diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2022-05-21 14:02:54 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2022-05-21 14:02:54 +0200 |
| commit | a3a8dfaf6669b61f289ced571a14e8d0067e5d68 (patch) | |
| tree | 4b1e749ccb65739bddab41f4e8d0e5fc43c9d1c3 /setup-sshd.in | |
| parent | 6f2bd755a7e639c957a216bf8d1965ecbfb62d0e (diff) | |
| download | alpine-conf-a3a8dfaf6669b61f289ced571a14e8d0067e5d68.zip | |
setup-sshd: refactor
Ask for ssh key in separate question unless PermitRootLogin was set to
no.
Diffstat (limited to 'setup-sshd.in')
| -rw-r--r-- | setup-sshd.in | 55 |
1 files changed, 45 insertions, 10 deletions
diff --git a/setup-sshd.in b/setup-sshd.in index 1990388..280c015 100644 --- a/setup-sshd.in +++ b/setup-sshd.in @@ -27,12 +27,23 @@ Valid options are: prohibit-password root will be able to login with ssh key but not with password - - KEYURL ssh key will be feetched from the KEYURL and added to - /root/.ssh/authorized_keys __EOF__ } +set_sshd_config() { + local key="$1" value="$2" + sed -i -E -e "s/^#?\s*$key.*/$key $value/" \ + "$ROOT"/etc/ssh/sshd_config 2>/dev/null + if ! grep -q -w "^$key" "$ROOT"/etc/ssh/sshd_config; then + echo "$key $value" >> "$ROOT"/etc/ssh/sshd_config + fi +} + +get_sshd_config() { + local key="$1" value="$2" + awk -v key="$key" '$1 == key {print $2}' "$ROOT"/etc/ssh/sshd_config +} + authorized_key="$SSH_KEY" while getopts "hc:k:" opt; do case $opt in @@ -46,11 +57,11 @@ shift $(( $OPTIND - 1 )) case "$1" in openssh|dropbear|none) sshdchoice="$1" ;; - "") ;; + "") interactive=1;; *) usage "1" >&2;; esac -while ! isin "$sshdchoice" openssh dropbear none; do +while [ -n "$interactive" ] && ! isin "$sshdchoice" openssh dropbear none; do ask "Which ssh server? ('openssh', 'dropbear' or 'none')" openssh sshdchoice="$resp" done @@ -68,7 +79,7 @@ $MOCK apk add --quiet $pkgs if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ]; then suggest=prohibit-password - while true; do + while [ -n "$interactive" ]; do ask "Allow root ssh login? ('?' for help)" "$suggest" case "$resp" in '?') @@ -88,12 +99,34 @@ if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ]; then continue ;; yes|no|prohibit-password) - sed -i -E -e "s/^#?\s*PermitRootLogin.*/PermitRootLogin $resp/" "$ROOT"/etc/ssh/sshd_config - if ! grep -q ^PermitRootLogin "$ROOT"/etc/ssh/sshd_config; then - echo "PermitRootLogin $resp" >> "$ROOT"/etc/ssh/sshd_config - fi + set_sshd_config PermitRootLogin "$resp" + break + ;; + http://*|https://*) + authorized_key="$(wget -qO- "$resp")" || { + echo "Failed to fetch key from '$resp'" + continue + } break ;; + esac + done + suggest=none + while [ -n "$interactive" ] && [ "$(get_sshd_config PermitRootLogin)" != "no" ]; do + ask "Enter ssh key or URL for root (or 'none')" "$suggest" + case "$resp" in + "al "*) + suggest="https://gitlab.alpinelinux.org/${resp#* }.keys" + continue + ;; + "gl "*) + suggest="https://gitlab.com/${resp#* }.keys" + continue + ;; + "gh "*) + suggest="https://github.com/${resp#* }.keys" + continue + ;; http://*|https://*) authorized_key="$(wget -qO- "$resp")" || { echo "Failed to fetch key from '$resp'" @@ -105,6 +138,8 @@ if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ]; then done fi +# ask "Enter ssh key or URL for $username (or 'none')" none + svc= case "$sshdchoice" in openssh) svc=sshd;; |