SSH configuration

by willemkokke
0 deployments · 0 still active · last rev. 1 year ago

This is a library to configure SSH
Do not deploy directly, but include it with:

source <ssinclude StackScriptID=14153>

You need to copy the UDF declarations into the main calling script as only the main script seems to be parsed for UDF declarations.

@willemkokke

Compatible with: Ubuntu 14.04 LTS
						#!/bin/bash
# @willemkokke
# Copy this into the main calling script
# <UDF name="ssh_public_key" label="SSH Public Key" default="" />
# <UDF name="sshd_permitroot" label="SSH Permit Root Login" oneof="No,Yes" default="No" />
# <UDF name="sshd_passwordauth" label="SSH Permit Password Authentication" oneOf="No,Yes" default="No" />

source <ssinclude StackScriptID=14154> # Utilities
source <ssinclude StackScriptID=14152> # User configuration

function sshd_set_bool {
    # sshd_set_bool (parameter, "Yes"|"No")
    # $1 parameter
    # $2 value
    VALUE=`lowercase $2`
    if [ "$VALUE" == "yes" ] || [ "$VALUE" == "no" ]; then
        sed -i "s/^#*\($1\).*/\1 $VALUE/" /etc/ssh/sshd_config
    fi
}

function sshd_set_permitrootlogin {
    sshd_set_bool "PermitRootLogin" "$1"
    log "SSHD: set PermitRootLogin to $1"
}

function sshd_set_passwordauthentication {
    sshd_set_bool "PasswordAuthentication" "$1"
    log "SSHD: set PasswordAuthentication to $1"
}

function set_ssh_key {
    #set_ssh_key(username, key)
    # $1 username
    # $2 key
    USER_HOME=`get_home_directory "$1"`
    sudo -u "$1" mkdir "$USER_HOME/.ssh"
    sudo -u "$1" touch "$USER_HOME/.ssh/authorized_keys"
    sudo -u "$1" echo "$2" >> "$USER_HOME/.ssh/authorized_keys"
    chmod 0600 "$USER_HOME/.ssh/authorized_keys"
    log "SSHD: set SSH Public Key in $USER_HOME/.ssh/authorized_keys to $2"
}

function configure_ssh_key {
    if [ -n "$SSH_PUBLIC_KEY" ]; then
        set_ssh_key $USER_NAME "$SSH_PUBLIC_KEY"
    fi
}

function configure_ssh {
    configure_ssh_key
    sshd_set_permitrootlogin $SSHD_PERMITROOT
    sshd_set_passwordauthentication $SSHD_PASSWORDAUTH

    # mark the ssh service for restart
    touch /tmp/restart-ssh
}