diff options
| author | Andrew Cady <d@cryptonomic.net> | 2021-10-23 18:08:40 -0400 |
|---|---|---|
| committer | Andrew Cady <d@cryptonomic.net> | 2021-10-23 18:08:40 -0400 |
| commit | f94c5c4222cf5edf42193dc4dd3010ba1f8b53f2 (patch) | |
| tree | 7b4f554d6b1078e9e4f46f3f3e2e3a4635f6889d | |
| parent | 8962879681b1a1caba15c3d5191bc9619993758a (diff) | |
got user-mode sshd working
| -rwxr-xr-x | EndoForge/openssh/AuthorizedKeysCommand | 16 | ||||
| -rw-r--r-- | EndoForge/openssh/Makefile | 12 | ||||
| -rwxr-xr-x | EndoForge/openssh/runsshd.sh | 16 | ||||
| -rw-r--r-- | EndoForge/openssh/sshd_config | 13 |
4 files changed, 57 insertions, 0 deletions
diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand new file mode 100755 index 0000000..063444e --- /dev/null +++ b/EndoForge/openssh/AuthorizedKeysCommand | |||
| @@ -0,0 +1,16 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | fingerprint=$3 | ||
| 3 | authline="$4 $5" | ||
| 4 | |||
| 5 | username=$(id -un) | ||
| 6 | userhome=$(getent passwd $(id -un) | (IFS=: read _ _ _ _ _ home _ && echo "$home")) | ||
| 7 | |||
| 8 | case "$userhome" in | ||
| 9 | '' | *"'"* ) exit ;; | ||
| 10 | esac | ||
| 11 | |||
| 12 | usercommand=$userhome/.ssh/AnonymousAccessCommand | ||
| 13 | |||
| 14 | [ -x "$usercommand" ] || exit | ||
| 15 | |||
| 16 | printf 'command="%s",no-port-forwarding %s\n' "$usercommand $fingerprint" "$authline" | ||
diff --git a/EndoForge/openssh/Makefile b/EndoForge/openssh/Makefile new file mode 100644 index 0000000..e53a851 --- /dev/null +++ b/EndoForge/openssh/Makefile | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | # SSH_LISTEN_PORT = 22022 | ||
| 2 | # SSHD = /usr/sbin/sshd -p $(SSH_LISTEN_PORT) -D -e -f ~/.ssh/sshd_config -h ~/.ssh/id_ed25519 | ||
| 3 | |||
| 4 | run: | ||
| 5 | fakeroot ./runsshd.sh | ||
| 6 | |||
| 7 | runtest: | ||
| 8 | $(SSHD) -t | ||
| 9 | |||
| 10 | install: | ||
| 11 | install -m0600 sshd_config -t ~/.ssh | ||
| 12 | install -m0755 AuthorizedKeysCommand -t ~/.ssh | ||
diff --git a/EndoForge/openssh/runsshd.sh b/EndoForge/openssh/runsshd.sh new file mode 100755 index 0000000..1eff668 --- /dev/null +++ b/EndoForge/openssh/runsshd.sh | |||
| @@ -0,0 +1,16 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | set -- | ||
| 3 | dirs=$HOME | ||
| 4 | p=$HOME | ||
| 5 | while [ "$p" != "${p%/*}" ] | ||
| 6 | do | ||
| 7 | p=${p%/*} | ||
| 8 | dirs="$dirs $p/" | ||
| 9 | done | ||
| 10 | |||
| 11 | chown root:root $dirs | ||
| 12 | chmod go-w $dirs | ||
| 13 | |||
| 14 | cmd="/usr/sbin/sshd -D -e -f $HOME/.ssh/sshd_config -h $HOME/.ssh/id_ed25519" | ||
| 15 | /sbin/runuser -u u -- sh -c "set -x; $cmd" | ||
| 16 | |||
diff --git a/EndoForge/openssh/sshd_config b/EndoForge/openssh/sshd_config new file mode 100644 index 0000000..8df5d17 --- /dev/null +++ b/EndoForge/openssh/sshd_config | |||
| @@ -0,0 +1,13 @@ | |||
| 1 | Port 22022 | ||
| 2 | |||
| 3 | AuthorizedKeysCommandUser=u | ||
| 4 | AuthorizedKeysCommand=/home/u/.ssh/AuthorizedKeysCommand %u %h %f "%t %k" | ||
| 5 | ExposeAuthInfo=yes | ||
| 6 | PidFile=/home/u/.ssh/sshd.pid | ||
| 7 | |||
| 8 | AuthenticationMethods publickey | ||
| 9 | AcceptEnv LANG LC_* | ||
| 10 | Subsystem sftp /usr/lib/openssh/sftp-server | ||
| 11 | UsePAM no | ||
| 12 | PermitTTY no | ||
| 13 | ChrootDirectory=none | ||