diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh index 2c9261193..37b92e3fe 100755 --- a/data/hooks/conf_regen/03-ssh +++ b/data/hooks/conf_regen/03-ssh @@ -13,8 +13,8 @@ do_pre_regen() { [[ -f /proc/net/if_inet6 ]] \ || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config - # Add DSA HostKey to let user remove it with migration 7 - if [[ "$(yunohost settings get 'service.ssh._deprecated_dsa_hostkey')" == "True" ]]; then + # Support legacy setting (this setting might be disabled by a user during a migration) + if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then sed -i '/HostKey \/etc\/ssh\/ssh_host_rsa_key/a HostKey /etc/ssh/ssh_host_dsa_key' sshd_config fi diff --git a/src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py b/src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py index c3a503492..751f56fac 100644 --- a/src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py +++ b/src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py @@ -23,13 +23,13 @@ class MyMigration(Migration): This is the first step of a couple of migrations that ensure SSH conf is managed by YunoHost (even if the "from_script" flag is present, which was previously preventing it from being managed by YunoHost) - + The goal of this first (automatic) migration is to make sure that the sshd_config is managed by the regen-conf mechanism. If the from_script flag exists, then we keep the current SSH conf such that it will appear as "manually modified" to the regenconf. - + In step 2 (manual), the admin will be able to choose wether or not to actually use the recommended configuration, with an appropriate disclaimer. """ @@ -44,15 +44,15 @@ class MyMigration(Migration): dsa = True break if dsa: - settings_set("service.ssh._deprecated_dsa_hostkey", True) + settings_set("service.ssh.allow_deprecated_dsa_hostkey", True) # Create sshd_config.d dir if not os.path.exists(SSHD_CONF + '.d'): mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root') # Here, we make it so that /etc/ssh/sshd_config is managed - # by the regen conf (in particular in the case where the - # from_script flag is present - in which case it was *not* + # by the regen conf (in particular in the case where the + # from_script flag is present - in which case it was *not* # managed by the regenconf) # But because we can't be sure the user wants to use the # recommended conf, we backup then restore the /etc/ssh/sshd_config diff --git a/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py b/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py index c6355ac61..20267d9e8 100644 --- a/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py +++ b/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py @@ -28,7 +28,7 @@ class MyMigration(Migration): """ def migrate(self): - settings_set("service.ssh._deprecated_dsa_hostkey", False) + settings_set("service.ssh.allow_deprecated_dsa_hostkey", False) service_regen_conf(names=['ssh'], force=True) def backward(self): @@ -44,7 +44,7 @@ class MyMigration(Migration): # (basically nothing shall change) ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None) current_hash = _calculate_hash(SSHD_CONF) - dsa = settings_get("service.ssh._deprecated_dsa_hostkey") + dsa = settings_get("service.ssh.allow_deprecated_dsa_hostkey") if ynh_hash == current_hash and not dsa: return "auto" diff --git a/src/yunohost/settings.py b/src/yunohost/settings.py index 1539435c6..391893b4e 100644 --- a/src/yunohost/settings.py +++ b/src/yunohost/settings.py @@ -39,7 +39,7 @@ DEFAULTS = OrderedDict([ # -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest ("security.password.admin.strength", {"type": "int", "default": 1}), ("security.password.user.strength", {"type": "int", "default": 1}), - ("service.ssh._deprecated_dsa_hostkey", {"type": "bool", "default": False}), + ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", "default": False}), ])