diff options
author | Andrew Cady <d@jerkface.net> | 2023-05-27 22:34:55 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2023-05-27 22:35:09 -0400 |
commit | f6a5dafe904909bbee1b2da0d3a7786fd8952871 (patch) | |
tree | ebaffcc2043844dc1d04cc174bb45498f7276d47 | |
parent | e6f31e56797cf45b13c0d98499d647125521feeb (diff) |
add sshd config files
these contain a hard-coded username at the moment
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | src/fossil-user.conf | 4 | ||||
-rwxr-xr-x | src/user-d.AnonymousForceCommand | 2 | ||||
-rwxr-xr-x | src/user-d.AuthorizedKeysCommand | 7 |
4 files changed, 15 insertions, 0 deletions
@@ -42,6 +42,8 @@ bindir = /usr/local/bin | |||
42 | 42 | ||
43 | default: install start follow | 43 | default: install start follow |
44 | install: | 44 | install: |
45 | install -t /etc/ssh/ -- src/user-d.AnonymousForceCommand src/user-d.AuthorizedKeysCommand | ||
46 | install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf | ||
45 | install -m644 -t $(unitdir) -- $(unit_files) | 47 | install -m644 -t $(unitdir) -- $(unit_files) |
46 | install -t $(bindir) -- $(executables) | 48 | install -t $(bindir) -- $(executables) |
47 | systemctl daemon-reload | 49 | systemctl daemon-reload |
diff --git a/src/fossil-user.conf b/src/fossil-user.conf new file mode 100644 index 0000000..f4296fd --- /dev/null +++ b/src/fossil-user.conf | |||
@@ -0,0 +1,4 @@ | |||
1 | Match User d | ||
2 | ExposeAuthInfo=yes | ||
3 | AuthorizedKeysCommandUser=root | ||
4 | AuthorizedKeysCommand=/etc/ssh/user-d.AuthorizedKeysCommand "%t %k" "%f" | ||
diff --git a/src/user-d.AnonymousForceCommand b/src/user-d.AnonymousForceCommand new file mode 100755 index 0000000..a8a09f3 --- /dev/null +++ b/src/user-d.AnonymousForceCommand | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/bash | ||
2 | socat stdio /run/fossil-user.S | ||
diff --git a/src/user-d.AuthorizedKeysCommand b/src/user-d.AuthorizedKeysCommand new file mode 100755 index 0000000..6bf0ec9 --- /dev/null +++ b/src/user-d.AuthorizedKeysCommand | |||
@@ -0,0 +1,7 @@ | |||
1 | #!/bin/sh | ||
2 | cmd=/etc/ssh/user-d.AnonymousForceCommand | ||
3 | [ -x "$cmd" ] || exit | ||
4 | |||
5 | key=$1 | ||
6 | shift | ||
7 | printf 'restrict,pty,command="%s" %s\n' "$cmd $*" "$key" | ||