From 337b73fa76251922a69915c394a4eb546b28fe8e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 29 Nov 2018 17:21:54 +0100 Subject: [PATCH] Misc cosmetic improvements --- install_yunohost | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/install_yunohost b/install_yunohost index 8a294aa..a2b4c6f 100755 --- a/install_yunohost +++ b/install_yunohost @@ -303,30 +303,30 @@ function manage_sshd_config() { [[ "$AUTOMODE" == "1" ]] && return 0 [[ ! -f /etc/ssh/sshd_config ]] && return 0 - - local sshd_config_differs="0" + + local sshd_config_possible_issues="0" local text="To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration. -Your current SSH configuration differs from the recommended configuration. +Your current SSH configuration differs from the recommended configuration. If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:" - # If root login is not deactivate + # If root login is currently enabled if ! grep -E "^[[:blank:]]*PermitRootLogin[[:blank:]]+no" /etc/ssh/sshd_config ; then - sshd_config_differs="1" - text="$text- you will not be able to connect as root through SSH. Instead you should use the admin user ; + sshd_config_possible_issues="1" + text="$text\n- you will not be able to connect as root through SSH. Instead you should use the admin user ; " fi - - # If we are using an other Port + + # If current conf uses a custom ssh port if grep -Ev "^[[:blank:]]*Port[[:blank:]]+22[[:blank:]]*(#.*)?$" /etc/ssh/sshd_config | grep -E "^[[:blank:]]*Port[[:blank:]]+[[:digit:]]+$" ; then - sshd_config_differs="1" - text="$text- you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it after the postinstallation. + sshd_config_possible_issues="1" + text="$text\n- you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it after the postinstallation. " fi # If we are using DSA key for ssh server fingerprint if grep -E "^[[:blank:]]*HostKey[[:blank:]]+/etc/ssh/ssh_host_dsa_key" /etc/ssh/sshd_config ; then - sshd_config_differs="1" - text="$text- the DSA key will be disabled. Hence, you might need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ; + sshd_config_possible_issues="1" + text="$text\n- the DSA key will be disabled. Hence, you might later need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ; " fi @@ -334,18 +334,19 @@ If you let YunoHost reconfigure it, the way you connect to your server through S text="${text} Do you agree to let YunoHost apply those changes to your configuration and therefore affect the way you connect through SSH ? " - - # In all this case we ask user - if [[ "$sshd_config_differs" == "1" ]] ; then - if ! whiptail --title "SSH Configuration" --yesno "$text" 20 78 --defaultno --scrolltext ; then - - # Keep a copy to restore it after regen-conf - cp /etc/ssh/sshd_config /etc/ssh/sshd_config.to_restore - fi + + # If no possible issue found, we just assume it's okay and will take over the SSH conf during postinstall + [[ "$sshd_config_possible_issues" == "0" ]] && return 0 + + # Otherwise, we ask the user to confirm + if ! whiptail --title "SSH Configuration" --yesno "$text" 20 78 --defaultno --scrolltext ; then + + # Keep a copy to be restored during the postinstall + # so that the ssh confs behaves as manually modified. + cp /etc/ssh/sshd_config /etc/ssh/sshd_config.to_restore fi return 0 - } function setup_package_source() {