diff options
| author | Andrew Cady <d@cryptonomic.net> | 2021-10-23 18:35:31 -0400 |
|---|---|---|
| committer | Andrew Cady <d@cryptonomic.net> | 2021-10-23 18:35:31 -0400 |
| commit | e2d92847bbece5889f6690f68bf4bc614723700c (patch) | |
| tree | f52da2fa0945abaf43364488008a8c5c040b0114 | |
| parent | f94c5c4222cf5edf42193dc4dd3010ba1f8b53f2 (diff) | |
sshd improvements
| -rw-r--r-- | EndoForge/openssh/Makefile | 7 | ||||
| -rwxr-xr-x | EndoForge/openssh/run-sshd | 28 | ||||
| -rwxr-xr-x | EndoForge/openssh/runsshd.sh | 16 | ||||
| -rw-r--r-- | EndoForge/openssh/sshd_config | 6 |
4 files changed, 33 insertions, 24 deletions
diff --git a/EndoForge/openssh/Makefile b/EndoForge/openssh/Makefile index e53a851..ae39ed2 100644 --- a/EndoForge/openssh/Makefile +++ b/EndoForge/openssh/Makefile | |||
| @@ -1,11 +1,6 @@ | |||
| 1 | # SSH_LISTEN_PORT = 22022 | ||
| 2 | # SSHD = /usr/sbin/sshd -p $(SSH_LISTEN_PORT) -D -e -f ~/.ssh/sshd_config -h ~/.ssh/id_ed25519 | ||
| 3 | 1 | ||
| 4 | run: | 2 | run: |
| 5 | fakeroot ./runsshd.sh | 3 | ./run-sshd -D -e -f ~/.ssh/sshd_config |
| 6 | |||
| 7 | runtest: | ||
| 8 | $(SSHD) -t | ||
| 9 | 4 | ||
| 10 | install: | 5 | install: |
| 11 | install -m0600 sshd_config -t ~/.ssh | 6 | install -m0600 sshd_config -t ~/.ssh |
diff --git a/EndoForge/openssh/run-sshd b/EndoForge/openssh/run-sshd new file mode 100755 index 0000000..29615fb --- /dev/null +++ b/EndoForge/openssh/run-sshd | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | case "$LD_PRELOAD" in | ||
| 3 | libfakeroot-sysv.so) ;; | ||
| 4 | '') exec fakeroot -- "$0" "$@" ;; | ||
| 5 | *) exit 1 ;; | ||
| 6 | esac | ||
| 7 | |||
| 8 | fixperms() | ||
| 9 | { | ||
| 10 | set -- | ||
| 11 | dirs=$HOME | ||
| 12 | p=$HOME | ||
| 13 | while [ "$p" != "${p%/*}" ] | ||
| 14 | do | ||
| 15 | p=${p%/*} | ||
| 16 | dirs="$dirs $p/" | ||
| 17 | done | ||
| 18 | |||
| 19 | chown root:root $dirs | ||
| 20 | chmod go-w $dirs | ||
| 21 | } | ||
| 22 | |||
| 23 | fixperms | ||
| 24 | |||
| 25 | PATH=/sbin:/usr/sbin:$PATH | ||
| 26 | cmd="$(which sshd) $*" | ||
| 27 | runuser -u "$USER" -- sh -c "$cmd" | ||
| 28 | |||
diff --git a/EndoForge/openssh/runsshd.sh b/EndoForge/openssh/runsshd.sh deleted file mode 100755 index 1eff668..0000000 --- a/EndoForge/openssh/runsshd.sh +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | set -- | ||
| 3 | dirs=$HOME | ||
| 4 | p=$HOME | ||
| 5 | while [ "$p" != "${p%/*}" ] | ||
| 6 | do | ||
| 7 | p=${p%/*} | ||
| 8 | dirs="$dirs $p/" | ||
| 9 | done | ||
| 10 | |||
| 11 | chown root:root $dirs | ||
| 12 | chmod go-w $dirs | ||
| 13 | |||
| 14 | cmd="/usr/sbin/sshd -D -e -f $HOME/.ssh/sshd_config -h $HOME/.ssh/id_ed25519" | ||
| 15 | /sbin/runuser -u u -- sh -c "set -x; $cmd" | ||
| 16 | |||
diff --git a/EndoForge/openssh/sshd_config b/EndoForge/openssh/sshd_config index 8df5d17..2273805 100644 --- a/EndoForge/openssh/sshd_config +++ b/EndoForge/openssh/sshd_config | |||
| @@ -1,9 +1,11 @@ | |||
| 1 | Port 22022 | 1 | Port=22022 |
| 2 | |||
| 3 | HostKey=/home/u/.ssh/id_ed25519 | ||
| 4 | PidFile=/home/u/.ssh/sshd.pid | ||
| 2 | 5 | ||
| 3 | AuthorizedKeysCommandUser=u | 6 | AuthorizedKeysCommandUser=u |
| 4 | AuthorizedKeysCommand=/home/u/.ssh/AuthorizedKeysCommand %u %h %f "%t %k" | 7 | AuthorizedKeysCommand=/home/u/.ssh/AuthorizedKeysCommand %u %h %f "%t %k" |
| 5 | ExposeAuthInfo=yes | 8 | ExposeAuthInfo=yes |
| 6 | PidFile=/home/u/.ssh/sshd.pid | ||
| 7 | 9 | ||
| 8 | AuthenticationMethods publickey | 10 | AuthenticationMethods publickey |
| 9 | AcceptEnv LANG LC_* | 11 | AcceptEnv LANG LC_* |