punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/docs/scripts/after/run_onchange_after_30-sshd.sh.tmpl.md
Brian Zalewski 45791f9bc7
Added documentation to /docs and other misc. fixes
2023-08-08 03:06:49 -04:00

3.4 KiB
Raw Blame History

title description sidebar_label slug githubLocation scriptLocation repoLocation
SSHD Configuration Applies SSHD system configuration and then restarts / enables the SSH server 30 SSHD Configuration /scripts/after/run_onchange_after_30-sshd.sh.tmpl https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl

SSHD Configuration

Applies SSHD system configuration and then restarts / enables the SSH server

Overview

This script applies the SSH server MOTD banner and sshd_config (which are housed in the home/private_dot_ssh/system location) to the system by copying the files to the system location and then restarting / enabling the system SSH server.

Links

Source Code

{{- if ne .host.distro.family "windows" -}}
#!/usr/bin/env bash
# @file SSHD Configuration
# @brief Applies SSHD system configuration and then restarts / enables the SSH server
# @description
#     This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
#     to the system by copying the files to the system location and then restarting / enabling the system SSH server.
#
#     ## Links
#
#     * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)

# sshd_config hash: {{- include (joinPath .host.home ".ssh" "system" "sshd_config") | sha256sum -}}
# banner hash: {{- include (joinPath .host.home ".ssh" "system" "banner") | sha256sum -}}

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

### Update /etc/ssh/sshd_config if environment is not WSL
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
    if [ -d /etc/ssh ]; then
        logg info 'Copying ~/.ssh/system/banner to /etc/ssh/banner'
        sudo cp -f "$HOME/.ssh/system/banner" /etc/ssh/banner

        logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config'
        sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config

        if command -v semanage > /dev/null; then
            logg info 'Apply SELinux configuration addressing custom SSH port'
            sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
            logg info 'Allow NIS SSHD'
            sudo setsebool -P nis_enabled 1
        fi

        ### Restart SSH server
        if [ -d /Applications ] && [ -d /System ]; then
            # macOS
            logg info 'Running `sudo launchctl stop com.openssh.sshd`'
            sudo launchctl stop com.openssh.sshd
            logg info 'Running `sudo launchctl start com.openssh.sshd`'
            sudo launchctl start com.openssh.sshd
        else
            # Linux
            logg info 'Enabling the `sshd` service'
            sudo systemctl enable sshd
            logg info 'Restarting the `sshd` service'
            sudo systemctl restart sshd
        fi
    else
        logg warn 'The /etc/ssh folder does not exist'
    fi
else
    logg info 'Skipping sshd_config application since environment is WSL'
fi

{{ end -}}