diff options
-rwxr-xr-x | EndoForge/openssh/AuthorizedKeysCommand | 16 | ||||
-rw-r--r-- | EndoForge/openssh/Makefile | 12 | ||||
-rwxr-xr-x | EndoForge/openssh/runsshd.sh | 16 | ||||
-rw-r--r-- | EndoForge/openssh/sshd_config | 13 |
4 files changed, 57 insertions, 0 deletions
diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand new file mode 100755 index 0000000..063444e --- /dev/null +++ b/EndoForge/openssh/AuthorizedKeysCommand | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/bin/sh | ||
2 | fingerprint=$3 | ||
3 | authline="$4 $5" | ||
4 | |||
5 | username=$(id -un) | ||
6 | userhome=$(getent passwd $(id -un) | (IFS=: read _ _ _ _ _ home _ && echo "$home")) | ||
7 | |||
8 | case "$userhome" in | ||
9 | '' | *"'"* ) exit ;; | ||
10 | esac | ||
11 | |||
12 | usercommand=$userhome/.ssh/AnonymousAccessCommand | ||
13 | |||
14 | [ -x "$usercommand" ] || exit | ||
15 | |||
16 | printf 'command="%s",no-port-forwarding %s\n' "$usercommand $fingerprint" "$authline" | ||
diff --git a/EndoForge/openssh/Makefile b/EndoForge/openssh/Makefile new file mode 100644 index 0000000..e53a851 --- /dev/null +++ b/EndoForge/openssh/Makefile | |||
@@ -0,0 +1,12 @@ | |||
1 | # SSH_LISTEN_PORT = 22022 | ||
2 | # SSHD = /usr/sbin/sshd -p $(SSH_LISTEN_PORT) -D -e -f ~/.ssh/sshd_config -h ~/.ssh/id_ed25519 | ||
3 | |||
4 | run: | ||
5 | fakeroot ./runsshd.sh | ||
6 | |||
7 | runtest: | ||
8 | $(SSHD) -t | ||
9 | |||
10 | install: | ||
11 | install -m0600 sshd_config -t ~/.ssh | ||
12 | install -m0755 AuthorizedKeysCommand -t ~/.ssh | ||
diff --git a/EndoForge/openssh/runsshd.sh b/EndoForge/openssh/runsshd.sh new file mode 100755 index 0000000..1eff668 --- /dev/null +++ b/EndoForge/openssh/runsshd.sh | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/bin/sh | ||
2 | set -- | ||
3 | dirs=$HOME | ||
4 | p=$HOME | ||
5 | while [ "$p" != "${p%/*}" ] | ||
6 | do | ||
7 | p=${p%/*} | ||
8 | dirs="$dirs $p/" | ||
9 | done | ||
10 | |||
11 | chown root:root $dirs | ||
12 | chmod go-w $dirs | ||
13 | |||
14 | cmd="/usr/sbin/sshd -D -e -f $HOME/.ssh/sshd_config -h $HOME/.ssh/id_ed25519" | ||
15 | /sbin/runuser -u u -- sh -c "set -x; $cmd" | ||
16 | |||
diff --git a/EndoForge/openssh/sshd_config b/EndoForge/openssh/sshd_config new file mode 100644 index 0000000..8df5d17 --- /dev/null +++ b/EndoForge/openssh/sshd_config | |||
@@ -0,0 +1,13 @@ | |||
1 | Port 22022 | ||
2 | |||
3 | AuthorizedKeysCommandUser=u | ||
4 | AuthorizedKeysCommand=/home/u/.ssh/AuthorizedKeysCommand %u %h %f "%t %k" | ||
5 | ExposeAuthInfo=yes | ||
6 | PidFile=/home/u/.ssh/sshd.pid | ||
7 | |||
8 | AuthenticationMethods publickey | ||
9 | AcceptEnv LANG LC_* | ||
10 | Subsystem sftp /usr/lib/openssh/sftp-server | ||
11 | UsePAM no | ||
12 | PermitTTY no | ||
13 | ChrootDirectory=none | ||