Disable password logins for mesh nodes

If you need to get ssh access then manually add a public key to authorized_keys
2016-06-04 18:13:26 +01:00 · 2016-06-04 18:13:26 +01:00 · 125900faf2
parent 0e91aafbbf
commit 125900faf2
1 changed files with 23 additions and 0 deletions
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@ -36,6 +36,8 @@ PEER_ID=
 INSTALL_DIR=/root/build
 INSTALL_LOG=/var/log/${PROJECT_NAME}.log

+DEFAULT_USERNAME=fbone
+
 TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
@ -506,6 +508,26 @@ function configure_toxcore {
 	echo $'toxic client configured' >> $INSTALL_LOG
 }

+function disable_password_logins {
+	if [ ! -d /home/$DEFAULT_USERNAME ]; then
+		echo $"Home directory for $DEFAULT_USERNAME not found"
+		exit 3682572
+	fi
+
+	# create an authorized_keys file
+	if [ ! -d /home/$DEFAULT_USERNAME/.ssh ]; then
+		mkdir -p /home/$DEFAULT_USERNAME/.ssh
+	fi
+	if [ ! -f /home/$DEFAULT_USERNAME/.ssh/authorized_keys ]; then
+		touch /home/$DEFAULT_USERNAME/.ssh/authorized_keys
+	fi
+	chown -R $DEFAULT_USERNAME:$DEFAULT_USERNAME /home/$DEFAULT_USERNAME/.ssh
+
+	# disable password logins
+	sed -i 's|#PasswordAuthentication.*|PasswordAuthentication no|g' /etc/ssh/sshd_config
+	sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' /etc/ssh/sshd_config
+}
+
 if [ -f /root/.initial_mesh_setup ]; then
 	if [ $1 ]; then
 		MY_USERNAME=$1
@ -530,6 +552,7 @@ if [ -f /root/.initial_mesh_setup ]; then
 	#compile_tox_client
 	configure_toxcore
 	configure_zeronet
+	disable_password_logins

 	rm /root/.initial_mesh_setup
 	systemctl disable mesh-setup.service