From b4a038b8c43b1a5b75f16320ee34e7a0dd7669e8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 1 Jun 2017 20:51:19 +0100 Subject: [PATCH] Fix ssh configuration --- src/freedombone-image-customise | 2 ++ src/freedombone-utils-ssh | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 7ec5abb8..efa4fdf5 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -279,6 +279,7 @@ configure_ssh() { fi sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config + sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config if [[ "$SSH_PUBKEY" != "no" ]]; then if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then @@ -287,6 +288,7 @@ configure_ssh() { echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config + sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config echo $"Using ssh public key:" echo $SSH_PUBKEY echo $'Password ssh authentication turned off' diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh index 7503420e..b0582030 100755 --- a/src/freedombone-utils-ssh +++ b/src/freedombone-utils-ssh @@ -41,10 +41,15 @@ function configure_ssh { return fi sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config + sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" /etc/ssh/sshd_config sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config + sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config + sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config + sed -i 's/#ServerKeyBits 4096/ServerKeyBits 4096/g' /etc/ssh/sshd_config sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config + sed -i 's/#TCPKeepAlive no/TCPKeepAlive no/g' /etc/ssh/sshd_config sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then @@ -57,26 +62,31 @@ function configure_ssh { else echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config fi + sed -i 's/#ClientAliveInterval 60/ClientAliveInterval 60/g' /etc/ssh/sshd_config if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config else echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config fi + sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 3/g' /etc/ssh/sshd_config if grep -q 'Ciphers' /etc/ssh/sshd_config; then sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config else echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config fi + sed -i "s|#Ciphers $SSH_CIPHERS|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config if grep -q 'MACs' /etc/ssh/sshd_config; then sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config else echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config fi + sed -i "s|#MACs $SSH_MACS|MACs $SSH_MACS|g" /etc/ssh/sshd_config if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config else echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config fi + sed -i "s|#KexAlgorithms $SSH_KEX|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config apt-get -yq install fail2ban vim-common