free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Enable monkeysphere via security settings

Bob Mottram 9 years ago
parent
1e2a2d5b02
commit
a23d0efb16
1 changed files with 49 additions and 2 deletions
Split View Show Diff Stats
  1. 49
    2
      src/freedombone-sec

+ 49
- 2
src/freedombone-sec View File 

@@ -63,6 +63,11 @@ REGENERATE_DH_KEYS="no"
63 63 
 DH_KEYLENGTH=2048
64 64 
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
65 65
66 
+MY_USERNAME=
67 
+if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
68 
+	MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
69 
+fi
70 
+
66 71 
 function get_protocols_from_website {
67 72 
   if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
68 73 
 	  return
 
@@ -568,17 +573,56 @@ function update_ciphersuite {
568 573 
 	exit 0
569 574 
 }
570 575
576 
+function enable_monkeysphere {
577 
+	monkey=
578 
+	dialog --title $"GPG based authentication" \
579 
+		   --backtitle $"Freedombone Security Configuration" \
580 
+		   --defaultno \
581 
+		   --yesno $"\nEnable GPG based authentication with monkeysphere ?" 7 60
582 
+	sel=$?
583 
+	case $sel in
584 
+		0) monkey='yes';;
585 
+		255) exit 0;;
586 
+	esac
587 
+
588 
+	if [ $monkey ]; then
589 
+		if [ ! -f /home/$MY_USERNAME/.monkeysphere/authorized_user_ids ]; then
590 
+			dialog --title $"GPG based authentication" \
591 
+				   --msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40
592 
+			exit 0
593 
+		fi
594 
+		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
595 
+		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u|g' /etc/ssh/sshd_config
596 
+		monkeysphere-authentication update-users
597 
+	else
598 
+		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
599 
+		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config
600 
+	fi
601 
+
602 
+	systemctl restart ssh
603 
+
604 
+	if [ $monkey ]; then
605 
+		dialog --title $"GPG based authentication" \
606 
+			   --msgbox $"GPG based authentication was enabled" 6 40
607 
+	else
608 
+		dialog --title $"GPG based authentication" \
609 
+			   --msgbox $"GPG based authentication was disabled" 6 40
610 
+	fi
611 
+	exit 0
612 
+}
613 
+
571 614 
 function housekeeping {
572 615 
   cmd=(dialog --separate-output \
573 616 
 			  --backtitle "Freedombone Security Configuration" \
574 617 
 			  --title "Housekeeping options" \
575 
-			  --checklist "If you don't need to do any of these things then just press Enter:" 13 76 16)
618 
+			  --checklist "If you don't need to do any of these things then just press Enter:" 17 76 17)
576 619 
   options=(1 "Regenerate ssh host keys" off
577 620 
 		   2 "Regenerate Diffie-Hellman keys" off
578 621 
 		   3 "Renew a StartSSL certificate" off
579 622 
 		   4 "Update cipersuite" off
580 623 
 		   5 "Create a new Let's Encrypt certificate" off
581 
-		   6 "Renew Let's Encrypt certificate" off)
624 
+		   6 "Renew Let's Encrypt certificate" off
625 
+		   7 "Enable GPG based authentication (monkeysphere)" off)
582 626 
   choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
583 627 
   clear
584 628 
   for choice in $choices
 
@@ -602,6 +646,9 @@ function housekeeping {
602 646 
 	  6)
603 647 
 		renew_letsencrypt
604 648 
 		;;
649 
+	  7)
650 
+		enable_monkeysphere
651 
+		;;
605 652 
 	esac
606 653 
   done
607 654 
 }