add sshd config files

these contain a hard-coded username at the moment
author: Andrew Cady <d@jerkface.net> 2023-05-27 22:34:55 -0400
committer: Andrew Cady <d@jerkface.net> 2023-05-27 22:35:09 -0400
commit: f6a5dafe904909bbee1b2da0d3a7786fd8952871 (patch)
tree: ebaffcc2043844dc1d04cc174bb45498f7276d47
parent: e6f31e56797cf45b13c0d98499d647125521feeb (diff)
4 files changed, 15 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 12b9329..e9b3bf9 100644
--- a/Makefile
+++ b/Makefile
@@ -42,6 +42,8 @@ bindir = /usr/local/bin
 default: install start follow
 install:
+        install -t /etc/ssh/ -- src/user-d.AnonymousForceCommand src/user-d.AuthorizedKeysCommand
+        install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf
        install -m644 -t $(unitdir) -- $(unit_files)
        install -t $(bindir) -- $(executables)
        systemctl daemon-reload
diff --git a/src/fossil-user.conf b/src/fossil-user.conf
new file mode 100644
index 0000000..f4296fd
--- /dev/null
+++ b/src/fossil-user.conf
@@ -0,0 +1,4 @@
+Match User d
+ExposeAuthInfo=yes
+AuthorizedKeysCommandUser=root
+AuthorizedKeysCommand=/etc/ssh/user-d.AuthorizedKeysCommand "%t %k" "%f"
diff --git a/src/user-d.AnonymousForceCommand b/src/user-d.AnonymousForceCommand
new file mode 100755
index 0000000..a8a09f3
--- /dev/null
+++ b/src/user-d.AnonymousForceCommand
@@ -0,0 +1,2 @@
+#!/bin/bash
+socat stdio /run/fossil-user.S
diff --git a/src/user-d.AuthorizedKeysCommand b/src/user-d.AuthorizedKeysCommand
new file mode 100755
index 0000000..6bf0ec9
--- /dev/null
+++ b/src/user-d.AuthorizedKeysCommand
@@ -0,0 +1,7 @@
+#!/bin/sh
+cmd=/etc/ssh/user-d.AnonymousForceCommand
+[ -x "$cmd" ] || exit
+key=$1
+shift
+printf 'restrict,pty,command="%s" %s\n' "$cmd $*" "$key"
author	Andrew Cady <d@jerkface.net>	2023-05-27 22:34:55 -0400
committer	Andrew Cady <d@jerkface.net>	2023-05-27 22:35:09 -0400
commit	f6a5dafe904909bbee1b2da0d3a7786fd8952871 (patch)
tree	ebaffcc2043844dc1d04cc174bb45498f7276d47
parent	e6f31e56797cf45b13c0d98499d647125521feeb (diff)

diff --git a/Makefile b/Makefile index 12b9329..e9b3bf9 100644 --- a/Makefile +++ b/Makefile
@@ -42,6 +42,8 @@ bindir = /usr/local/bin
42		42
43	default: install start follow	43	default: install start follow
44	install:	44	install:
		45	install -t /etc/ssh/ -- src/user-d.AnonymousForceCommand src/user-d.AuthorizedKeysCommand
		46	install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf
45	install -m644 -t $(unitdir) -- $(unit_files)	47	install -m644 -t $(unitdir) -- $(unit_files)
46	install -t $(bindir) -- $(executables)	48	install -t $(bindir) -- $(executables)
47	systemctl daemon-reload	49	systemctl daemon-reload


diff --git a/src/fossil-user.conf b/src/fossil-user.conf new file mode 100644 index 0000000..f4296fd --- /dev/null +++ b/src/fossil-user.conf
@@ -0,0 +1,4 @@
		1	Match User d
		2	ExposeAuthInfo=yes
		3	AuthorizedKeysCommandUser=root
		4	AuthorizedKeysCommand=/etc/ssh/user-d.AuthorizedKeysCommand "%t %k" "%f"


diff --git a/src/user-d.AnonymousForceCommand b/src/user-d.AnonymousForceCommand new file mode 100755 index 0000000..a8a09f3 --- /dev/null +++ b/src/user-d.AnonymousForceCommand
@@ -0,0 +1,2 @@
		1	#!/bin/bash
		2	socat stdio /run/fossil-user.S


diff --git a/src/user-d.AuthorizedKeysCommand b/src/user-d.AuthorizedKeysCommand new file mode 100755 index 0000000..6bf0ec9 --- /dev/null +++ b/src/user-d.AuthorizedKeysCommand
@@ -0,0 +1,7 @@
		1	#!/bin/sh
		2	cmd=/etc/ssh/user-d.AnonymousForceCommand
		3	[ -x "$cmd" ] \|\| exit
		4
		5	key=$1
		6	shift
		7	printf 'restrict,pty,command="%s" %s\n' "$cmd $*" "$key"