1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-22 07:17:05 +00:00

move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase

This commit is contained in:
Joshua Tauberer 2014-06-06 08:17:49 -04:00
parent 6194c63f76
commit f9c3f33e74
2 changed files with 15 additions and 15 deletions

15
setup/check_ssh.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Check that SSH login with password is disabled. Stop if it's enabled.
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
|| ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
echo "The SSH server on this machine permits password-based login."
echo "A more secure way to log in is using a public key."
echo ""
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
echo "check that you can log in without a password, set the option"
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
echo "restart the openssh via 'sudo service ssh restart'"
exit
fi

View File

@ -5,21 +5,6 @@ source setup/functions.sh # load our functions
apt-get -qq update
apt-get -qq -y upgrade
# Install openssh-server to ensure that the end result is consistent across all Mail-in-a-Boxes.
apt_install openssh-server
# Check that SSH login with password is disabled. Stop if it's enabled.
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
|| ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
echo
echo "The SSH server on this machine permits password-based login."
echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
echo "check that you can log in without a password, set the option"
echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
echo "restart the openssh via 'sudo service ssh restart'"
exit
fi
# Install basic utilities.
apt_install python3 wget curl bind9-host