From 3d81f032e9aba1d4b2155c8b74300b9bf0d307c0 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 28 Nov 2018 17:50:20 +0000 Subject: [PATCH] Fixes following tests (some sshd_config options do not exists or are deprecated) --- data/helpers.d/utils | 1 + data/hooks/conf_regen/03-ssh | 2 +- data/templates/ssh/sshd_config | 21 +++++++------------ ...0007_ssh_conf_managed_by_yunohost_step1.py | 2 +- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/data/helpers.d/utils b/data/helpers.d/utils index eef9f2a8e..b280c3b21 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -272,6 +272,7 @@ ynh_local_curl () { ynh_render_template() { local template_path=$1 local output_path=$2 + mkdir -p "$(dirname $output_path)" # Taken from https://stackoverflow.com/a/35009576 python2.7 -c 'import os, sys, jinja2; sys.stdout.write( jinja2.Template(sys.stdin.read() diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh index 74064a631..a9ed0ee48 100755 --- a/data/hooks/conf_regen/03-ssh +++ b/data/hooks/conf_regen/03-ssh @@ -21,7 +21,7 @@ do_pre_regen() { ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null)" fi - export $ssh_keys + export ssh_keys ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config" fi } diff --git a/data/templates/ssh/sshd_config b/data/templates/ssh/sshd_config index 36bd9167d..ed9a3136e 100644 --- a/data/templates/ssh/sshd_config +++ b/data/templates/ssh/sshd_config @@ -1,16 +1,14 @@ -# Package generated configuration file -# See the sshd_config(5) manpage for details +# This configuration has been automatically generated +# by YunoHost -# What ports, IPs and protocols we listen for +Protocol 2 Port 22 -# Use these options to restrict which interfaces/protocols sshd will bind to + ListenAddress :: ListenAddress 0.0.0.0 -Protocol 2 -# HostKeys for protocol version 2 -{% for key in ssh_keys %} -HostKey {{ key }} -{% endfor %} + +{% for key in ssh_keys.split() %} +HostKey {{ key }}{% endfor %} #Privilege Separation is turned on for security UsePrivilegeSeparation yes @@ -24,14 +22,11 @@ LoginGraceTime 120 PermitRootLogin no StrictModes yes -RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication @@ -92,5 +87,3 @@ Match User sftpusers AllowTcpForwarding no GatewayPorts no X11Forwarding no - -Include sshd_config.d/* diff --git a/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py b/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py index 82d1fc634..95e67894c 100644 --- a/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py +++ b/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py @@ -65,7 +65,7 @@ class MyMigration(Migration): copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF) # If we detect the conf as manually modified - ynh_hash = _get_conf_hashes('ssh')[SSHD_CONF] + ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None) current_hash = _calculate_hash(SSHD_CONF) if ynh_hash != current_hash: