YunoHost/install_script
1
0
Fork 0
mirror of https://github.com/YunoHost/install_script.git synced 2024-09-03 20:06:25 +02:00
Code Issues Projects Releases Packages Wiki Activity

Misc cosmetic improvements

Browse source
This commit is contained in:
Alexandre Aubin 2018-11-29 17:21:54 +01:00
parent 16ef5193e4
commit 337b73fa76
1 changed files with 22 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
install_yunohost
View file

@ -303,30 +303,30 @@ function manage_sshd_config() {
[[ "$AUTOMODE" == "1" ]] && return 0
[[ ! -f /etc/ssh/sshd_config ]] && return 0
local sshd_config_differs="0"
local sshd_config_possible_issues="0"
local text="To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration.
Your current SSH configuration differs from the recommended configuration.
Your current SSH configuration differs from the recommended configuration.
If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:"
# If root login is not deactivate
# If root login is currently enabled
if ! grep -E "^[[:blank:]]*PermitRootLogin[[:blank:]]+no" /etc/ssh/sshd_config ; then
sshd_config_differs="1"
text="$text- you will not be able to connect as root through SSH. Instead you should use the admin user ;
sshd_config_possible_issues="1"
text="$text\n- you will not be able to connect as root through SSH. Instead you should use the admin user ;
"
fi
# If we are using an other Port
# If current conf uses a custom ssh port
if grep -Ev "^[[:blank:]]*Port[[:blank:]]+22[[:blank:]]*(#.*)?$" /etc/ssh/sshd_config | grep -E "^[[:blank:]]*Port[[:blank:]]+[[:digit:]]+$" ; then
sshd_config_differs="1"
text="$text- you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it after the postinstallation.
sshd_config_possible_issues="1"
text="$text\n- you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it after the postinstallation.
"
fi
# If we are using DSA key for ssh server fingerprint
if grep -E "^[[:blank:]]*HostKey[[:blank:]]+/etc/ssh/ssh_host_dsa_key" /etc/ssh/sshd_config ; then
sshd_config_differs="1"
text="$text- the DSA key will be disabled. Hence, you might need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ;
sshd_config_possible_issues="1"
text="$text\n- the DSA key will be disabled. Hence, you might later need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ;
"
fi
@ -334,18 +334,19 @@ If you let YunoHost reconfigure it, the way you connect to your server through S
text="${text}
Do you agree to let YunoHost apply those changes to your configuration and therefore affect the way you connect through SSH ?
"
# In all this case we ask user
if [[ "$sshd_config_differs" == "1" ]] ; then
if ! whiptail --title "SSH Configuration" --yesno "$text" 20 78 --defaultno --scrolltext ; then
# Keep a copy to restore it after regen-conf
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.to_restore
fi
# If no possible issue found, we just assume it's okay and will take over the SSH conf during postinstall
[[ "$sshd_config_possible_issues" == "0" ]] && return 0
# Otherwise, we ask the user to confirm
if ! whiptail --title "SSH Configuration" --yesno "$text" 20 78 --defaultno --scrolltext ; then
# Keep a copy to be restored during the postinstall
# so that the ssh confs behaves as manually modified.
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.to_restore
fi
return 0
}
function setup_package_source() {