59 lines
2.8 KiB
Cheetah
59 lines
2.8 KiB
Cheetah
{{- if ne .host.distro.family "windows" -}}
|
|
#!/usr/bin/env bash
|
|
# @file SSHD Configuration
|
|
# @brief Applies SSHD system configuration and then restarts / enables the SSH server
|
|
# @description
|
|
# This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
|
|
# to the system by copying the files to the system location and then restarting / enabling the system SSH server.
|
|
#
|
|
# ## Links
|
|
#
|
|
# * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
|
|
|
|
# sshd_config hash: {{- include (joinPath .host.home ".ssh" "system" "sshd_config") | sha256sum -}}
|
|
# banner hash: {{- include (joinPath .host.home ".ssh" "system" "banner") | sha256sum -}}
|
|
|
|
{{ includeTemplate "universal/profile" }}
|
|
{{ includeTemplate "universal/logg" }}
|
|
|
|
### Update /etc/ssh/sshd_config if environment is not WSL
|
|
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
|
|
if [ -d /etc/ssh ]; then
|
|
logg info 'Copying ~/.ssh/system/banner to /etc/ssh/banner'
|
|
sudo cp -f "$HOME/.ssh/system/banner" /etc/ssh/banner
|
|
|
|
logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config'
|
|
sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config
|
|
|
|
if command -v semanage > /dev/null; then
|
|
logg info 'Apply SELinux configuration addressing custom SSH port'
|
|
sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
|
|
logg info 'Allow NIS SSHD'
|
|
sudo setsebool -P nis_enabled 1
|
|
fi
|
|
|
|
### Ensure keys are created
|
|
logg info 'Running sudo ssh-keygen -A' && sudo ssh-keygen -A
|
|
|
|
### Restart SSH server
|
|
if [ -d /Applications ] && [ -d /System ]; then
|
|
# macOS
|
|
logg info 'Running sudo systemsetup -setremotelogin on' && sudo systemsetup -setremotelogin on
|
|
logg info 'Running sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist' && sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
|
|
logg info 'Running sudo launchctl stop com.openssh.sshd' && sudo launchctl stop com.openssh.sshd
|
|
logg info 'Running sudo launchctl start com.openssh.sshd' && sudo launchctl start com.openssh.sshd && logg success 'Successfully ran launchctl start com.openssh.sshd'
|
|
else
|
|
# Linux
|
|
logg info 'Enabling the sshd service'
|
|
sudo systemctl enable sshd
|
|
logg info 'Restarting the sshd service'
|
|
sudo systemctl restart sshd && logg success 'Successfully ran sudo systemctl restart sshd'
|
|
fi
|
|
else
|
|
logg warn 'The /etc/ssh folder does not exist'
|
|
fi
|
|
else
|
|
logg info 'Skipping sshd_config application since environment is WSL'
|
|
fi
|
|
|
|
{{ end -}}
|