57 lines
1.3 KiB
Bash
Executable File
57 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
if [ ${DISABLE_SFTP} -eq 1 ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
echo "# Configuring ssh"
|
|
|
|
# make sure directory exists
|
|
mkdir -p "${PATH_SSH_HOST}"
|
|
|
|
for keytype in ecdsa rsa ed25519 ; do
|
|
if [ ! -r "${PATH_SSH_HOST}/ssh_host_${keytype}_key" ] ; then
|
|
/usr/bin/ssh-keygen -t "${keytype}" -f "${PATH_SSH_HOST}/ssh_host_${keytype}_key" -N ""
|
|
fi
|
|
chmod 0600 "${PATH_SSH_HOST}/ssh_host_${keytype}_key"
|
|
chmod 0644 "${PATH_SSH_HOST}/ssh_host_${keytype}_key.pub"
|
|
done
|
|
|
|
# set authorized_keys permissions
|
|
if [ -f "${PATH_SSH_HOST}/authorized_keys" ] ; then
|
|
chmod 0600 "${PATH_SSH_HOST}/authorized_keys"
|
|
chown "${USERNAME}:${GROUPNAME}" "${PATH_SSH_HOST}/authorized_keys"
|
|
fi
|
|
|
|
if [ -d "${PATH_WEBROOT}/.ssh" ] ; then
|
|
chmod 0700 "${PATH_WEBROOT}/.ssh"
|
|
fi
|
|
|
|
# configure sshd
|
|
cat >/etc/ssh/sshd_config.d/sshd.conf <<EOF
|
|
HostKey ${PATH_SSH_HOST}/ssh_host_rsa_key
|
|
HostKey ${PATH_SSH_HOST}/ssh_host_ecdsa_key
|
|
HostKey ${PATH_SSH_HOST}/ssh_host_ed25519_key
|
|
|
|
#SyslogFacility AUTH
|
|
LogLevel INFO
|
|
LoginGraceTime 1m
|
|
PermitRootLogin no
|
|
PubkeyAuthentication yes
|
|
MaxAuthTries 3
|
|
PrintMotd no
|
|
|
|
AuthorizedKeysFile ${PATH_SSH_HOST}/authorized_keys
|
|
PasswordAuthentication no
|
|
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
GatewayPorts no
|
|
X11Forwarding no
|
|
|
|
Subsystem sftp internal-sftp
|
|
|
|
ChrootDirectory ${PATH_BASE}
|
|
ForceCommand internal-sftp -d ${PATH_WEBROOT}
|
|
EOF
|