move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant)
This commit is contained in:
parent
d4ce50de86
commit
1dec8c65ce
|
@ -17,6 +17,27 @@ from mailconfig import get_mail_domains, get_mail_aliases
|
|||
from utils import shell, sort_domains
|
||||
|
||||
def run_checks(env):
|
||||
run_system_checks(env)
|
||||
run_domain_checks(env)
|
||||
|
||||
def run_system_checks(env):
|
||||
print("System")
|
||||
print("======")
|
||||
|
||||
# Check that SSH login with password is disabled.
|
||||
sshd = open("/etc/ssh/sshd_config").read()
|
||||
if re.search("\nPasswordAuthentication\s+yes", sshd) \
|
||||
or not re.search("\nPasswordAuthentication\s+no", sshd):
|
||||
print_error("""The SSH server on this machine permits password-based login. A more secure
|
||||
way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check
|
||||
that you can log in without a password, set the option 'PasswordAuthentication no' in
|
||||
/etc/ssh/sshd_config, and then restart the openssh via 'sudo service ssh restart'.""")
|
||||
else:
|
||||
print_ok("SSH disallows password-based login.")
|
||||
|
||||
print()
|
||||
|
||||
def run_domain_checks(env):
|
||||
# Get the list of domains we handle mail for.
|
||||
mail_domains = get_mail_domains(env)
|
||||
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Check that SSH login with password is disabled. Stop if it's enabled.
|
||||
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
|
||||
|| ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
|
||||
echo "The SSH server on this machine permits password-based login."
|
||||
echo "A more secure way to log in is using a public key."
|
||||
echo ""
|
||||
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
|
||||
echo "check that you can log in without a password, set the option"
|
||||
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
|
||||
echo "restart the openssh via 'sudo service ssh restart'"
|
||||
exit
|
||||
fi
|
||||
|
Loading…
Reference in New Issue