From 8598d81bb1a18589127b25ba7156986f719c14d1 Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 26 Aug 2018 14:15:55 +0200 Subject: [PATCH] [wip] Standardize ssh config --- data/hooks/conf_regen/03-ssh | 2 +- locales/en.json | 6 ++++++ src/yunohost/tools.py | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh index a469b7a66..e3e03877e 100755 --- a/data/hooks/conf_regen/03-ssh +++ b/data/hooks/conf_regen/03-ssh @@ -7,7 +7,7 @@ do_pre_regen() { cd /usr/share/yunohost/templates/ssh - # only overwrite SSH configuration on an ISO installation + # Don't overwrite configuration if from_script if [[ ! -f /etc/yunohost/from_script ]]; then # do not listen to IPv6 if unavailable [[ -f /proc/net/if_inet6 ]] \ diff --git a/locales/en.json b/locales/en.json index 6ce22ca80..d63fc4a69 100644 --- a/locales/en.json +++ b/locales/en.json @@ -292,6 +292,12 @@ "migration_0005_not_enough_space": "Not enough space is available in {path} to run the migration right now :(.", "migration_0006_disclaimer": "Yunohost now expects admin and root passwords to be synchronized. By running this migration, your root password is going to be replaced by the admin password.", "migration_0006_done": "Your root password have been replaced by your admin password.", + "migration_0007_general_warning": "To ensure a global security of your server, YunoHost recommends to let it manage the SSH configuration of your server. Your current SSH configuration differs from common default configuration. If you let YunoHost reconfigure it, the way to access with SSH to your server could change after this migration:", + "migration_0007_port": "- you will have to connect using port 22 instead of your custom SSH port. Feel free to reconfigure it", + "migration_0007_root": "- you will not be able to connect with root user, instead you will have to use admin user.", + "migration_0007_dsa": "- you might need to invalidate a warning and to recheck fingerprint of your server, because DSA key will be disabled.", + "migration_0007_risk": "If you agree to let YunoHost replace your configuration and change the way to access your server, make the migration else skip it.", + "migration_0007_no_risk": "No major change in the way has been found, but it's difficult to be sure. If you agree to let YunoHost replace your configuration and change the way to access your server, make the migration else skip it.", "migrations_backward": "Migrating backward.", "migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}", "migrations_cant_reach_migration_file": "Can't access migrations files at path %s", diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 271947b3d..a0549321a 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -440,6 +440,12 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, service_start("yunohost-firewall") service_regen_conf(force=True) + + # Restore specific ssh conf + bkp_sshd_conf = '/etc/ssh/sshd_config.to_restore' + if os.path.exists(bkp_sshd_conf): + os.rename(bkp_sshd_conf, '/etc/ssh/sshd_config') + logger.success(m18n.n('yunohost_configured')) logger.warning(m18n.n('recommend_to_add_first_user'))