YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Enforce permissions for /etc/ssh/sshd_config

Browse source
This commit is contained in:
Alexandre Aubin 2018-11-28 20:27:42 +00:00
parent 25efab7f2a
commit 6a812190c5
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
data/hooks/conf_regen/03-ssh
View file

@ -15,8 +15,9 @@ do_pre_regen() {
[[ -f /proc/net/if_inet6 ]] \ [[ -f /proc/net/if_inet6 ]] \
|| sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
# Support legacy setting (this setting might be disabled by a user during a migration)
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null) ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null)
# Support legacy setting (this setting might be disabled by a user during a migration)
if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null)" ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null)"
fi fi
@ -28,10 +29,13 @@ do_pre_regen() {
do_post_regen() { do_post_regen() {
regen_conf_files=$1 regen_conf_files=$1
if [[ ! -f /etc/yunohost/from_script ]]; then if [[ ! -f /etc/yunohost/from_script ]]; then
[[ -z "$regen_conf_files" ]] \ if [[ -n "$regen_conf_files" ]];
|| sudo service ssh restart then
sudo service ssh restart
chown root:root "/etc/ssh/sshd_config"
chmod 644 "/etc/ssh/sshd_config"
fi
fi fi
} }