free
/
freedombonee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enable or disable ssh password logins

This commit is contained in:
Bob Mottram 2015-02-01 18:00:09 +00:00
parent 66f4feb955
commit f790606705
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/freedombone-sec
View File

@ -34,6 +34,7 @@ SSH_CIPHERS=
SSH_MACS= SSH_MACS=
SSH_KEX= SSH_KEX=
SSH_HOST_KEY_ALGORITHMS= SSH_HOST_KEY_ALGORITHMS=
SSH_PASSWORDS=
XMPP_CIPHERS= XMPP_CIPHERS=
XMPP_ECC_CURVE= XMPP_ECC_CURVE=
@ -105,6 +106,7 @@ function get_ssh_settings {
SSH_CIPHERS=$(cat $SSH_CONFIG | grep 'Ciphers ' | awk -F 'Ciphers ' '{print $2}') SSH_CIPHERS=$(cat $SSH_CONFIG | grep 'Ciphers ' | awk -F 'Ciphers ' '{print $2}')
SSH_MACS=$(cat $SSH_CONFIG | grep 'MACs ' | awk -F 'MACs ' '{print $2}') SSH_MACS=$(cat $SSH_CONFIG | grep 'MACs ' | awk -F 'MACs ' '{print $2}')
SSH_KEX=$(cat $SSH_CONFIG | grep 'KexAlgorithms ' | awk -F 'KexAlgorithms ' '{print $2}') SSH_KEX=$(cat $SSH_CONFIG | grep 'KexAlgorithms ' | awk -F 'KexAlgorithms ' '{print $2}')
SSH_PASSWORDS=$(cat $SSH_CONFIG | grep 'PasswordAuthentication ' | awk -F 'PasswordAuthentication ' '{print $2}')
fi fi
if [ -f /etc/ssh/ssh_config ]; then if [ -f /etc/ssh/ssh_config ]; then
SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}') SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}')
@ -175,10 +177,14 @@ function change_ssh_settings {
if [ ! $SSH_KEX ]; then if [ ! $SSH_KEX ]; then
return return
fi fi
if [ ! $SSH_PASSWORDS ]; then
return
fi
sed -i "s|Ciphers .*|Ciphers $SSH_CIPHERS|g" $SSH_CONFIG sed -i "s|Ciphers .*|Ciphers $SSH_CIPHERS|g" $SSH_CONFIG
sed -i "s|MACs .*|MACs $SSH_MACS|g" $SSH_CONFIG sed -i "s|MACs .*|MACs $SSH_MACS|g" $SSH_CONFIG
sed -i "s|KexAlgorithms .*|KexAlgorithms $SSH_KEX|g" $SSH_CONFIG sed -i "s|KexAlgorithms .*|KexAlgorithms $SSH_KEX|g" $SSH_CONFIG
sed -i "s|PasswordAuthentication .*|PasswordAuthentication $SSH_PASSWORDS|g" $SSH_CONFIG
service ssh restart service ssh restart
echo 'ssh server security settings changed' echo 'ssh server security settings changed'
fi fi
@ -254,6 +260,23 @@ function interactive_setup {
esac esac
fi fi
if [[ $SSH_PASSWORDS == "yes" ]]; then
dialog --title "SSH Passwords" \
--backtitle "Freedombone Security Configuration" \
--yesno "\nAllow SSH login using passwords?" 7 60
else
dialog --title "SSH Passwords" \
--backtitle "Freedombone Security Configuration" \
--defaultno \
--yesno "\nAllow SSH login using passwords?" 7 60
fi
sel=$?
case $sel in
0) SSH_PASSWORDS="yes";;
1) SSH_PASSWORDS="no";;
255) exit 0;;
esac
if [ $XMPP_CIPHERS ]; then if [ $XMPP_CIPHERS ]; then
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15