1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant)

This commit is contained in:
Joshua Tauberer 2014-06-23 19:39:20 +00:00
parent d4ce50de86
commit 1dec8c65ce
2 changed files with 21 additions and 15 deletions

View File

@ -17,6 +17,27 @@ from mailconfig import get_mail_domains, get_mail_aliases
from utils import shell, sort_domains from utils import shell, sort_domains
def run_checks(env): def run_checks(env):
run_system_checks(env)
run_domain_checks(env)
def run_system_checks(env):
print("System")
print("======")
# Check that SSH login with password is disabled.
sshd = open("/etc/ssh/sshd_config").read()
if re.search("\nPasswordAuthentication\s+yes", sshd) \
or not re.search("\nPasswordAuthentication\s+no", sshd):
print_error("""The SSH server on this machine permits password-based login. A more secure
way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check
that you can log in without a password, set the option 'PasswordAuthentication no' in
/etc/ssh/sshd_config, and then restart the openssh via 'sudo service ssh restart'.""")
else:
print_ok("SSH disallows password-based login.")
print()
def run_domain_checks(env):
# Get the list of domains we handle mail for. # Get the list of domains we handle mail for.
mail_domains = get_mail_domains(env) mail_domains = get_mail_domains(env)

View File

@ -1,15 +0,0 @@
#!/bin/bash
# Check that SSH login with password is disabled. Stop if it's enabled.
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
|| ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
echo "The SSH server on this machine permits password-based login."
echo "A more secure way to log in is using a public key."
echo ""
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
echo "check that you can log in without a password, set the option"
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
echo "restart the openssh via 'sudo service ssh restart'"
exit
fi