From: Michael Prokop <mika@grml.org>
Date: Sat, 19 Apr 2014 15:00:30 +0000 (+0200)
Subject: Provide GRMLBASE script 49-sshd to adjust sshd configuration [Closes: issue1304]
X-Git-Tag: v0.23.3~1
X-Git-Url: https://git.grml.org/?p=grml-live.git;a=commitdiff_plain;h=0ad0e8152cdad938120d300ec55104c1a1554b6c

Provide GRMLBASE script 49-sshd to adjust sshd configuration [Closes: issue1304]

Providing the openssh-server/permit-root-login debconf option sadly
isn't enough to switch from "PermitRootLogin without-password"
to "PermitRootLogin yes", so we have to adjust the file on-the-fly.
(Let's try to avoid shipping the sshd configuration file for now,
to make sure the file works for all the Debian releases.)

While at it also disable UseDNS which speeds up login when DNS
is unconfigured/unavailable/broken.
---

diff --git a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
new file mode 100755
index 0000000..9f0a824
--- /dev/null
+++ b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd
@@ -0,0 +1,29 @@
+#!/bin/bash
+# Filename:      ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/49-sshd
+# Purpose:       adjust sshd configuration file
+# Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
+# Bug-Reports:   see http://grml.org/bugs/
+# License:       This file is licensed under the GPL v2 or any later version.
+################################################################################
+
+set -u
+set -e
+
+if ! [ -r "${target}/etc/ssh/sshd_config" ] ; then
+  echo "File /etc/ssh/sshd_config doesn't exist, skipping execution of script."
+  exit 0
+fi
+
+# make sure root login works, it's set to "without-password" since openssh-server v1:6.6p1-1
+sed -i "s/^\(PermitRootLogin without-password\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config"
+
+# speedup if DNS is broken/unavailable
+if grep -q '^UseDNS' "${target}/etc/ssh/sshd_config" ; then
+  sed -i "s/^\(UseDNS yes\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config"
+else
+  echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config"
+  echo "UseDNS no" >> "${target}/etc/ssh/sshd_config"
+fi
+
+## END OF FILE #################################################################
+# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2