Use augeas instead of echo / sed to edit ssh/sshd configuration

Implements: blueprint merge-dib-hadoop-elements
Change-Id: I1f2f8c3d69d879660aabf6f72560e6d22012a0a5
This commit is contained in:
Matthew Farrellee 2013-07-10 14:14:50 -04:00
parent 4cd9ca4df8
commit 0092ac37df
2 changed files with 23 additions and 16 deletions

View File

@ -2,7 +2,7 @@
echo "Hadoop setup begins"
tmp_dir=/tmp/hadoop
install-packages openssh-server wget
install-packages wget
echo "Creating hadoop user & group"
adduser -G adm,wheel hadoop

View File

@ -1,21 +1,28 @@
#!/bin/bash
echo "Adjusting ssh configuration"
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "StrictModes yes" >> /etc/ssh/sshd_config
echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
# /etc/ssh/sshd_config is provided by openssh-server
# /etc/ssh/ssh_config is provided by openssh-clients
# Note0: augtool is provided by augeas-tools on Ubuntu
# Note1: augtool on Ubuntu does not auto-save, pass -s
install-packages augeas openssh-server openssh-clients
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
echo "GSSAPIDelegateCredentials no" >> /etc/ssh/ssh_config
sed -i 's/ GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
augtool set /files/etc/ssh/sshd_config/PasswordAuthentication yes
augtool set /files/etc/ssh/sshd_config/UseDNS no
augtool set /files/etc/ssh/sshd_config/PermitTunnel yes
augtool set /files/etc/ssh/sshd_config/SyslogFacility AUTH
augtool set /files/etc/ssh/sshd_config/PermitRootLogin yes
augtool set /files/etc/ssh/sshd_config/StrictModes yes
augtool set /files/etc/ssh/sshd_config/RSAAuthentication yes
augtool set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
augtool set /files/etc/ssh/sshd_config/IgnoreRhosts yes
augtool set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
augtool set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no
augtool set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no
# No known augeas lense for cloud-init config
sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
chmod 640 /etc/sudoers
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers
chmod 0440 /etc/sudoers
augtool clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate