From ee31969be753440b51cb20bc867229833ee76aff Mon Sep 17 00:00:00 2001 From: Kay0u Date: Mon, 12 Apr 2021 18:07:36 +0200 Subject: [PATCH 1/2] add ssh port setting --- data/hooks/conf_regen/03-ssh | 2 ++ data/templates/ssh/sshd_config | 2 +- src/yunohost/settings.py | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh index 54b7c55b7..1f057aa35 100755 --- a/data/hooks/conf_regen/03-ssh +++ b/data/hooks/conf_regen/03-ssh @@ -26,6 +26,8 @@ do_pre_regen() { # Support different strategy for security configurations export compatibility="$(yunohost settings get 'security.ssh.compatibility')" + export port="$(yunohost settings get 'security.ssh.port')" + export ssh_keys export ipv6_enabled ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config" diff --git a/data/templates/ssh/sshd_config b/data/templates/ssh/sshd_config index 84f06d4e5..0ffde09c6 100644 --- a/data/templates/ssh/sshd_config +++ b/data/templates/ssh/sshd_config @@ -2,7 +2,7 @@ # by YunoHost Protocol 2 -Port 22 +Port {{ port }} {% if ipv6_enabled == "true" %}ListenAddress ::{% endif %} ListenAddress 0.0.0.0 diff --git a/src/yunohost/settings.py b/src/yunohost/settings.py index e252316bd..f44178f07 100644 --- a/src/yunohost/settings.py +++ b/src/yunohost/settings.py @@ -71,6 +71,10 @@ DEFAULTS = OrderedDict( "choices": ["intermediate", "modern"], }, ), + ( + "security.ssh.port", + {"type": "int", "default": 22}, + ), ( "security.nginx.compatibility", { @@ -383,6 +387,7 @@ def reconfigure_nginx(setting_name, old_value, new_value): regen_conf(names=["nginx"]) +@post_change_hook("security.ssh.port") @post_change_hook("security.ssh.compatibility") def reconfigure_ssh(setting_name, old_value, new_value): if old_value != new_value: From bc0fd07680a70099d7b047e61e06ea9f590e63b7 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 12 Apr 2021 19:27:32 +0200 Subject: [PATCH 2/2] Add description for new SSH port setting --- locales/en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/locales/en.json b/locales/en.json index f60f2f2e7..52e2d94e6 100644 --- a/locales/en.json +++ b/locales/en.json @@ -323,6 +323,7 @@ "global_settings_setting_security_password_user_strength": "User password strength", "global_settings_setting_security_ssh_compatibility": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects)", "global_settings_setting_security_postfix_compatibility": "Compatibility vs. security tradeoff for the Postfix server. Affects the ciphers (and other security-related aspects)", + "global_settings_setting_security_ssh_port": "SSH port", "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discard it and save it in /etc/yunohost/settings-unknown.json", "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration", "global_settings_setting_ssowat_panel_overlay_enabled": "Enable SSOwat panel overlay",