mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
44 lines
1.3 KiB
Bash
Executable file
44 lines
1.3 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
. /usr/share/yunohost/helpers
|
|
|
|
do_pre_regen() {
|
|
pending_dir=$1
|
|
|
|
cd /usr/share/yunohost/conf/ssh
|
|
|
|
# do not listen to IPv6 if unavailable
|
|
[[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false
|
|
|
|
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)
|
|
|
|
# Support legacy setting (this setting might be disabled by a user during a migration)
|
|
if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then
|
|
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
|
|
fi
|
|
|
|
# Support different strategy for security configurations
|
|
export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
|
|
export port="$(yunohost settings get 'security.ssh.ssh_port')"
|
|
export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication')"
|
|
export ssh_keys
|
|
export ipv6_enabled
|
|
ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
|
|
}
|
|
|
|
do_post_regen() {
|
|
regen_conf_files=$1
|
|
|
|
# If no file changed, there's nothing to do
|
|
[[ -n "$regen_conf_files" ]] || return 0
|
|
|
|
# Enforce permissions for /etc/ssh/sshd_config
|
|
chown root:root "/etc/ssh/sshd_config"
|
|
chmod 644 "/etc/ssh/sshd_config"
|
|
|
|
systemctl restart ssh
|
|
}
|
|
|
|
do_$1_regen ${@:2}
|