66 lines
1.7 KiB
Bash
Executable File
66 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -ue
|
|
set -o pipefail
|
|
echo "Begin: install and configure SSH"
|
|
|
|
case "$DISTRO_NAME" in
|
|
fedora )
|
|
# the main config file is empty in F25+
|
|
SSH_CONFIG_FILE="/etc/ssh/ssh_config.d/05-redhat.conf"
|
|
;;
|
|
* )
|
|
SSH_CONFIG_FILE="/etc/ssh/ssh_config"
|
|
;;
|
|
esac
|
|
|
|
augtool <<EOF
|
|
set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
|
|
set /files/etc/ssh/sshd_config/UseDNS no
|
|
set /files/etc/ssh/sshd_config/PermitTunnel yes
|
|
set /files${SSH_CONFIG_FILE}/Host/StrictHostKeyChecking no
|
|
set /files${SSH_CONFIG_FILE}/Host/GSSAPIAuthentication no
|
|
save
|
|
EOF
|
|
|
|
case "$DISTRO_NAME" in
|
|
ubuntu )
|
|
augtool <<EOF
|
|
set /files/etc/ssh/sshd_config/GSSAPICleanupCredentials yes
|
|
set /files/etc/ssh/sshd_config/AuthorizedKeysFile %h/.ssh/authorized_keys
|
|
save
|
|
EOF
|
|
;;
|
|
fedora )
|
|
sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
|
|
augtool <<EOF
|
|
clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
|
|
set /files/etc/ssh/sshd_config/SyslogFacility AUTH
|
|
set /files/etc/ssh/sshd_config/StrictModes yes
|
|
set /files/etc/ssh/sshd_config/RSAAuthentication yes
|
|
set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
|
|
save
|
|
EOF
|
|
;;
|
|
rhel | rhel7 | centos | centos7 )
|
|
sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
|
|
augtool <<EOF
|
|
clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
|
|
set /files/etc/ssh/sshd_config/SyslogFacility AUTH
|
|
set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
|
|
save
|
|
EOF
|
|
;;
|
|
* )
|
|
echo "Unknown distro: $DISTRO_NAME, exiting"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
echo "End: install and configure SSH"
|
|
|
|
:
|