Skip to content

Commit

Permalink
Add bits to README and move to system section
Browse files Browse the repository at this point in the history
  • Loading branch information
@igorpecovnik
igorpecovnik committed Sep 1, 2024
1 parent 6459043 commit 2057f37
Show file tree
Hide file tree
Showing 2 changed files with 141 additions and 142 deletions.
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ sudo armbian-config
- **S03** - Edit the boot environment
- **S04** - Install Linux headers
- **S05** - Remove Linux headers

- **S06** - Install to internal storage
- **S07** - Manage SSH login options

- ## **Network**
- **N00** - Install Bluetooth support
Expand Down
280 changes: 139 additions & 141 deletions lib/armbian-configng/config.ng.jobs.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,145 @@
"src_reference": "",
"author": "https://github.com/igorpecovnik",
"condition": "[[ -n $(ls /sbin/armbian-install) ]]"
},
{
"id": "S07",
"description": "Manage SSH login options",
"sub": [
{
"id": "S08",
"description": "Disable root login",
"command": [
"sed -i \"s|^#\\?PermitRootLogin.*|PermitRootLogin no|\" /etc/ssh/sshd_config",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config"
},
{
"id": "S09",
"description": "Enable root login",
"command": [
"sed -i \"s/^#\\?PermitRootLogin.*/PermitRootLogin yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin no' /etc/ssh/sshd_config"
},
{
"id": "S10",
"description": "Disable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S11",
"description": "Enable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "S12",
"description": "Disable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S13",
"description": "Enable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "S14",
"description": "Disable OTP authentication",
"command": [
"clear",
"! check_if_installed libpam-google-authenticator && ! check_if_installed qrencode || debconf-apt-progress -- apt-get -y purge libpam-google-authenticator qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/\" /etc/ssh/sshd_config || sed -i \"0,/KbdInteractiveAuthentication/s//ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config" ,
"sed -i '/^auth required pam_google_authenticator.so nullok/ d' /etc/pam.d/sshd",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S15",
"description": "Enable OTP authentication",
"command": [
"check_if_installed libpam-google-authenticator || debconf-apt-progress -- apt-get -y install libpam-google-authenticator",
"check_if_installed qrencode || debconf-apt-progress -- apt-get -y install qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config",
"sed -i $'/KbdInteractiveAuthentication/{iChallengeResponseAuthentication yes\\n:a;n;ba}' /etc/ssh/sshd_config || sed -n -i '/password updating/{p;:a;N;/@include common-password/!ba;s/.*\\n/auth required pam_google_authenticator.so nullok\\nauth required pam_permit.so\\n/};p' /etc/pam.d/sshd",
"[ ! -f /root/.google_authenticator ] && qr_code generate",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "! check_if_installed libpam-google-authenticator || ! check_if_installed qrencode || grep -q '^ChallengeResponseAuthentication no' /etc/ssh/sshd_config || ! grep -q 'ChallengeResponseAuthentication' /etc/ssh/sshd_config"
},
{
"id": "S16",
"description": "Generate new OTP authentication QR code",
"command": [
"qr_code generate"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S17",
"description": "Show OTP authentication QR code",
"command": ["qr_code"],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "Igor Pecovnik",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config && [ -f /root/.google_authenticator ]"
}
]
}

]
Expand Down Expand Up @@ -242,147 +381,6 @@
"src_reference": "",
"author": "",
"condition": "check_if_installed avahi-daemon"
},
{
"id": "N12",
"description": "Reconfigure OpenSSH daemon (secure shell)",
"sub": [
{
"id": "SSH01",
"description": "Disable root login",
"command": [
"sed -i \"s|^#\\?PermitRootLogin.*|PermitRootLogin no|\" /etc/ssh/sshd_config",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config"
},
{
"id": "SSH02",
"description": "Enable root login",
"command": [
"sed -i \"s/^#\\?PermitRootLogin.*/PermitRootLogin yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin no' /etc/ssh/sshd_config"
},
{
"id": "SSH03",
"description": "Disable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "SSH04",
"description": "Enable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "SSH05",
"description": "Disable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "SSH06",
"description": "Enable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "SSH07",
"description": "Disable OTP authentication",
"command": [
"clear",
"! check_if_installed libpam-google-authenticator && ! check_if_installed qrencode || debconf-apt-progress -- apt-get -y purge libpam-google-authenticator qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/\" /etc/ssh/sshd_config || sed -i \"0,/KbdInteractiveAuthentication/s//ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config" ,
"sed -i '/^auth required pam_google_authenticator.so nullok/ d' /etc/pam.d/sshd",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "SSH08",
"description": "Enable OTP authentication",
"command": [
"check_if_installed libpam-google-authenticator || debconf-apt-progress -- apt-get -y install libpam-google-authenticator",
"check_if_installed qrencode || debconf-apt-progress -- apt-get -y install qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config || sed -i $'/KbdInteractiveAuthentication/{iChallengeResponseAuthentication yes\\n:a;n;ba}' /etc/ssh/sshd_config" ,
"sed -n -i '/password updating/{p;:a;N;/@include common-password/!ba;s/.*\\n/auth required pam_google_authenticator.so nullok\\nauth required pam_permit.so\\n/};p' /etc/pam.d/sshd",
"[ ! -f /root/.google_authenticator ] && qr_code generate",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "! check_if_installed libpam-google-authenticator || ! check_if_installed qrencode || grep -q '^ChallengeResponseAuthentication no' /etc/ssh/sshd_config || ! grep -q 'ChallengeResponseAuthentication' /etc/ssh/sshd_config"
},
{
"id": "SSH09",
"description": "Generate new OTP authentication QR code",
"command": [
"qr_code generate"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "SSH10",
"description": "Show OTP authentication QR code",
"command": [
"qr_code"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "Igor Pecovnik",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config && [ -f /root/.google_authenticator ]"
}
]
}
]
},
Expand Down

0 comments on commit 2057f37

Please sign in to comment.