Mail archive
alpine-devel

Re: [alpine-devel] [PATCH] alpine-conf: setup-sshd offers to setup openssh key authentication

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Mon, 1 Dec 2014 11:04:03 +0100

On Thu, 27 Nov 2014 15:21:36 +0000
Alan Lacerda <alancordeiro_at_gmail.com> wrote:

> ---
> setup-sshd.in | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/setup-sshd.in b/setup-sshd.in
> index 1890b7c..1e6da29 100644
> --- a/setup-sshd.in
> +++ b/setup-sshd.in
> _at_@ -46,6 +46,25 @@ case "$sshdchoice" in
> dropbear) svc=dropbear;;
> esac
>
> +echo -n "Do you want to set up SSH key authentication [y|N]? "
> +default_read sshauthkey "n"
> +
> +if [ "$sshdchoice" = "openssh" ]; then
> + if [ "$sshauthkey" = "y" ] || [ "$sshauthkey" = "Y" ]; then
> + sed -i 's/\#PasswordAuthentication\
> yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
> + mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys
> + echo -n "Do you want to add keys to the
> authorized_keys file [Y|n]? "
> + default_read sshaddkey "y"
> + if [ "$sshaddkey" = "y" ] || [ "$sshaddkey" = "Y" ];
> then
> + vi ~/.ssh/authorized_keys
> + else
> + echo ""
> + echo "WARNING: Do not forget to add your
> public key to ~/.ssh/authorized_keys"
> + echo ""
> + fi
> + fi
> +fi
> +
> if [ -n "$svc" ]; then
> rc-update add $svc default
> rc-service $svc start

I am sceptic.

Problem 1: I want ask as few questions as possible so I am not happy
with adding new questions.

Problem 2: The question asked is misleading. If you want both password
and key authentication, what should you answer to the question: "Do you
want to set up SSH key authentication?"

So can we add this functionality without always asking any questions?

How about, if setup-sshd finds a (valid) pre-existing
authorized_keys it will ask the question:

Found the following ssh keys:
<list of keys>

Would you like to disable password authentication (Y/n)? [Y]

And maybe have an option -k <keysfile> which lets you quietly do the
same with:

setup-sshd -k /media/usb/ssh-keys

I mean, what users remembers the public ssh key to be able to enter it
in vi?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Mon Dec 01 2014 - 11:04:03 GMT