Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
W
White Rabbit Switch - Software
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
86
Issues
86
List
Board
Labels
Milestones
Merge Requests
4
Merge Requests
4
CI / CD
CI / CD
Pipelines
Schedules
Wiki
Wiki
image/svg+xml
Discourse
Discourse
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Projects
White Rabbit Switch - Software
Commits
3b84ed46
Commit
3b84ed46
authored
Jan 31, 2019
by
Adam Wujek
💬
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
rootfs: add scripts for sshd
Signed-off-by:
Adam Wujek
<
adam.wujek@cern.ch
>
parent
eff064e6
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
121 additions
and
7 deletions
+121
-7
sshd.sh
userspace/rootfs_override/etc/init.d/sshd.sh
+102
-0
sshd.conf
userspace/rootfs_override/etc/monit.d/sshd.conf
+4
-0
sshd
userspace/rootfs_override/etc/pam.d/sshd
+3
-4
S50sshd.sh
userspace/rootfs_override/etc/rcS/S50sshd.sh
+1
-0
sshd_config
userspace/rootfs_override/etc/ssh/sshd_config
+11
-3
No files found.
userspace/rootfs_override/etc/init.d/sshd.sh
0 → 100755
View file @
3b84ed46
#!/bin/sh
#
# Starts sshd.
#
dotconfig
=
/wr/etc/dot-config
# Make sure the ssh-keygen progam exists
[
-f
/usr/bin/ssh-keygen
]
||
exit
0
start_counter
()
{
# increase boot counter
COUNTER_FILE
=
"/tmp/start_cnt_sshd"
START_COUNTER
=
1
if
[
-f
"
$COUNTER_FILE
"
]
;
then
read
-r
START_COUNTER <
$COUNTER_FILE
START_COUNTER
=
$((
START_COUNTER+1
))
fi
echo
"
$START_COUNTER
"
>
$COUNTER_FILE
}
start
()
{
echo
-n
"Starting sshd: "
if
[
-f
"
$dotconfig
"
]
;
then
.
"
$dotconfig
"
else
echo
"
$0
unable to source dot-config (
$dotconfig
)!"
fi
# copy authorized keys if exists
if
[
-f
/usr/authorized_keys
]
;
then
mkdir
-p
/root/.ssh/
cp
/usr/authorized_keys /root/.ssh/
fi
# Make sure ssh directory exists
mkdir
-p
/etc/ssh
mkdir
-p
/usr/etc/ssh
# Check for the ssh keys
if
[
!
-f
/etc/ssh/ssh_host_rsa_key
]
\
||
[
!
-f
/etc/ssh/ssh_host_dsa_key
]
\
||
[
!
-f
/etc/ssh/ssh_host_ecdsa_key
]
\
||
[
!
-f
/etc/ssh/ssh_host_ed25519_key
]
;
then
# echo -n "generating ssh keys... "
/usr/bin/ssh-keygen
-A
cp
/etc/ssh/ssh_host_
*
_key
*
/usr/etc/ssh
fi
if
[
"
$CONFIG_ROOT_ACCESS_DISABLE
"
=
"y"
]
;
then
sed
-i
"s|^PermitRootLogin.*|PermitRootLogin prohibit-password # replaced by
$0
|g"
/etc/ssh/sshd_config
else
sed
-i
"s|^PermitRootLogin.*|PermitRootLogin yes # replaced by
$0
|g"
/etc/ssh/sshd_config
fi
umask
077
# /var/run/sshd.pid is created automatically by sshd
start-stop-daemon
-S
-q
-p
/var/run/sshd.pid
--exec
/usr/sbin/sshd
ret
=
$?
if
[
$ret
-eq
0
]
;
then
start_counter
echo
"OK"
elif
[
$ret
-eq
1
]
;
then
echo
"Failed (already running?)"
else
echo
"Failed"
fi
}
stop
()
{
echo
-n
"Stopping sshd: "
start-stop-daemon
-K
-q
-p
/var/run/sshd.pid
if
[
$?
-eq
0
]
;
then
echo
"OK"
else
echo
"Failed"
fi
}
restart
()
{
stop
start
}
case
"
$1
"
in
start
)
start
;;
stop
)
stop
;;
restart|reload
)
restart
;;
*
)
echo
$"Usage:
$0
{start|stop|restart}"
exit
1
esac
exit
$?
userspace/rootfs_override/etc/monit.d/sshd.conf
0 → 100644
View file @
3b84ed46
check
process
sshd
with
pidfile
/
var
/
run
/
sshd
.
pid
start
program
=
"/etc/init.d/sshd.sh start"
stop
program
=
"/etc/init.d/sshd.sh stop"
if
5
restarts
within
10
cycles
then
exec
"/etc/init.d/reboot.sh sshd"
userspace/rootfs_override/etc/pam.d/sshd
View file @
3b84ed46
#%PAM-1.0
auth sufficient /lib/security/pam_krb5.so minimum_uid=1000
# auth line to be replaced by startup scripts
auth required /lib/security/pam_unix.so shadow nodelay
account required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
account required /lib/security/pam_krb5.so minimum_uid=1000
# don't support changing kerberos password
# account line to be replaced by startup scripts
password required /lib/security/pam_unix.so shadow nullok use_authtok
session required /lib/security/pam_unix.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_krb5.so minimum_uid=1000
# session line to be replaced by startup scripts
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
userspace/rootfs_override/etc/rcS/S50sshd.sh
0 → 120000
View file @
3b84ed46
../init.d/sshd.sh
\ No newline at end of file
userspace/rootfs_override/etc/ssh/sshd_config
View file @
3b84ed46
...
...
@@ -41,7 +41,8 @@
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
# PermitRootLogin may be replaced by a startup scripts
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
...
...
@@ -69,7 +70,14 @@ AuthorizedKeysFile .ssh/authorized_keys
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
# Set to no to avoid additional prompts for a password after 3 failures.
# From man:
# Because PAM challenge-response authentication usually serves an
# equivalent role to password authentication, you should disable
# either PasswordAuthentication or
# ChallengeResponseAuthentication.
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
...
...
@@ -107,7 +115,7 @@ UsePAM yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation
sandbox # Default for new installations.
UsePrivilegeSeparation
no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment