Eliminate hard-coded values in sshd_config

This dirties up the code though, making the separate directory approach look better again. But it's not that bad.
author: Andrew Cady <d@cryptonomic.net> 2021-10-24 06:37:45 -0400
committer: Andrew Cady <d@cryptonomic.net> 2021-10-24 06:37:45 -0400
commit: f58f4fdb3919c196a747636007af7da1ee308e28 (patch)
tree: f6db0c624fab483db801f38d3e28993b7c8c2dab
parent: 5e1f460dd3bf6288893ae61429a94dd90d19cdfb (diff)
2 files changed, 26 insertions, 9 deletions
diff --git a/EndoForge/Makefile b/EndoForge/Makefile
index 3846ebd..b6bba95 100644
--- a/EndoForge/Makefile
+++ b/EndoForge/Makefile
@@ -1,8 +1,11 @@
 ENDOFORGE_BACKUPS = y
 ifneq (,$(ENDOFORGE_BACKUPS))
-INSTALL := install -b --suffix=~$(shell date -Ins | tr -d :)
+SUFFIX := ~$(shell date -Ins | tr -d :)
+INSTALL := install -b --suffix=$(SUFFIX)
+MV := mv -b --suffix=$(SUFFIX)
 else
 INSTALL = install
+MV = mv
 endif
 ifeq ($(shell id -u),0)
@@ -32,12 +35,21 @@ SRC = src
 SOURCE_NAMES = AnonymousAccessCommand anonymous-access.conf AuthorizedKeysCommand sshd_config
 SOURCES = $(addprefix $(SRC), $(SOURCE_NAMES))
+KEYTYPE = ed25519
+define EDIT_SSHD
+sed \
+                -e 's?ForceCommand=$$?&$(HOME)/.ssh/AnonymousAccessCommand?' \
+                -e 's?AuthorizedKeysCommandUser=$$?&$(USER)?' \
+                -e 's?HostKey=$$?&$(HOME)/.ssh/id_$(KEYTYPE)?' \
+                -e 's?PidFile=$$?&$(HOME)/.ssh/sshd.pid?'
+endef
 install: install-user install-root
 install-user:
        $(INSTALL)        -d ~/.ssh
        $(INSTALL)        -t ~/.ssh $(SRC)/AnonymousAccessCommand
-        $(INSTALL) -m0600 -t ~/.ssh $(SRC)/sshd_config
+        $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp && $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config
 install-root:
        $(ROOT_INSTALL)        -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true
diff --git a/EndoForge/src/sshd_config b/EndoForge/src/sshd_config
index de34cd4..f89a47d 100644
--- a/EndoForge/src/sshd_config
+++ b/EndoForge/src/sshd_config
@@ -1,15 +1,20 @@
-# This allows completely open access:
+# This is an sshd_config for running OpenSSH as an unprivileged user on a
+# non-standard port.
+Port=22022
+# This setting completely opens up access:
 AuthorizedKeysCommand=/bin/echo %t %k
-# Only this closes it back up:
-ForceCommand=/home/u/.ssh/AnonymousAccessCommand
+# This closes it back up:
+ForceCommand=
+DisableForwarding=yes
 AuthenticationMethods publickey
-AuthorizedKeysCommandUser=u
+AuthorizedKeysCommandUser=
 ExposeAuthInfo=yes
-Port=22022
+HostKey=
-HostKey=/home/u/.ssh/id_ed25519
+PidFile=
-PidFile=/home/u/.ssh/sshd.pid
 AcceptEnv LANG LC_*
 UsePAM no
author	Andrew Cady <d@cryptonomic.net>	2021-10-24 06:37:45 -0400
committer	Andrew Cady <d@cryptonomic.net>	2021-10-24 06:37:45 -0400
commit	f58f4fdb3919c196a747636007af7da1ee308e28 (patch)
tree	f6db0c624fab483db801f38d3e28993b7c8c2dab
parent	5e1f460dd3bf6288893ae61429a94dd90d19cdfb (diff)

diff --git a/EndoForge/Makefile b/EndoForge/Makefile index 3846ebd..b6bba95 100644 --- a/EndoForge/Makefile +++ b/EndoForge/Makefile
@@ -1,8 +1,11 @@
1	ENDOFORGE_BACKUPS = y	1	ENDOFORGE_BACKUPS = y
2	ifneq (,$(ENDOFORGE_BACKUPS))	2	ifneq (,$(ENDOFORGE_BACKUPS))
3	INSTALL := install -b --suffix=~$(shell date -Ins \| tr -d :)	3	SUFFIX := ~$(shell date -Ins \| tr -d :)
		4	INSTALL := install -b --suffix=$(SUFFIX)
		5	MV := mv -b --suffix=$(SUFFIX)
4	else	6	else
5	INSTALL = install	7	INSTALL = install
		8	MV = mv
6	endif	9	endif
7		10
8	ifeq ($(shell id -u),0)	11	ifeq ($(shell id -u),0)
@@ -32,12 +35,21 @@ SRC = src
32	SOURCE_NAMES = AnonymousAccessCommand anonymous-access.conf AuthorizedKeysCommand sshd_config	35	SOURCE_NAMES = AnonymousAccessCommand anonymous-access.conf AuthorizedKeysCommand sshd_config
33	SOURCES = $(addprefix $(SRC), $(SOURCE_NAMES))	36	SOURCES = $(addprefix $(SRC), $(SOURCE_NAMES))
34		37
		38	KEYTYPE = ed25519
		39	define EDIT_SSHD
		40	sed \
		41	-e 's?ForceCommand=$$?&$(HOME)/.ssh/AnonymousAccessCommand?' \
		42	-e 's?AuthorizedKeysCommandUser=$$?&$(USER)?' \
		43	-e 's?HostKey=$$?&$(HOME)/.ssh/id_$(KEYTYPE)?' \
		44	-e 's?PidFile=$$?&$(HOME)/.ssh/sshd.pid?'
		45	endef
		46
35	install: install-user install-root	47	install: install-user install-root
36		48
37	install-user:	49	install-user:
38	$(INSTALL) -d ~/.ssh	50	$(INSTALL) -d ~/.ssh
39	$(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand	51	$(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand
40	$(INSTALL) -m0600 -t ~/.ssh $(SRC)/sshd_config	52	$(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp && $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config
41		53
42	install-root:	54	install-root:
43	$(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" \|\| true	55	$(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" \|\| true


diff --git a/EndoForge/src/sshd_config b/EndoForge/src/sshd_config index de34cd4..f89a47d 100644 --- a/EndoForge/src/sshd_config +++ b/EndoForge/src/sshd_config
@@ -1,15 +1,20 @@
1	# This allows completely open access:	1	# This is an sshd_config for running OpenSSH as an unprivileged user on a
		2	# non-standard port.
		3	Port=22022
		4
		5	# This setting completely opens up access:
2	AuthorizedKeysCommand=/bin/echo %t %k	6	AuthorizedKeysCommand=/bin/echo %t %k
3	# Only this closes it back up:	7
4	ForceCommand=/home/u/.ssh/AnonymousAccessCommand	8	# This closes it back up:
		9	ForceCommand=
		10	DisableForwarding=yes
5		11
6	AuthenticationMethods publickey	12	AuthenticationMethods publickey
7	AuthorizedKeysCommandUser=u	13	AuthorizedKeysCommandUser=
8	ExposeAuthInfo=yes	14	ExposeAuthInfo=yes
9		15
10	Port=22022	16	HostKey=
11	HostKey=/home/u/.ssh/id_ed25519	17	PidFile=
12	PidFile=/home/u/.ssh/sshd.pid
13		18
14	AcceptEnv LANG LC_*	19	AcceptEnv LANG LC_*
15	UsePAM no	20	UsePAM no