blob: 6a85d2594b13e14a037969deda5bcb93434f6f05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/bin/sh
PREFIX=@PREFIX@
. "$PREFIX/lib/libalpine.sh"
usage() {
cat <<-__EOF__
usage: setup-sshd [-h] [-c choice of SSH daemon] [-k authorized key]
Setup sshd daemon
options:
-h Show this help
-c Choice of SSH daemon: openssh dropbear none
-k Authorized key for root (HTTP(S)/FTP URL, the public key itself or 'none')
__EOF__
exit 1
}
authorized_key="$SSH_KEY"
while getopts "hc:k:" opt; do
case $opt in
h) usage;;
c) sshdchoice="$OPTARG";;
k) authorized_key="$OPTARG";;
esac
done
while ! isin "$sshdchoice" openssh dropbear none; do
ask "Which SSH server? ('openssh', 'dropbear' or 'none')" openssh
sshdchoice="$resp"
done
if [ "$sshdchoice" = "none" ]; then
exit 0
fi
pkgs="$sshdchoice"
if [ "$sshdchoice" = "openssh" ] && apk info --quiet --installed acf-core; then
pkgs="$pkgs acf-openssh"
fi
apk add --quiet $pkgs
if [ "$sshdchoice" = "openssh" ]; then
while true; do
ask "Allow root ssh login? ('yes', 'no', 'prohibit-password' or KEYURL) [prohibit-password]" prohibit-password
case "$resp" in
yes|no|prohibit-password)
sed -i -E -e "s/^#?\s*PermitRootLogin.*/PermitRootLogin $resp/" /etc/ssh/sshd_config
if ! grep -q ^PermitRootLogin /etc/ssh/sshd_config; then
echo "PermitRootLogin $resp" >> /etc/ssh/sshd_config
fi
break
;;
http://*|https://*)
authorized_key="$(wget -qO- "$resp")" || { echo "Could not fetch key from '$resp'"; continue; }
break
;;
esac
done
fi
svc=
case "$sshdchoice" in
openssh) svc=sshd;;
dropbear) svc=dropbear;;
esac
if [ -n "$svc" ]; then
rc-update add $svc default
rc-service $svc start
fi
if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then
# if the argument is an HTTP(S)/FTP URL, try to fetch the file contents
case "$authorized_key" in
http*://*|ftp://)
key_url="$authorized_key"
authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
;;
esac
mkdir -p ${ROOT}/root/.ssh
echo "$authorized_key" >> ${ROOT}/root/.ssh/authorized_keys
fi
|