 86 | fi |
|
78 | 87 | fi |
|
79 | 88 | |
|
80 | 89 | # Disable password-based authentication |
|
81 | 90 | if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then |
|
82 | 91 | if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then |
|
83 | 92 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config" |
|
84 | 93 | fi |
|
85 | 94 | |
|
86 | 95 | sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config" |
|
87 | 96 | sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config" |
|
88 | 97 | sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config" |
|
89 | 98 | fi |
|
90 | 99 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant