diff options
| author | nachoparker <nacho@ownyourbits.com> | 2017-11-27 13:12:55 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2017-11-27 13:12:55 +0300 |
| commit | 58d4ca62448b868fccf8e01e569df8145e8b7bc0 (patch) | |
| tree | 32c9f7e3508b8bbd812b9f51fa1c1208e1b1da7c | |
| parent | 98c664938f0133fc351bbfe435d85c4a4e896514 (diff) | |
added SSHv0.38.0
| -rwxr-xr-x | etc/library.sh | 5 | ||||
| -rw-r--r-- | etc/nextcloudpi-config.d/SSH.sh | 78 |
2 files changed, 82 insertions, 1 deletions
diff --git a/etc/library.sh b/etc/library.sh index c177abc6..a577c2f1 100755 --- a/etc/library.sh +++ b/etc/library.sh @@ -96,8 +96,11 @@ function is_active_script() local SCRIPT=$1 unset is_active source "$SCRIPT" + [[ $( type -t is_active ) == function ]] && { + is_active + return $? + } grep -q "^ACTIVE_=yes" "$SCRIPT" && return 0 - [[ $( type -t is_active ) == function ]] && is_active ) } diff --git a/etc/nextcloudpi-config.d/SSH.sh b/etc/nextcloudpi-config.d/SSH.sh new file mode 100644 index 00000000..8033404c --- /dev/null +++ b/etc/nextcloudpi-config.d/SSH.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Activate/deactivate SSH +# +# +# Copyleft 2017 by Courtney Hicks +# GPL licensed (see end of file) * Use at your own risk! +# + +ACTIVE_=no +USER_=pi +PASS_=raspberry +CONFIRM_=raspberry + +DESCRIPTION="Activate or deactivate SSH" + +install() { :; } + +is_active() +{ + systemctl status ssh &>/dev/null +} + +configure() +{ + [[ $ACTIVE_ != "yes" ]] && { + systemctl disable ssh + echo "SSH disabled" + return 0 + } + + # Check for bad ideas + [[ "$USER_" == "pi" ]] && [[ "$PASS_" == "raspberry" ]] && { + echo "Refusing to use the default Raspbian user and password. It's insecure" + return 1 + } + + # Change credentials + id "$USER_" &>/dev/null || useradd "$USER_" + echo -e "$PASS_\n$CONFIRM_" | passwd "$USER_" || return 1 + + # Check for insecure default password ( taken from old jessie method ) + local SHADOW="$( grep -E '^pi:' /etc/shadow )" + test -n "${SHADOW}" && { + local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p') + local HASH=$(mkpasswd -msha-512 raspberry "$SALT") + + grep -q "${HASH}" <<< "${SHADOW}" && { + systemctl stop ssh + systemctl disable ssh + echo "The user pi is using the default password. Refusing to activate SSH" + echo "SSH disabled" + return 1 + } + } + + # Enable + systemctl enable ssh + systemctl start ssh + echo "SSH enabled" +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA |