free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

Enable or disable ssh password logins

Bob Mottram 10 年之前
父節點
66f4feb955
當前提交
f790606705
共有 1 個檔案被更改,包括 23 行新增0 行删除
統一視圖 顯示文件統計
  1. 23
    0
      src/freedombone-sec

+ 23
- 0
src/freedombone-sec 查看文件

34 
 SSH_MACS=
 34 
 SSH_MACS=
35 
 SSH_KEX=
 35 
 SSH_KEX=
36 
 SSH_HOST_KEY_ALGORITHMS=
 36 
 SSH_HOST_KEY_ALGORITHMS=
37 
+SSH_PASSWORDS=
37 
 XMPP_CIPHERS=
 38 
 XMPP_CIPHERS=
38 
 XMPP_ECC_CURVE=
 39 
 XMPP_ECC_CURVE=
39
40
105 
       SSH_CIPHERS=$(cat $SSH_CONFIG | grep 'Ciphers ' | awk -F 'Ciphers ' '{print $2}')
 106 
       SSH_CIPHERS=$(cat $SSH_CONFIG | grep 'Ciphers ' | awk -F 'Ciphers ' '{print $2}')
106 
       SSH_MACS=$(cat $SSH_CONFIG | grep 'MACs ' | awk -F 'MACs ' '{print $2}')
 107 
       SSH_MACS=$(cat $SSH_CONFIG | grep 'MACs ' | awk -F 'MACs ' '{print $2}')
107 
       SSH_KEX=$(cat $SSH_CONFIG | grep 'KexAlgorithms ' | awk -F 'KexAlgorithms ' '{print $2}')
 108 
       SSH_KEX=$(cat $SSH_CONFIG | grep 'KexAlgorithms ' | awk -F 'KexAlgorithms ' '{print $2}')
109 
+      SSH_PASSWORDS=$(cat $SSH_CONFIG | grep 'PasswordAuthentication ' | awk -F 'PasswordAuthentication ' '{print $2}')
108 
   fi
 110 
   fi
109 
   if [ -f /etc/ssh/ssh_config ]; then
 111 
   if [ -f /etc/ssh/ssh_config ]; then
110 
       SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}')
 112 
       SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}')
175 
       if [ ! $SSH_KEX ]; then
 177 
       if [ ! $SSH_KEX ]; then
176 
           return
 178 
           return
177 
       fi
 179 
       fi
180 
+      if [ ! $SSH_PASSWORDS ]; then
181 
+          return
182 
+      fi
178
183
179 
       sed -i "s|Ciphers .*|Ciphers $SSH_CIPHERS|g" $SSH_CONFIG
 184 
       sed -i "s|Ciphers .*|Ciphers $SSH_CIPHERS|g" $SSH_CONFIG
180 
       sed -i "s|MACs .*|MACs $SSH_MACS|g" $SSH_CONFIG
 185 
       sed -i "s|MACs .*|MACs $SSH_MACS|g" $SSH_CONFIG
181 
       sed -i "s|KexAlgorithms .*|KexAlgorithms $SSH_KEX|g" $SSH_CONFIG
 186 
       sed -i "s|KexAlgorithms .*|KexAlgorithms $SSH_KEX|g" $SSH_CONFIG
187 
+      sed -i "s|PasswordAuthentication .*|PasswordAuthentication $SSH_PASSWORDS|g" $SSH_CONFIG
182 
       service ssh restart
 188 
       service ssh restart
183 
       echo 'ssh server security settings changed'
 189 
       echo 'ssh server security settings changed'
184 
   fi
 190 
   fi
254 
       esac
 260 
       esac
255 
   fi
 261 
   fi
256
262
263 
+  if [[ $SSH_PASSWORDS == "yes" ]]; then
264 
+      dialog --title "SSH Passwords" \
265 
+          --backtitle "Freedombone Security Configuration" \
266 
+          --yesno "\nAllow SSH login using passwords?" 7 60
267 
+  else
268 
+      dialog --title "SSH Passwords" \
269 
+          --backtitle "Freedombone Security Configuration" \
270 
+          --defaultno \
271 
+          --yesno "\nAllow SSH login using passwords?" 7 60
272 
+  fi
273 
+  sel=$?
274 
+  case $sel in
275 
+      0) SSH_PASSWORDS="yes";;
276 
+      1) SSH_PASSWORDS="no";;
277 
+      255) exit 0;;
278 
+  esac
279 
+
257 
   if [ $XMPP_CIPHERS ]; then
 280 
   if [ $XMPP_CIPHERS ]; then
258 
       data=$(tempfile 2>/dev/null)
 281 
       data=$(tempfile 2>/dev/null)
259 
       trap "rm -f $data" 0 1 2 5 15
 282 
       trap "rm -f $data" 0 1 2 5 15