Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable support for adjusting SSH server #49

Merged
merged 7 commits into from
Sep 4, 2024
Merged

Enable support for adjusting SSH server #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
53700e7
Enable support for adjusting SSH server
igorpecovnik Aug 31, 2024
6459043
Merge branch 'main' into sshd
Tearran Sep 1, 2024
633df34
Add bits to README and move to system section
igorpecovnik Sep 1, 2024
27b5e6d
Update config.ng.jobs.json
Tearran Sep 4, 2024
ab99849
Update README.md
Tearran Sep 4, 2024
af35c6e
Merge branch 'main' into sshd
Tearran Sep 4, 2024
2892e81
fixed doc
Tearran Sep 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Armbian Configuration Utility
Updated: Sun Sep 1 03:03:48 PM EDT 2024
Updated: Tue Sep 3 09:22:06 PM EDT 2024

Utility for configuring your board, adjusting services, and installing applications. It comes with Armbian by default.

Expand All @@ -16,6 +16,7 @@ sudo armbian-config
- **S04** - Install Linux headers
- **S05** - Remove Linux headers
- **S06** - Install to internal storage
- **S07** - Manage SSH login options
- **S30** - Change shell system wide to BASH
- **S31** - Change shell system wide to ZSH

Expand Down Expand Up @@ -92,6 +93,7 @@ Usage: armbian-configng [option] [arguments]
--cli S04 - Install Linux headers
--cli S05 - Remove Linux headers
--cli S06 - Install to internal storage
--cli S07 - Manage SSH login options
--cli S30 - Change shell system wide to BASH
--cli S31 - Change shell system wide to ZSH
--cli N00 - Install Bluetooth support
Expand Down Expand Up @@ -210,6 +212,16 @@ Jobs:
armbian-install
~~~

### S07

Manage SSH login options

Jobs:

~~~
No commands available
~~~

### S30

Change shell system wide to BASH
Expand Down
5 changes: 3 additions & 2 deletions lib/armbian-configng/config.ng.docs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -458,11 +458,12 @@ jq -r '
.menu[] |
.sub[] |
"### " + .id + "\n\n" +
.description + "\n\nJobs:\n\n~~~\n" +
(.command | join("\n")) +
(.description // "No description available") + "\n\nJobs:\n\n~~~\n" +
((.command // ["No commands available"]) | join("\n")) +
"\n~~~\n"
' $json_file
}

module_options+=(
["see_cli_list,author"]="Joey Turner"
["see_cli_list,ref_link"]=""
Expand Down
64 changes: 58 additions & 6 deletions lib/armbian-configng/config.ng.functions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,6 @@ function set_header_remove() {

}


module_options+=(
["check_if_installed,author"]="Igor Pecovnik"
["check_if_installed,ref_link"]=""
Expand All @@ -96,12 +95,65 @@ module_options+=(
#
function check_if_installed (){

local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')"
if [[ "X${DPKG_Status}" = "X" || "${DPKG_Status}" = *deinstall* ]]; then
return 1
else
return 0
local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')"
if [[ "X${DPKG_Status}" = "X" || "${DPKG_Status}" = *deinstall* ]]; then
return 1
else
return 0
fi

}


module_options+=(
["update_skel,author"]="Igor Pecovnik"
["update_skel,ref_link"]=""
["update_skel,feature"]="update_skel"
["update_skel,desc"]="Update the /etc/skel files in users directories"
["update_skel,example"]="update_skel"
["update_skel,status"]="Active"
)
#
# check dpkg status of $1 -- currently only 'not installed at all' case caught
#
function update_skel (){

getent passwd |
while IFS=: read -r username x uid gid gecos home shell
do
if [ ! -d "$home" ] || [ "$username" == 'root' ] || [ "$uid" -lt 1000 ]
then
continue
fi
tar -C /etc/skel/ -cf - . | su - "$username" -c "tar --skip-old-files -xf -"
done

}


module_options+=(
["qr_code,author"]="Igor Pecovnik"
["qr_code,ref_link"]=""
["qr_code,feature"]="qr_code"
["qr_code,desc"]="Show or generate QR code for Google OTP"
["qr_code,example"]="qr_code generate"
["qr_code,status"]="Active"
)
#
# check dpkg status of $1 -- currently only 'not installed at all' case caught
#
function qr_code (){

clear
if [[ "$1" == "generate" ]]; then
google-authenticator -t -d -f -r 3 -R 30 -W -q
cp /root/.google_authenticator /etc/skel
update_skel
fi
export TOP_SECRET=$(head -1 /root/.google_authenticator)
qrencode -m 2 -d 9 -8 -t ANSI256 "otpauth://totp/test?secret=$TOP_SECRET"
echo -e '\nScan QR code with your OTP application on mobile phone\n'
read -n 1 -s -r -p "Press any key to continue"

}

Expand Down
141 changes: 141 additions & 0 deletions lib/armbian-configng/config.ng.jobs.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,146 @@
"author": "https://github.com/igorpecovnik",
"condition": "[[ -n $(ls /sbin/armbian-install) ]]"
},
{
"id": "S07",
"description": "Manage SSH login options",
"sub": [
{
"id": "S08",
"description": "Disable root login",
"command": [
"sed -i \"s|^#\\?PermitRootLogin.*|PermitRootLogin no|\" /etc/ssh/sshd_config",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config"
},
{
"id": "S09",
"description": "Enable root login",
"command": [
"sed -i \"s/^#\\?PermitRootLogin.*/PermitRootLogin yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^PermitRootLogin no' /etc/ssh/sshd_config"
},
{
"id": "S10",
"description": "Disable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S11",
"description": "Enable password login",
"command": [
"sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "S12",
"description": "Disable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication no/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S13",
"description": "Enable Public key authentication login",
"command": [
"sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication yes/\" /etc/ssh/sshd_config" ,
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'PubkeyAuthentication no' /etc/ssh/sshd_config"
},
{
"id": "S14",
"description": "Disable OTP authentication",
"command": [
"clear",
"! check_if_installed libpam-google-authenticator && ! check_if_installed qrencode || debconf-apt-progress -- apt-get -y purge libpam-google-authenticator qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/\" /etc/ssh/sshd_config || sed -i \"0,/KbdInteractiveAuthentication/s//ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config" ,
"sed -i '/^auth required pam_google_authenticator.so nullok/ d' /etc/pam.d/sshd",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q 'ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S15",
"description": "Enable OTP authentication",
"command": [
"check_if_installed libpam-google-authenticator || debconf-apt-progress -- apt-get -y install libpam-google-authenticator",
"check_if_installed qrencode || debconf-apt-progress -- apt-get -y install qrencode",
"sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config",
"sed -i $'/KbdInteractiveAuthentication/{iChallengeResponseAuthentication yes\\n:a;n;ba}' /etc/ssh/sshd_config || sed -n -i '/password updating/{p;:a;N;/@include common-password/!ba;s/.*\\n/auth required pam_google_authenticator.so nullok\\nauth required pam_permit.so\\n/};p' /etc/pam.d/sshd",
"[ ! -f /root/.google_authenticator ] && qr_code generate",
"systemctl restart sshd.service"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "! check_if_installed libpam-google-authenticator || ! check_if_installed qrencode || grep -q '^ChallengeResponseAuthentication no' /etc/ssh/sshd_config || ! grep -q 'ChallengeResponseAuthentication' /etc/ssh/sshd_config"
},
{
"id": "S16",
"description": "Generate new OTP authentication QR code",
"command": [
"qr_code generate"
],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config"
},
{
"id": "S17",
"description": "Show OTP authentication QR code",
"command": ["qr_code"],
"status": "Active",
"doc_link": "",
"src_reference": "",
"author": "Igor Pecovnik",
"condition": "grep -q '^ChallengeResponseAuthentication yes' /etc/ssh/sshd_config && [ -f /root/.google_authenticator ]"
}
]
},

{
"id": "S30",
"description": "Change shell system wide to BASH",
Expand Down Expand Up @@ -110,6 +250,7 @@
"author": "https://github.com/igorpecovnik",
"condition": "[[ $(cat /etc/passwd | grep \"^root:\" | rev | cut -d\":\" -f1 | cut -d\"/\" -f1| rev) == \"bash\" ]]"
}

]
},
{
Expand Down
Loading