diff options
| author | Timo Boettcher <spida@pfsense.org> | 2007-06-02 21:58:50 +0000 |
|---|---|---|
| committer | Timo Boettcher <spida@pfsense.org> | 2007-06-02 21:58:50 +0000 |
| commit | ed4b63b09785b89f5dcbd2517ff0bfd20632be85 (patch) | |
| tree | 5a5fd85078f63f6199ef3b06763142fdff4eca0b /etc/sshd | |
| parent | 942ed037d0775dc3efd043e4911b1a001bf907b3 (diff) | |
| download | pfsense-ed4b63b09785b89f5dcbd2517ff0bfd20632be85.zip pfsense-ed4b63b09785b89f5dcbd2517ff0bfd20632be85.tar.gz | |
SSH-Key(only) Login
Diffstat (limited to 'etc/sshd')
| -rwxr-xr-x | etc/sshd | 32 |
1 files changed, 25 insertions, 7 deletions
@@ -47,7 +47,7 @@ /* if any of these files are 0 bytes then they are corrupted. * remove them */ - $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','../../root/.ssh/authorized_keys'); + $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.ssh/authorized_keys'); foreach($files_to_check as $f2c) { if(file_exists("/etc/ssh/{$f2c}")) if(file_size("/etc/ssh/{$f2c}")==0) { @@ -92,6 +92,17 @@ $sshconf .= "ClientAliveInterval 30\n"; $sshconf .= "UseDNS no\n"; $sshconf .= "X11Forwarding no\n"; + if($config['system']['ssh']['sshdkeyonly'] <> "") { + $sshconf .= "# Login via Key only\n"; + $sshconf .= "PasswordAuthentication no\n"; + $sshconf .= "ChallengeResponseAuthentication no\n"; + $sshconf .= "PubkeyAuthentication yes\n"; + } else { + $sshconf .= "# Login via Key and Password\n"; + $sshconf .= "PasswordAuthentication yes\n"; + $sshconf .= "ChallengeResponseAuthentication yes\n"; + $sshconf .= "PubkeyAuthentication yes\n"; + } $sshconf .= "# override default of no subsystems\n"; $sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n"; /* Only allow protocol 2, because we say so */ @@ -104,6 +115,19 @@ fwrite($fd, $sshconf); fclose($fd); + if($config['system']['ssh']['authorizedkeys'] <> "") { + echo "writing /root/.ssh/authorized_keys\n"; + if (!is_dir("/root/.ssh")) { + mkdir('/root/.ssh', 0700); + } + $authorizedkeys = "# This file is automatically generated at startup\n"; + $authorizedkeys .= base64_decode($config['system']['ssh']['authorizedkeys']); + $fd = fopen("/root/.ssh/authorized_keys", "w"); + fwrite($fd, $authorizedkeys); + pclose($fd); + chmod("/root/.ssh/authorized_keys",0644); + } + /* mop up from a badly implemented ssh keys -> cf backup */ if($config['ssh']['dsa_key'] <> "") { unset($config['ssh']['dsa_key']); @@ -255,12 +279,6 @@ chmod("{$sshConfigDir}/ssh_host_dsa_key.pub",0600); } - if($config['ssh']['ak'] <> "") { - $ak = base64_decode($config['ssh']['ak']); - file_put_contents("/root/.authorized_keys", $ak); - chmod("/root/.authorized_keys",0600); - } - /* start sshd */ system("/usr/sbin/sshd"); echo "done.\n"; |
