From 0ad0e8152cdad938120d300ec55104c1a1554b6c Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Sat, 19 Apr 2014 17:00:30 +0200 Subject: [PATCH] Provide GRMLBASE script 49-sshd to adjust sshd configuration [Closes: issue1304] Providing the openssh-server/permit-root-login debconf option sadly isn't enough to switch from "PermitRootLogin without-password" to "PermitRootLogin yes", so we have to adjust the file on-the-fly. (Let's try to avoid shipping the sshd configuration file for now, to make sure the file works for all the Debian releases.) While at it also disable UseDNS which speeds up login when DNS is unconfigured/unavailable/broken. --- etc/grml/fai/config/scripts/GRMLBASE/49-sshd | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100755 etc/grml/fai/config/scripts/GRMLBASE/49-sshd diff --git a/etc/grml/fai/config/scripts/GRMLBASE/49-sshd b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd new file mode 100755 index 0000000..9f0a824 --- /dev/null +++ b/etc/grml/fai/config/scripts/GRMLBASE/49-sshd @@ -0,0 +1,29 @@ +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/49-sshd +# Purpose: adjust sshd configuration file +# Authors: grml-team (grml.org), (c) Michael Prokop +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2 or any later version. +################################################################################ + +set -u +set -e + +if ! [ -r "${target}/etc/ssh/sshd_config" ] ; then + echo "File /etc/ssh/sshd_config doesn't exist, skipping execution of script." + exit 0 +fi + +# make sure root login works, it's set to "without-password" since openssh-server v1:6.6p1-1 +sed -i "s/^\(PermitRootLogin without-password\)/# \1 # disabled via grml-live\nPermitRootLogin yes/" "${target}/etc/ssh/sshd_config" + +# speedup if DNS is broken/unavailable +if grep -q '^UseDNS' "${target}/etc/ssh/sshd_config" ; then + sed -i "s/^\(UseDNS yes\)/# \1 # disabled via grml-live\nUseDNS no/" "${target}/etc/ssh/sshd_config" +else + echo "# Added via grml-live script:" >> "${target}/etc/ssh/sshd_config" + echo "UseDNS no" >> "${target}/etc/ssh/sshd_config" +fi + +## END OF FILE ################################################################# +# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 -- 2.1.4