diff --git a/README.md b/README.md index 8385a077d..82f2c000d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Armbian Configuration Utility -Updated: Sun Sep 1 03:03:48 PM EDT 2024 +Updated: Tue Sep 3 09:22:06 PM EDT 2024 Utility for configuring your board, adjusting services, and installing applications. It comes with Armbian by default. @@ -16,6 +16,7 @@ sudo armbian-config - **S04** - Install Linux headers - **S05** - Remove Linux headers - **S06** - Install to internal storage + - **S07** - Manage SSH login options - **S30** - Change shell system wide to BASH - **S31** - Change shell system wide to ZSH @@ -92,6 +93,7 @@ Usage: armbian-configng [option] [arguments] --cli S04 - Install Linux headers --cli S05 - Remove Linux headers --cli S06 - Install to internal storage + --cli S07 - Manage SSH login options --cli S30 - Change shell system wide to BASH --cli S31 - Change shell system wide to ZSH --cli N00 - Install Bluetooth support @@ -210,6 +212,16 @@ Jobs: armbian-install ~~~ +### S07 + +Manage SSH login options + +Jobs: + +~~~ +No commands available +~~~ + ### S30 Change shell system wide to BASH diff --git a/lib/armbian-configng/config.ng.docs.sh b/lib/armbian-configng/config.ng.docs.sh index 5237762ad..c07b2ed37 100644 --- a/lib/armbian-configng/config.ng.docs.sh +++ b/lib/armbian-configng/config.ng.docs.sh @@ -458,11 +458,12 @@ jq -r ' .menu[] | .sub[] | "### " + .id + "\n\n" + - .description + "\n\nJobs:\n\n~~~\n" + - (.command | join("\n")) + + (.description // "No description available") + "\n\nJobs:\n\n~~~\n" + + ((.command // ["No commands available"]) | join("\n")) + "\n~~~\n" ' $json_file } + module_options+=( ["see_cli_list,author"]="Joey Turner" ["see_cli_list,ref_link"]="" diff --git a/lib/armbian-configng/config.ng.functions.sh b/lib/armbian-configng/config.ng.functions.sh index f5385b9cb..67ec9498b 100644 --- a/lib/armbian-configng/config.ng.functions.sh +++ b/lib/armbian-configng/config.ng.functions.sh @@ -82,7 +82,6 @@ function set_header_remove() { } - module_options+=( ["check_if_installed,author"]="Igor Pecovnik" ["check_if_installed,ref_link"]="" @@ -96,12 +95,65 @@ module_options+=( # function check_if_installed (){ - local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')" - if [[ "X${DPKG_Status}" = "X" || "${DPKG_Status}" = *deinstall* ]]; then - return 1 - else - return 0 + local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')" + if [[ "X${DPKG_Status}" = "X" || "${DPKG_Status}" = *deinstall* ]]; then + return 1 + else + return 0 + fi + +} + + +module_options+=( +["update_skel,author"]="Igor Pecovnik" +["update_skel,ref_link"]="" +["update_skel,feature"]="update_skel" +["update_skel,desc"]="Update the /etc/skel files in users directories" +["update_skel,example"]="update_skel" +["update_skel,status"]="Active" +) +# +# check dpkg status of $1 -- currently only 'not installed at all' case caught +# +function update_skel (){ + + getent passwd | + while IFS=: read -r username x uid gid gecos home shell + do + if [ ! -d "$home" ] || [ "$username" == 'root' ] || [ "$uid" -lt 1000 ] + then + continue + fi + tar -C /etc/skel/ -cf - . | su - "$username" -c "tar --skip-old-files -xf -" + done + +} + + +module_options+=( +["qr_code,author"]="Igor Pecovnik" +["qr_code,ref_link"]="" +["qr_code,feature"]="qr_code" +["qr_code,desc"]="Show or generate QR code for Google OTP" +["qr_code,example"]="qr_code generate" +["qr_code,status"]="Active" +) +# +# check dpkg status of $1 -- currently only 'not installed at all' case caught +# +function qr_code (){ + + clear + if [[ "$1" == "generate" ]]; then + google-authenticator -t -d -f -r 3 -R 30 -W -q + cp /root/.google_authenticator /etc/skel + update_skel fi + export TOP_SECRET=$(head -1 /root/.google_authenticator) + qrencode -m 2 -d 9 -8 -t ANSI256 "otpauth://totp/test?secret=$TOP_SECRET" + echo -e '\nScan QR code with your OTP application on mobile phone\n' + read -n 1 -s -r -p "Press any key to continue" } diff --git a/lib/armbian-configng/config.ng.jobs.json b/lib/armbian-configng/config.ng.jobs.json index ef567cdf2..c9dc87d64 100644 --- a/lib/armbian-configng/config.ng.jobs.json +++ b/lib/armbian-configng/config.ng.jobs.json @@ -76,6 +76,146 @@ "author": "https://github.com/igorpecovnik", "condition": "[[ -n $(ls /sbin/armbian-install) ]]" }, + { + "id": "S07", + "description": "Manage SSH login options", + "sub": [ + { + "id": "S08", + "description": "Disable root login", + "command": [ + "sed -i \"s|^#\\?PermitRootLogin.*|PermitRootLogin no|\" /etc/ssh/sshd_config", + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config" + }, + { + "id": "S09", + "description": "Enable root login", + "command": [ + "sed -i \"s/^#\\?PermitRootLogin.*/PermitRootLogin yes/\" /etc/ssh/sshd_config" , + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q '^PermitRootLogin no' /etc/ssh/sshd_config" + }, + { + "id": "S10", + "description": "Disable password login", + "command": [ + "sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config" , + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q 'PasswordAuthentication yes' /etc/ssh/sshd_config" + }, + { + "id": "S11", + "description": "Enable password login", + "command": [ + "sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication yes/\" /etc/ssh/sshd_config" , + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config" + }, + { + "id": "S12", + "description": "Disable Public key authentication login", + "command": [ + "sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication no/\" /etc/ssh/sshd_config" , + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q 'PubkeyAuthentication yes' /etc/ssh/sshd_config" + }, + { + "id": "S13", + "description": "Enable Public key authentication login", + "command": [ + "sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication yes/\" /etc/ssh/sshd_config" , + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q 'PubkeyAuthentication no' /etc/ssh/sshd_config" + }, + { + "id": "S14", + "description": "Disable OTP authentication", + "command": [ + "clear", + "! check_if_installed libpam-google-authenticator && ! check_if_installed qrencode || debconf-apt-progress -- apt-get -y purge libpam-google-authenticator qrencode", + "sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/\" /etc/ssh/sshd_config || sed -i \"0,/KbdInteractiveAuthentication/s//ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config" , + "sed -i '/^auth required pam_google_authenticator.so nullok/ d' /etc/pam.d/sshd", + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q 'ChallengeResponseAuthentication yes' /etc/ssh/sshd_config" + }, + { + "id": "S15", + "description": "Enable OTP authentication", + "command": [ + "check_if_installed libpam-google-authenticator || debconf-apt-progress -- apt-get -y install libpam-google-authenticator", + "check_if_installed qrencode || debconf-apt-progress -- apt-get -y install qrencode", + "sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config", + "sed -i $'/KbdInteractiveAuthentication/{iChallengeResponseAuthentication yes\\n:a;n;ba}' /etc/ssh/sshd_config || sed -n -i '/password updating/{p;:a;N;/@include common-password/!ba;s/.*\\n/auth required pam_google_authenticator.so nullok\\nauth required pam_permit.so\\n/};p' /etc/pam.d/sshd", + "[ ! -f /root/.google_authenticator ] && qr_code generate", + "systemctl restart sshd.service" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "! check_if_installed libpam-google-authenticator || ! check_if_installed qrencode || grep -q '^ChallengeResponseAuthentication no' /etc/ssh/sshd_config || ! grep -q 'ChallengeResponseAuthentication' /etc/ssh/sshd_config" + }, + { + "id": "S16", + "description": "Generate new OTP authentication QR code", + "command": [ + "qr_code generate" + ], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "", + "condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config" + }, + { + "id": "S17", + "description": "Show OTP authentication QR code", + "command": ["qr_code"], + "status": "Active", + "doc_link": "", + "src_reference": "", + "author": "Igor Pecovnik", + "condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config && [ -f /root/.google_authenticator ]" + } + ] + }, + { "id": "S30", "description": "Change shell system wide to BASH", @@ -110,6 +250,7 @@ "author": "https://github.com/igorpecovnik", "condition": "[[ $(cat /etc/passwd | grep \"^root:\" | rev | cut -d\":\" -f1 | cut -d\"/\" -f1| rev) == \"bash\" ]]" } + ] }, {