diff options
| author | Andrew Cady <d@cryptonomic.net> | 2021-10-24 17:09:13 -0400 |
|---|---|---|
| committer | Andrew Cady <d@cryptonomic.net> | 2021-10-24 17:12:03 -0400 |
| commit | 473f1f61ac0c3489fd3bd357e2b733aafec5715a (patch) | |
| tree | 8154540827a37aac9196ec08d5a45b333e93d664 | |
| parent | dcf8d5d6d6124cc532afaeba4f6b5d0a3a71b828 (diff) | |
add sshd service: make install-user
documentation updated
| -rw-r--r-- | EndoForge/Makefile | 11 | ||||
| -rw-r--r-- | EndoForge/README.md | 16 | ||||
| -rw-r--r-- | EndoForge/src/sshd.service | 18 |
3 files changed, 34 insertions, 11 deletions
diff --git a/EndoForge/Makefile b/EndoForge/Makefile index 3fcbb2d..db8f77d 100644 --- a/EndoForge/Makefile +++ b/EndoForge/Makefile | |||
| @@ -47,9 +47,14 @@ endef | |||
| 47 | install: install-user install-root | 47 | install: install-user install-root |
| 48 | 48 | ||
| 49 | install-user: | 49 | install-user: |
| 50 | $(INSTALL) -d ~/.ssh | 50 | $(INSTALL) -d ~/.ssh |
| 51 | $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand | 51 | $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand |
| 52 | $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp && $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config | 52 | $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp |
| 53 | $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config | ||
| 54 | $(INSTALL) -m0644 -t ~/.config/systemd/user $(SRC)/sshd.service | ||
| 55 | systemctl --user daemon-reload | ||
| 56 | systemctl --user enable sshd | ||
| 57 | systemctl --user restart sshd | ||
| 53 | 58 | ||
| 54 | install-root: | 59 | install-root: |
| 55 | $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true | 60 | $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true |
diff --git a/EndoForge/README.md b/EndoForge/README.md index 814b586..0a1f644 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md | |||
| @@ -73,16 +73,16 @@ editing the system `OpenSSH` configuration. | |||
| 73 | NON-ROOT INSTALLATION | 73 | NON-ROOT INSTALLATION |
| 74 | --------------------- | 74 | --------------------- |
| 75 | 75 | ||
| 76 | A configuration file to run `OpenSSH` as an unprivileged user is included. This | 76 | A systemd unit file to run `OpenSSH` as an unprivileged user is included. |
| 77 | type of installation is vastly inferior because a non-standard TCP port must be | ||
| 78 | used as the address. The configuration file sets the port to `22022`. | ||
| 79 | 77 | ||
| 80 | Type 'make run' to run the unprivileged `OpenSSH` server. | 78 | The configuration file sets the port to `22022`. |
| 81 | 79 | ||
| 82 | ``` | 80 | This type of installation is vastly inferior to running as root, because only |
| 83 | make run | 81 | root can make `OpenSSH` listen on port `22`, as it is designed to do. |
| 84 | ``` | ||
| 85 | 82 | ||
| 83 | The `install-user` target runs the unprivileged `OpenSSH` server. | ||
| 86 | 84 | ||
| 87 | [TODO: This repository needs a systemd service file to launch it automatically.] | 85 | ``` |
| 86 | make install-user | ||
| 87 | ``` | ||
| 88 | 88 | ||
diff --git a/EndoForge/src/sshd.service b/EndoForge/src/sshd.service new file mode 100644 index 0000000..156daa9 --- /dev/null +++ b/EndoForge/src/sshd.service | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=OpenBSD Secure Shell server | ||
| 3 | Documentation=man:sshd(8) man:sshd_config(5) | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | Restart=always | ||
| 7 | ExecStartPre=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config | ||
| 8 | ExecStart=/usr/sbin/sshd -D -e -f ${HOME}/.ssh/sshd_config | ||
| 9 | ExecReload=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config | ||
| 10 | ExecReload=/bin/kill -HUP $MAINPID | ||
| 11 | KillMode=process | ||
| 12 | Restart=on-failure | ||
| 13 | RestartPreventExitStatus=255 | ||
| 14 | Type=notify | ||
| 15 | |||
| 16 | [Install] | ||
| 17 | WantedBy=default.target | ||
| 18 | #Alias=sshd.service | ||