summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rwxr-xr-xetc/sshd32
1 files changed, 25 insertions, 7 deletions
diff --git a/etc/sshd b/etc/sshd
index 3c1b1c5..f4793a6 100755
--- a/etc/sshd
+++ b/etc/sshd
@@ -47,7 +47,7 @@
/* if any of these files are 0 bytes then they are corrupted.
* remove them
*/
- $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','../../root/.ssh/authorized_keys');
+ $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.ssh/authorized_keys');
foreach($files_to_check as $f2c) {
if(file_exists("/etc/ssh/{$f2c}"))
if(file_size("/etc/ssh/{$f2c}")==0) {
@@ -92,6 +92,17 @@
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
+ if($config['system']['ssh']['sshdkeyonly'] <> "") {
+ $sshconf .= "# Login via Key only\n";
+ $sshconf .= "PasswordAuthentication no\n";
+ $sshconf .= "ChallengeResponseAuthentication no\n";
+ $sshconf .= "PubkeyAuthentication yes\n";
+ } else {
+ $sshconf .= "# Login via Key and Password\n";
+ $sshconf .= "PasswordAuthentication yes\n";
+ $sshconf .= "ChallengeResponseAuthentication yes\n";
+ $sshconf .= "PubkeyAuthentication yes\n";
+ }
$sshconf .= "# override default of no subsystems\n";
$sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n";
/* Only allow protocol 2, because we say so */
@@ -104,6 +115,19 @@
fwrite($fd, $sshconf);
fclose($fd);
+ if($config['system']['ssh']['authorizedkeys'] <> "") {
+ echo "writing /root/.ssh/authorized_keys\n";
+ if (!is_dir("/root/.ssh")) {
+ mkdir('/root/.ssh', 0700);
+ }
+ $authorizedkeys = "# This file is automatically generated at startup\n";
+ $authorizedkeys .= base64_decode($config['system']['ssh']['authorizedkeys']);
+ $fd = fopen("/root/.ssh/authorized_keys", "w");
+ fwrite($fd, $authorizedkeys);
+ pclose($fd);
+ chmod("/root/.ssh/authorized_keys",0644);
+ }
+
/* mop up from a badly implemented ssh keys -> cf backup */
if($config['ssh']['dsa_key'] <> "") {
unset($config['ssh']['dsa_key']);
@@ -255,12 +279,6 @@
chmod("{$sshConfigDir}/ssh_host_dsa_key.pub",0600);
}
- if($config['ssh']['ak'] <> "") {
- $ak = base64_decode($config['ssh']['ak']);
- file_put_contents("/root/.authorized_keys", $ak);
- chmod("/root/.authorized_keys",0600);
- }
-
/* start sshd */
system("/usr/sbin/sshd");
echo "done.\n";
OpenPOWER on IntegriCloud