Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/nextcloudpi.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/etc/ncp-config.d/SSH.sh
diff options
context:
space:
mode:
Diffstat (limited to 'etc/ncp-config.d/SSH.sh')
-rw-r--r--etc/ncp-config.d/SSH.sh32
1 files changed, 26 insertions, 6 deletions
diff --git a/etc/ncp-config.d/SSH.sh b/etc/ncp-config.d/SSH.sh
index 5d4d1654..cbf72263 100644
--- a/etc/ncp-config.d/SSH.sh
+++ b/etc/ncp-config.d/SSH.sh
@@ -8,21 +8,22 @@
#
ACTIVE_=no
-USER_=pi
-PASS_=raspberry
-CONFIRM_=raspberry
+USER_=root
+PASS_=1234
+CONFIRM_=1234
DESCRIPTION="Activate or deactivate SSH"
INFOTITLE="SSH notes"
-INFO="In order to enable SSH, the password for user pi can NOT remain set to the default raspberry.
-You HAVE to create a NEW password for pi if you want this program to enable SSH, it will fail if you dont!
+INFO="In order to enable SSH, the password for user 'pi' can NOT remain set to the default raspberry.
+You HAVE to create a NEW password for 'pi' if you want this program to enable SSH, it will fail if you dont!
+The same will happen with user 'root' and password '1234'
Note: Use normal AlphaNumeric, the only special characters allowed are .,@-_/"
install() { :; }
is_active()
{
- systemctl status ssh &>/dev/null
+ systemctl -q is-enabled ssh &>/dev/null
}
configure()
@@ -39,6 +40,10 @@ configure()
echo "Refusing to use the default Raspbian user and password. It's insecure"
return 1
}
+ [[ "$USER_" == "root" ]] && [[ "$PASS_" == "1234" ]] && {
+ echo "Refusing to use the default Armbian user and password. It's insecure"
+ return 1
+ }
# Change credentials
id "$USER_" &>/dev/null || { echo "$USER_ doesn't exist"; return 1; }
@@ -59,6 +64,21 @@ configure()
}
}
+ # Check for insecure default root password ( taken from old jessie method )
+ local SHADOW="$( grep -E '^root:' /etc/shadow )"
+ test -n "${SHADOW}" && {
+ local SALT=$(echo "${SHADOW}" | sed -n 's/root:\$6\$//;s/\$.*//p')
+ local HASH=$(mkpasswd -msha-512 1234 "$SALT")
+
+ grep -q "${HASH}" <<< "${SHADOW}" && {
+ systemctl stop ssh
+ systemctl disable ssh
+ echo "The user root is using the default password. Refusing to activate SSH"
+ echo "SSH disabled"
+ return 1
+ }
+ }
+
# Enable
chage -d 0 "$USER_"
systemctl enable ssh
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 20:39:27 +0300