simplify ssh setup
This commit is contained in:
parazyd
parent
c3128bb1bc
commit
6002758634
7
config
7
config
|
|
@ -41,8 +41,8 @@ core_packages=(
|
|||
bzip2
|
||||
curl
|
||||
less
|
||||
vim-tiny
|
||||
nano-tiny
|
||||
vim
|
||||
nano
|
||||
sysvinit
|
||||
)
|
||||
|
||||
|
|
@ -54,8 +54,9 @@ base_packages=(
|
|||
sudo
|
||||
alsa-base
|
||||
alsa-utils
|
||||
gawk
|
||||
mawk
|
||||
tmux
|
||||
screen
|
||||
openntpd
|
||||
wpasupplicant
|
||||
wireless-tools
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ bootstrap_complete_base() {
|
|||
conf_print_networkifaces | sudo tee $strapdir/etc/network/interfaces
|
||||
conf_print_resolvconf | sudo tee $strapdir/etc/resolv.conf
|
||||
conf_print_sourceslist | sudo tee $strapdir/etc/apt/sources.list
|
||||
conf_print_locales | sudo tee $strapdir/etc/profile.d/locales.sh
|
||||
|
||||
## write third-stage for chroot
|
||||
bootstrap_config_thirdstage | sudo tee $strapdir/thirdstage
|
||||
|
|
|
|||
|
|
@ -177,52 +177,12 @@ enablessh() {
|
|||
req=(strapdir)
|
||||
ckreq || return 1
|
||||
|
||||
cat <<EOF | sudo tee -a ${strapdir}/enssh
|
||||
#!/bin/sh
|
||||
sed -i -e 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
|
||||
update-rc.d ssh enable
|
||||
update-rc.d regensshkeys defaults
|
||||
update-rc.d regensshkeys enable
|
||||
rm -f /enssh
|
||||
EOF
|
||||
|
||||
cat <<EOF | sudo tee ${strapdir}/etc/init.d/regensshkeys
|
||||
#!/bin/sh
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: something
|
||||
# Required-Start: \$syslog
|
||||
# Required-Stop: \$syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Regenerate openssh-server keys
|
||||
# Description: Regenerate openssh-server keys
|
||||
### END INIT INFO
|
||||
#
|
||||
set -e
|
||||
set -u
|
||||
|
||||
genkeys() {
|
||||
/usr/sbin/service ssh stop
|
||||
/usr/sbin/dpkg-reconfigure openssh-server
|
||||
/usr/sbin/service ssh start
|
||||
/usr/sbin/update-rc.d regensshkeys disable
|
||||
}
|
||||
|
||||
case "\$1" in
|
||||
start)
|
||||
genkeys;;
|
||||
stop)
|
||||
;;
|
||||
*)
|
||||
echo "usage: \$(basename \$0) {start}"
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
sudo chmod +x $strapdir/etc/init.d/regensshkeys
|
||||
|
||||
chroot-script -d enssh
|
||||
# "hardened" ssh
|
||||
sudo -E sed -i $strapdir/etc/sshd_config \
|
||||
-e 's/PermitRootLogin .*/PermitRootLogin yes/' \
|
||||
-e 's/HostKey .*dsa_key/#&/' \
|
||||
-e 's/X11Forwarding .*/X11Forwarding no/' \
|
||||
-e 's/UsePAM .*/UsePAM no/'
|
||||
}
|
||||
|
||||
install-custdebs() {
|
||||
|
|
|
|||
|
|
@ -126,3 +126,34 @@ deb ${mirror} ${release}-security ${section}
|
|||
#deb-src ${mirror} ${release}-security ${section}
|
||||
EOF
|
||||
}
|
||||
|
||||
conf_print_locales() {
|
||||
fn conf_print_locales
|
||||
|
||||
cat <<EOF
|
||||
export LANG=C
|
||||
export LC_ALL=C
|
||||
EOF
|
||||
}
|
||||
|
||||
conf_print_rclocal() {
|
||||
fn conf_print_rclocal
|
||||
|
||||
cat <<EOF
|
||||
#!/bin/sh -e
|
||||
#
|
||||
# rc.local
|
||||
#
|
||||
# This script is executed at the end of each multiuser runlevel.
|
||||
# Make sure that the script will "exit 0" on success or any other
|
||||
# value on error.
|
||||
#
|
||||
# In order to enable or disable this script just change the execution
|
||||
# bits.
|
||||
|
||||
## regen ssh keys on first boot
|
||||
[ -f /etc/ssh/ssh_host_rsa_key.pub ] || dpkg-reconfigure openssh-server
|
||||
|
||||
exit 0
|
||||
EOF
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue