From a83faa7789ddb8c930a973774e5cedf062e10919 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 3 Dec 2009 10:55:59 -0800 Subject: SSH enhancements Add public key support Convert allow-root and password-authentication from boolean nodes to regular nodes. --- templates/service/ssh/allow-root/node.def | 15 +++------------ .../service/ssh/disable-password-authentication/node.def | 5 +++++ templates/service/ssh/password-authentication/node.def | 14 -------------- .../system/login/user/node.tag/authorized-keys/node.def | 14 ++++++++++++++ .../authorized-keys/node.tag/description/node.def | 2 ++ .../user/node.tag/authorized-keys/node.tag/type/node.def | 4 ++++ 6 files changed, 28 insertions(+), 26 deletions(-) create mode 100644 templates/service/ssh/disable-password-authentication/node.def delete mode 100644 templates/service/ssh/password-authentication/node.def create mode 100644 templates/system/login/user/node.tag/authorized-keys/node.def create mode 100644 templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def create mode 100644 templates/system/login/user/node.tag/authorized-keys/node.tag/type/node.def (limited to 'templates') diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def index 25a5a97a..1c56d221 100644 --- a/templates/service/ssh/allow-root/node.def +++ b/templates/service/ssh/allow-root/node.def @@ -1,14 +1,5 @@ -type: bool -default: false -help: Enable/disable root login over ssh -update: if [ "$VAR(@)" == "true" ]; - then regex='/^PermitRootLogin/s/no/yes/' - else regex='/^PermitRootLogin/s/yes/no/' - fi - sudo sed -i -e "$regex" /etc/ssh/sshd_config +help: Enable root login over ssh -comp_help: possible completions: - true Enable root login over ssh - false Disable root login over ssh +update: sudo sed -i -e '/^PermitRootLogin/s/no/yes/' /etc/ssh/sshd_config -allowed: echo "true false" +delete: sudo sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def new file mode 100644 index 00000000..59abacfc --- /dev/null +++ b/templates/service/ssh/disable-password-authentication/node.def @@ -0,0 +1,5 @@ +help: Don't allow unknown user to login with password + +update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/password-authentication/node.def b/templates/service/ssh/password-authentication/node.def deleted file mode 100644 index c17dd47c..00000000 --- a/templates/service/ssh/password-authentication/node.def +++ /dev/null @@ -1,14 +0,0 @@ -type: bool -default: true -help: Allow user's to login with password -update: if [ "$VAR(@)" == "true" ]; - then regex='/^PasswordAuthentication/s/no/yes/' - else regex='/^PasswordAuthentication/s/yes/no/' - fi - sudo sed -i -e "$regex" /etc/ssh/sshd_config - -comp_help: possible completions: - true Allow authentication with password - false Disable authentication with password (secure) - -allowed: echo "true false" diff --git a/templates/system/login/user/node.tag/authorized-keys/node.def b/templates/system/login/user/node.tag/authorized-keys/node.def new file mode 100644 index 00000000..1587fa46 --- /dev/null +++ b/templates/system/login/user/node.tag/authorized-keys/node.def @@ -0,0 +1,14 @@ +tag: +type: txt +help: Set public keys for authorized login + +syntax:expression: pattern $VAR(@) "^[0-9A-Za-z+/=]*$" ; "Invalid public key not base-64" + +comp_help: + Public key of remote user allowed to login without password + The key must be encode as base-64 text string. The key is usually + several hundred bytes long (because of the size of the public key + encoding). You don't want to type them in; instead, use the + script ssh-load-key to set them. + + diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def new file mode 100644 index 00000000..7c81ff12 --- /dev/null +++ b/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Ssh public-key description (usually user@host) diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/type/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/type/node.def new file mode 100644 index 00000000..54482824 --- /dev/null +++ b/templates/system/login/user/node.tag/authorized-keys/node.tag/type/node.def @@ -0,0 +1,4 @@ +type: txt +help: Public key type +allowed: echo "ssh-dsa ssh-rsa" +syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dsa" -- cgit v1.2.3