diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2022-05-10 18:15:09 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2022-05-10 18:15:09 +0200 |
| commit | 0da8aa5c7299afba7d7dd9d43462d84f5e74b8c8 (patch) | |
| tree | f527c09b18a55792c5c52608adb47d9225a6f7fd /setup-sshd.in | |
| parent | bb417cde84575ab95fb1d3d8e36439f3181d2f4b (diff) | |
| download | alpine-conf-0da8aa5c7299afba7d7dd9d43462d84f5e74b8c8.zip | |
setup-sshd: ask for allow root logins
fixes https://gitlab.alpinelinux.org/alpine/alpine-conf/-/issues/10504
Diffstat (limited to 'setup-sshd.in')
| -rw-r--r-- | setup-sshd.in | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/setup-sshd.in b/setup-sshd.in index 78cdaf4..6a85d25 100644 --- a/setup-sshd.in +++ b/setup-sshd.in @@ -43,6 +43,25 @@ fi apk add --quiet $pkgs +if [ "$sshdchoice" = "openssh" ]; then + while true; do + ask "Allow root ssh login? ('yes', 'no', 'prohibit-password' or KEYURL) [prohibit-password]" prohibit-password + case "$resp" in + yes|no|prohibit-password) + sed -i -E -e "s/^#?\s*PermitRootLogin.*/PermitRootLogin $resp/" /etc/ssh/sshd_config + if ! grep -q ^PermitRootLogin /etc/ssh/sshd_config; then + echo "PermitRootLogin $resp" >> /etc/ssh/sshd_config + fi + break + ;; + http://*|https://*) + authorized_key="$(wget -qO- "$resp")" || { echo "Could not fetch key from '$resp'"; continue; } + break + ;; + esac + done +fi + svc= case "$sshdchoice" in openssh) svc=sshd;; |