From 0da8aa5c7299afba7d7dd9d43462d84f5e74b8c8 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 10 May 2022 18:15:09 +0200
Subject: setup-sshd: ask for allow root logins

fixes https://gitlab.alpinelinux.org/alpine/alpine-conf/-/issues/10504
---
 setup-sshd.in | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'setup-sshd.in')

diff --git a/setup-sshd.in b/setup-sshd.in
index 78cdaf4..6a85d25 100644
--- a/setup-sshd.in
+++ b/setup-sshd.in
@@ -43,6 +43,25 @@ fi
 
 apk add --quiet $pkgs
 
+if [ "$sshdchoice" = "openssh" ]; then
+	while true; do
+		ask "Allow root ssh login? ('yes', 'no', 'prohibit-password' or KEYURL) [prohibit-password]" prohibit-password
+		case "$resp" in
+			yes|no|prohibit-password)
+				sed -i -E -e "s/^#?\s*PermitRootLogin.*/PermitRootLogin $resp/" /etc/ssh/sshd_config
+				if ! grep -q ^PermitRootLogin /etc/ssh/sshd_config; then
+					echo "PermitRootLogin $resp"  >> /etc/ssh/sshd_config
+				fi
+				break
+				;;
+			http://*|https://*)
+				authorized_key="$(wget -qO- "$resp")" || { echo "Could not fetch key from '$resp'"; continue; }
+				break
+				;;
+		esac
+	done
+fi
+
 svc=
 case "$sshdchoice" in
 	openssh) svc=sshd;;
-- 
cgit v1.2.3