From 473f1f61ac0c3489fd3bd357e2b733aafec5715a Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sun, 24 Oct 2021 17:09:13 -0400 Subject: add sshd service: make install-user documentation updated --- EndoForge/Makefile | 11 ++++++++--- EndoForge/README.md | 16 ++++++++-------- EndoForge/src/sshd.service | 18 ++++++++++++++++++ 3 files changed, 34 insertions(+), 11 deletions(-) create mode 100644 EndoForge/src/sshd.service diff --git a/EndoForge/Makefile b/EndoForge/Makefile index 3fcbb2d..db8f77d 100644 --- a/EndoForge/Makefile +++ b/EndoForge/Makefile @@ -47,9 +47,14 @@ endef install: install-user install-root install-user: - $(INSTALL) -d ~/.ssh - $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand - $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp && $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config + $(INSTALL) -d ~/.ssh + $(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand + $(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp + $(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config + $(INSTALL) -m0644 -t ~/.config/systemd/user $(SRC)/sshd.service + systemctl --user daemon-reload + systemctl --user enable sshd + systemctl --user restart sshd install-root: $(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true diff --git a/EndoForge/README.md b/EndoForge/README.md index 814b586..0a1f644 100644 --- a/EndoForge/README.md +++ b/EndoForge/README.md @@ -73,16 +73,16 @@ editing the system `OpenSSH` configuration. NON-ROOT INSTALLATION --------------------- -A configuration file to run `OpenSSH` as an unprivileged user is included. This -type of installation is vastly inferior because a non-standard TCP port must be -used as the address. The configuration file sets the port to `22022`. +A systemd unit file to run `OpenSSH` as an unprivileged user is included. -Type 'make run' to run the unprivileged `OpenSSH` server. +The configuration file sets the port to `22022`. -``` - make run -``` +This type of installation is vastly inferior to running as root, because only +root can make `OpenSSH` listen on port `22`, as it is designed to do. +The `install-user` target runs the unprivileged `OpenSSH` server. -[TODO: This repository needs a systemd service file to launch it automatically.] +``` + make install-user +``` diff --git a/EndoForge/src/sshd.service b/EndoForge/src/sshd.service new file mode 100644 index 0000000..156daa9 --- /dev/null +++ b/EndoForge/src/sshd.service @@ -0,0 +1,18 @@ +[Unit] +Description=OpenBSD Secure Shell server +Documentation=man:sshd(8) man:sshd_config(5) + +[Service] +Restart=always +ExecStartPre=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config +ExecStart=/usr/sbin/sshd -D -e -f ${HOME}/.ssh/sshd_config +ExecReload=/usr/sbin/sshd -t -f ${HOME}/.ssh/sshd_config +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartPreventExitStatus=255 +Type=notify + +[Install] +WantedBy=default.target +#Alias=sshd.service -- cgit v1.2.3