From f94c5c4222cf5edf42193dc4dd3010ba1f8b53f2 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sat, 23 Oct 2021 18:08:40 -0400 Subject: got user-mode sshd working --- EndoForge/openssh/AuthorizedKeysCommand | 16 ++++++++++++++++ EndoForge/openssh/Makefile | 12 ++++++++++++ EndoForge/openssh/runsshd.sh | 16 ++++++++++++++++ EndoForge/openssh/sshd_config | 13 +++++++++++++ 4 files changed, 57 insertions(+) create mode 100755 EndoForge/openssh/AuthorizedKeysCommand create mode 100644 EndoForge/openssh/Makefile create mode 100755 EndoForge/openssh/runsshd.sh create mode 100644 EndoForge/openssh/sshd_config diff --git a/EndoForge/openssh/AuthorizedKeysCommand b/EndoForge/openssh/AuthorizedKeysCommand new file mode 100755 index 0000000..063444e --- /dev/null +++ b/EndoForge/openssh/AuthorizedKeysCommand @@ -0,0 +1,16 @@ +#!/bin/sh +fingerprint=$3 +authline="$4 $5" + +username=$(id -un) +userhome=$(getent passwd $(id -un) | (IFS=: read _ _ _ _ _ home _ && echo "$home")) + +case "$userhome" in + '' | *"'"* ) exit ;; +esac + +usercommand=$userhome/.ssh/AnonymousAccessCommand + +[ -x "$usercommand" ] || exit + +printf 'command="%s",no-port-forwarding %s\n' "$usercommand $fingerprint" "$authline" diff --git a/EndoForge/openssh/Makefile b/EndoForge/openssh/Makefile new file mode 100644 index 0000000..e53a851 --- /dev/null +++ b/EndoForge/openssh/Makefile @@ -0,0 +1,12 @@ +# SSH_LISTEN_PORT = 22022 +# SSHD = /usr/sbin/sshd -p $(SSH_LISTEN_PORT) -D -e -f ~/.ssh/sshd_config -h ~/.ssh/id_ed25519 + +run: + fakeroot ./runsshd.sh + +runtest: + $(SSHD) -t + +install: + install -m0600 sshd_config -t ~/.ssh + install -m0755 AuthorizedKeysCommand -t ~/.ssh diff --git a/EndoForge/openssh/runsshd.sh b/EndoForge/openssh/runsshd.sh new file mode 100755 index 0000000..1eff668 --- /dev/null +++ b/EndoForge/openssh/runsshd.sh @@ -0,0 +1,16 @@ +#!/bin/sh +set -- +dirs=$HOME +p=$HOME +while [ "$p" != "${p%/*}" ] +do + p=${p%/*} + dirs="$dirs $p/" +done + +chown root:root $dirs +chmod go-w $dirs + +cmd="/usr/sbin/sshd -D -e -f $HOME/.ssh/sshd_config -h $HOME/.ssh/id_ed25519" +/sbin/runuser -u u -- sh -c "set -x; $cmd" + diff --git a/EndoForge/openssh/sshd_config b/EndoForge/openssh/sshd_config new file mode 100644 index 0000000..8df5d17 --- /dev/null +++ b/EndoForge/openssh/sshd_config @@ -0,0 +1,13 @@ +Port 22022 + +AuthorizedKeysCommandUser=u +AuthorizedKeysCommand=/home/u/.ssh/AuthorizedKeysCommand %u %h %f "%t %k" +ExposeAuthInfo=yes +PidFile=/home/u/.ssh/sshd.pid + +AuthenticationMethods publickey +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server +UsePAM no +PermitTTY no +ChrootDirectory=none -- cgit v1.2.3