V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -34,13 +34,13 @@ installation_ssh() {
|
||||
### Declare Arrays, HashMaps, and Variables.
|
||||
declare -a ary_user=()
|
||||
declare -i i=0
|
||||
declare var_auth="" var_name=""
|
||||
declare var_auth="" var_name="" var_ca=""
|
||||
|
||||
do_in_target "${TARGET}" apt-get install -y --no-install-recommends --no-install-suggests ssh
|
||||
|
||||
install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/"
|
||||
install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/motd" "${TARGET}/etc/"
|
||||
do_log "info" "file_only" "4420() Installed SSH banner and motd to '${TARGET}/etc/'."
|
||||
do_log "info" "file_only" "4420() Installed SSH '/etc/banner' and '/etc/motd'."
|
||||
|
||||
### Only process those for which both *_name and *_authentication_access_ssh are set.
|
||||
for ((i = 0; i <= VAR_USER_MAX; i++)); do
|
||||
@@ -59,39 +59,56 @@ installation_ssh() {
|
||||
#shellcheck disable=SC2312
|
||||
do_in_target "${TARGET}" ssh-keygen -o -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -C "root@${VAR_FINAL_FQDN}-$(date -I)"
|
||||
|
||||
mkdir -p "${DIR_BAK}/etc/ssh"
|
||||
cp "${TARGET}/etc/ssh/sshd_config" "${DIR_BAK}/etc/ssh/sshd_config.bak"
|
||||
chmod 0644 "${DIR_BAK}/etc/ssh/sshd_config.bak"
|
||||
cp "${TARGET}/etc/ssh/ssh_config" "${DIR_BAK}/etc/ssh/ssh_config.bak"
|
||||
chmod 0644 "${DIR_BAK}/etc/ssh/ssh_config.bak"
|
||||
|
||||
mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc/ssh"
|
||||
cp "${TARGET}/etc/ssh/sshd_config" "${TARGET}/root/.ciss/cdi/backup/etc/ssh/sshd_config.bak"
|
||||
cp "${TARGET}/etc/ssh/ssh_config" "${TARGET}/root/.ciss/cdi/backup/etc/ssh/ssh_config.bak"
|
||||
rm -f "${TARGET}/etc/ssh/sshd_config"
|
||||
|
||||
install -D -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/ssh/sshd_config" "${TARGET}/etc/ssh/sshd_config"
|
||||
chmod 0600 "${TARGET}/etc/ssh/ssh_config"
|
||||
|
||||
insert_comments "${TARGET}/etc/ssh/sshd_config"
|
||||
|
||||
# shellcheck disable=SC2153
|
||||
sed -i -E "s|^\s*ListenAddress\s+.*$|$(printf '%-30s%s' 'ListenAddress' "${VAR_FINAL_IPV4}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
#sed -i -E "s|^\s*ListenAddress\s+.*$|$(printf '%-29s%s' 'ListenAddress' "${VAR_FINAL_IPV4}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i -E "s|^[[:space:]]*ListenAddress[[:space:]]+.*$|$(printf '%-29s%s' 'ListenAddress' "${VAR_FINAL_IPV4}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
|
||||
if [[ -n "${VAR_FINAL_IPV6}" ]]; then
|
||||
sed -i -E "s|^\s*ListenAddress\s+::.*$|$(printf '%-30s%s' 'ListenAddress' "${VAR_FINAL_IPV6}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
#sed -i -E "s|^\s*ListenAddress\s+::.*$|$(printf '%-29s%s' 'ListenAddress' "${VAR_FINAL_IPV6}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i -E "s|^[[:space:]]*ListenAddress[[:space:]]+::.*$|$(printf '%-29s%s' 'ListenAddress' "${VAR_FINAL_IPV6}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
else
|
||||
sed -i "/^\s*ListenAddress\s*::/d" "${TARGET}/etc/ssh/sshd_config"
|
||||
#sed -i "/^\s*ListenAddress\s*::/d" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i "/^[[:space:]]*ListenAddress[[:space:]]*::/d" "${TARGET}/etc/ssh/sshd_config"
|
||||
fi
|
||||
|
||||
sed -i -E "s|^\s*Port\s+.*$|$(printf '%-30s%s' 'Port' "${ssh_port}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
#sed -i -E "s|^\s*Port\s+.*$|$(printf '%-29s%s' 'Port' "${ssh_port}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i -E "s|^[[:space:]]*Port[[:space:]]+.*$|$(printf '%-29s%s' 'Port' "${ssh_port}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
|
||||
if (( ${#ary_user[@]} > 0 )); then
|
||||
sed -i -E "s|^\s*AllowUsers\s+.*$|$(printf '%-30s%s' 'AllowUsers' "root ${ary_user[*]}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i -E "s|^\s*AllowUsers\s+.*$|$(printf '%-29s%s' 'AllowUsers' "root ${ary_user[*]}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
fi
|
||||
|
||||
if [[ -n "${ssh_root_ca}" ]]; then
|
||||
var_ca="${ssh_root_ca##*/}"
|
||||
install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}${ssh_root_ca}" "${TARGET}/etc/ssh/"
|
||||
sed -i -E "s|^\s*TrustedUserCAKeys\s+.*$|$(printf '%-30s%s' 'TrustedUserCAKeys' "/etc/ssh/${ssh_root_ca}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
sed -i -E "s|^\s*TrustedUserCAKeys\s+.*$|$(printf '%-29s%s' 'TrustedUserCAKeys' "/etc/ssh/${var_ca}")|" "${TARGET}/etc/ssh/sshd_config"
|
||||
fi
|
||||
|
||||
do_in_target_script "${TARGET}" "sshd -T >| /root/.ciss/cdi/log/sshd_config.log"
|
||||
do_in_target_script "${TARGET}" "ssh-keygen -r ${VAR_FINAL_FQDN}. >| /root/.ciss/cdi/log/ssh.log"
|
||||
### Preparing the test environment in chroot.
|
||||
do_in_target "${TARGET}" install -d -o root -g root -m 0755 /run/sshd
|
||||
|
||||
### Syntax test (hard).
|
||||
if ! do_in_target_script "${TARGET}" "sshd -t -f /etc/ssh/sshd_config"; then
|
||||
do_log "emergency" "file_only" "4420() [sshd -t -f /etc/ssh/sshd_config] failed."
|
||||
return "${ERR_CONF_VALIDATION}"
|
||||
fi
|
||||
|
||||
### Effective configuration (soft, purely informative).
|
||||
if ! do_in_target_script "${TARGET}" "sshd -T -f /etc/ssh/sshd_config >| /root/.ciss/cdi/log/sshd_config.log"; then
|
||||
do_log "warn" "file_only" "4420() [sshd -T -f /etc/ssh/sshd_config] failed. Likely env. Continuing."
|
||||
fi
|
||||
|
||||
do_in_target_script "${TARGET}" "ssh-keygen -r ${VAR_FINAL_FQDN}. >| /root/.ciss/cdi/log/SSHFP.log"
|
||||
|
||||
###########################################################################################
|
||||
# The file /etc/profile.d/idle-users.sh is created to set two read-only #
|
||||
|
||||
Reference in New Issue
Block a user