-
Notifications
You must be signed in to change notification settings - Fork 0
/
sshauth-install.sh
executable file
·60 lines (45 loc) · 2.17 KB
/
sshauth-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/sh
set -e
#############################################################################
# please modify to use your own file
#############################################################################
uri="https://raw.githubusercontent.com/centminmod/centminmod-sshremotekeys/master/userkeys.sh"
check_uri=$(curl -4ILs --connect-timeout 30 --max-time 30 "$uri" | grep 'HTTP\/' | grep -o '200' >/dev/null 2>&1; echo $?)
# only run if valid userkeys.sh download location exists
if [[ "$check_uri" -eq '0' ]]; then
# download to the host your custom userkeys.sh
curl -4 $uri --create-dirs -o /usr/local/bin/userkeys.sh
# set file permissions
if [ -f /usr/local/bin/userkeys.sh ]; then
chmod 555 /usr/local/bin/userkeys.sh
fi
#############################################################################
# modifies sshd_config with the following settings:
#############################################################################
# enables publickey login
sed -i 's/PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
# configures AuthorizedKeysCommand to execute userkeys.sh on each login
if [ ! "$(grep 'AuthorizedKeysCommand /usr/local/bin/userkeys.sh' /etc/ssh/sshd_config)" ]; then
echo "AuthorizedKeysCommand /usr/local/bin/userkeys.sh" >> /etc/ssh/sshd_config
fi
# sets the user to root in order to save the cache key files in users home
if [ ! "$(grep 'AuthorizedKeysCommandUser root' /etc/ssh/sshd_config)" ]; then
echo "AuthorizedKeysCommandUser root" >> /etc/ssh/sshd_config
fi
# sets the cache key file name
if [ ! "$(grep authorized_keys_cache /etc/ssh/sshd_config)" ]; then
sed -i 's/AuthorizedKeysFile.*/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys_cache/' /etc/ssh/sshd_config
fi
# make sure all host keys exist
ssh-keygen -A
# make sure ~/.ssh exists
mkdir -p /root/.ssh
# make sure sshd_config is valid
sshd -t
# restart ssh or sshd depending of the distro
service ssh restart ; service sshd restart
else
echo "error: check uri variable"
echo "$uri isn't valid"
fi