diff options
-rw-r--r-- | EndoForge/Makefile | 11 | ||||
-rw-r--r-- | EndoForge/README.md | 16 | ||||
-rw-r--r-- | EndoForge/src/sshd.service | 18 |
3 files changed, 34 insertions, 11 deletions
diff --git a/EndoForge/Makefile b/EndoForge/Makefile index 3fcbb2d..db8f77d 100644 --- a/EndoForge/Makefile +++ b/EndoForge/Makefile | |||
@@ -47,9 +47,14 @@ endef | |||
47 | install: install-user install-root | 47 | install: install-user install-root |
48 | 48 | ||
49 | install-user: | 49 | install-user: |
50 | $(INSTALL) -d ~/.ssh | 50 | $(INSTALL) -d ~/.ssh |
51 | $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand | 51 | $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand |
52 | $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp && $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config | 52 | $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp |
53 | $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config | ||
54 | $(INSTALL) -m0644 -t ~/.config/systemd/user $(SRC)/sshd.service | ||
55 | systemctl --user daemon-reload | ||
56 | systemctl --user enable sshd | ||
57 | systemctl --user restart sshd | ||
53 | 58 | ||
54 | install-root: | 59 | install-root: |
55 | $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true | 60 | $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true |
diff --git a/EndoForge/README.md b/EndoForge/README.md index 814b586..0a1f644 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md | |||
@@ -73,16 +73,16 @@ editing the system `OpenSSH` configuration. | |||
73 | NON-ROOT INSTALLATION | 73 | NON-ROOT INSTALLATION |
74 | --------------------- | 74 | --------------------- |
75 | 75 | ||
76 | A configuration file to run `OpenSSH` as an unprivileged user is included. This | 76 | A systemd unit file to run `OpenSSH` as an unprivileged user is included. |
77 | type of installation is vastly inferior because a non-standard TCP port must be | ||
78 | used as the address. The configuration file sets the port to `22022`. | ||
79 | 77 | ||
80 | Type 'make run' to run the unprivileged `OpenSSH` server. | 78 | The configuration file sets the port to `22022`. |
81 | 79 | ||
82 | ``` | 80 | This type of installation is vastly inferior to running as root, because only |
83 | make run | 81 | root can make `OpenSSH` listen on port `22`, as it is designed to do. |
84 | ``` | ||
85 | 82 | ||
83 | The `install-user` target runs the unprivileged `OpenSSH` server. | ||
86 | 84 | ||
87 | [TODO: This repository needs a systemd service file to launch it automatically.] | 85 | ``` |
86 | make install-user | ||
87 | ``` | ||
88 | 88 | ||
diff --git a/EndoForge/src/sshd.service b/EndoForge/src/sshd.service new file mode 100644 index 0000000..156daa9 --- /dev/null +++ b/EndoForge/src/sshd.service | |||
@@ -0,0 +1,18 @@ | |||
1 | [Unit] | ||
2 | Description=OpenBSD Secure Shell server | ||
3 | Documentation=man:sshd(8) man:sshd_config(5) | ||
4 | |||
5 | [Service] | ||
6 | Restart=always | ||
7 | ExecStartPre=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config | ||
8 | ExecStart=/usr/sbin/sshd -D -e -f ${HOME}/.ssh/sshd_config | ||
9 | ExecReload=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config | ||
10 | ExecReload=/bin/kill -HUP $MAINPID | ||
11 | KillMode=process | ||
12 | Restart=on-failure | ||
13 | RestartPreventExitStatus=255 | ||
14 | Type=notify | ||
15 | |||
16 | [Install] | ||
17 | WantedBy=default.target | ||
18 | #Alias=sshd.service | ||