ssh config location
All checks were successful
All checks were successful
This commit is contained in:
@@ -6,6 +6,7 @@ PATH_STATS=${PATH_BASE}/stats
|
||||
PATH_STATSDB=${PATH_BASE}/stats.db
|
||||
PATH_LOGS=${PATH_BASE}/logs
|
||||
PATH_AUTH=${PATH_BASE}/auth
|
||||
PATH_SSH_HOST=${PATH_BASE}/ssh.host
|
||||
|
||||
WEBDAV_PORT=${WEBDAV_PORT:-8080}
|
||||
STATS_PORT=${STATS_PORT:-8081}
|
||||
@@ -25,11 +26,13 @@ FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-3}
|
||||
|
||||
export USERNAME
|
||||
export GROUPNAME
|
||||
export PATH_BASE
|
||||
export PATH_WEBROOT
|
||||
export PATH_STATS
|
||||
export PATH_STATSDB
|
||||
export PATH_LOGS
|
||||
export PATH_AUTH
|
||||
export PATH_SSH_HOST
|
||||
export WEBDAV_PORT
|
||||
export STATS_PORT
|
||||
export POSTSIZE
|
||||
|
||||
@@ -3,19 +3,48 @@
|
||||
echo "# Configuring ssh"
|
||||
|
||||
for keytype in ecdsa rsa ed25519 ; do
|
||||
if [ ! -r "/ssh/ssh_host_${keytype}_key" ] ; then
|
||||
/usr/bin/ssh-keygen -t "${keytype}" -f "/ssh/ssh_host_${keytype}_key" -N ""
|
||||
if [ ! -r "${PATH_SSH_HOST}/ssh_host_${keytype}_key" ] ; then
|
||||
/usr/bin/ssh-keygen -t "${keytype}" -f "${PATH_SSH_HOST}/ssh_host_${keytype}_key" -N ""
|
||||
fi
|
||||
chmod 0600 "/ssh/ssh_host_${keytype}_key"
|
||||
chmod 0644 "/ssh/ssh_host_${keytype}_key.pub"
|
||||
chmod 0600 "${PATH_SSH_HOST}/ssh_host_${keytype}_key"
|
||||
chmod 0644 "${PATH_SSH_HOST}/ssh_host_${keytype}_key.pub"
|
||||
done
|
||||
|
||||
# set authorized_keys permissions
|
||||
if [ -f /ssh/authorized_keys ] ; then
|
||||
chmod 0600 /ssh/authorized_keys
|
||||
chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
|
||||
if [ -f "${PATH_SSH_HOST}/authorized_keys" ] ; then
|
||||
chmod 0600 "${PATH_SSH_HOST}/authorized_keys"
|
||||
chown "${USERNAME}:${GROUPNAME}" "${PATH_SSH_HOST}/authorized_keys"
|
||||
fi
|
||||
|
||||
if [ -d "${PATH_WEBROOT}/.ssh" ] ; then
|
||||
chmod 0700 "${PATH_WEBROOT}/.ssh"
|
||||
fi
|
||||
|
||||
|
||||
|
||||
cat >/etc/ssh/sshd_config.d/sshd.conf <<EOF
|
||||
HostKey ${PATH_SSH_HOST}/ssh_host_rsa_key
|
||||
HostKey ${PATH_SSH_HOST}/ssh_host_ecdsa_key
|
||||
HostKey ${PATH_SSH_HOST}/ssh_host_ed25519_key
|
||||
|
||||
#SyslogFacility AUTH
|
||||
LogLevel INFO
|
||||
LoginGraceTime 1m
|
||||
PermitRootLogin no
|
||||
PubkeyAuthentication yes
|
||||
MaxAuthTries 3
|
||||
PrintMotd no
|
||||
|
||||
AuthorizedKeysFile ${PATH_SSH_HOST}/authorized_keys
|
||||
PasswordAuthentication no
|
||||
|
||||
AllowAgentForwarding no
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
X11Forwarding no
|
||||
|
||||
Subsystem sftp internal-sftp
|
||||
|
||||
ChrootDirectory ${PATH_BASE}
|
||||
ForceCommand internal-sftp -d ${PATH_WEBROOT}
|
||||
EOF
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
HostKey /ssh/ssh_host_rsa_key
|
||||
HostKey /ssh/ssh_host_ecdsa_key
|
||||
HostKey /ssh/ssh_host_ed25519_key
|
||||
|
||||
#SyslogFacility AUTH
|
||||
LogLevel INFO
|
||||
LoginGraceTime 1m
|
||||
PermitRootLogin no
|
||||
PubkeyAuthentication yes
|
||||
MaxAuthTries 3
|
||||
PrintMotd no
|
||||
|
||||
AuthorizedKeysFile /ssh/authorized_keys
|
||||
PasswordAuthentication no
|
||||
|
||||
AllowAgentForwarding no
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
X11Forwarding no
|
||||
|
||||
Subsystem sftp internal-sftp
|
||||
|
||||
ChrootDirectory /data
|
||||
ForceCommand internal-sftp -d /data/www
|
||||
Reference in New Issue
Block a user