For discussion of Alpine Linux development and developer support

1

[alpine-devel] [PATCH] alpine-conf: setup-sshd offers to setup openssh key authentication

Alan Lacerda
Details
Message ID
<1417101696-6236-1-git-send-email-alacerda@alpinelinux.org>
Sender timestamp
1417101696
DKIM signature
missing
Download raw message
Patch: +19 -0
---
 setup-sshd.in | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/setup-sshd.in b/setup-sshd.in
index 1890b7c..1e6da29 100644
--- a/setup-sshd.in
+++ b/setup-sshd.in
@@ -46,6 +46,25 @@ case "$sshdchoice" in
 	dropbear) svc=dropbear;;
 esac
 
+echo -n "Do you want to set up SSH key authentication [y|N]? "
+default_read sshauthkey "n"
+
+if [ "$sshdchoice" = "openssh" ]; then
+	if [ "$sshauthkey" = "y" ] || [ "$sshauthkey" = "Y" ]; then
+		sed -i 's/\#PasswordAuthentication\ yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
+		mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys
+		echo -n "Do you want to add keys to the authorized_keys file [Y|n]? "
+		default_read sshaddkey "y"
+		if [ "$sshaddkey" = "y" ] || [ "$sshaddkey" = "Y" ]; then
+			vi ~/.ssh/authorized_keys
+		else
+			echo ""
+			echo "WARNING: Do not forget to add your public key to ~/.ssh/authorized_keys"
+			echo ""
+		fi
+	fi
+fi
+
 if [ -n "$svc" ]; then
 	rc-update add $svc default
 	rc-service $svc start
-- 
2.1.3



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20141201110403.2af5528f@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1417101696-6236-1-git-send-email-alacerda@alpinelinux.org> (view parent)
Sender timestamp
1417428243
DKIM signature
missing
Download raw message
On Thu, 27 Nov 2014 15:21:36 +0000
Alan Lacerda <alancordeiro@gmail.com> wrote:

> ---
>  setup-sshd.in | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/setup-sshd.in b/setup-sshd.in
> index 1890b7c..1e6da29 100644
> --- a/setup-sshd.in
> +++ b/setup-sshd.in
> @@ -46,6 +46,25 @@ case "$sshdchoice" in
>  	dropbear) svc=dropbear;;
>  esac
>  
> +echo -n "Do you want to set up SSH key authentication [y|N]? "
> +default_read sshauthkey "n"
> +
> +if [ "$sshdchoice" = "openssh" ]; then
> +	if [ "$sshauthkey" = "y" ] || [ "$sshauthkey" = "Y" ]; then
> +		sed -i 's/\#PasswordAuthentication\
> yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
> +		mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys
> +		echo -n "Do you want to add keys to the
> authorized_keys file [Y|n]? "
> +		default_read sshaddkey "y"
> +		if [ "$sshaddkey" = "y" ] || [ "$sshaddkey" = "Y" ];
> then
> +			vi ~/.ssh/authorized_keys
> +		else
> +			echo ""
> +			echo "WARNING: Do not forget to add your
> public key to ~/.ssh/authorized_keys"
> +			echo ""
> +		fi
> +	fi
> +fi
> +
>  if [ -n "$svc" ]; then
>  	rc-update add $svc default
>  	rc-service $svc start

I am sceptic.

Problem 1: I want ask as few questions as possible so I am not happy
with adding new questions.

Problem 2: The question asked is misleading. If you want both password
and key authentication, what should you answer to the question: "Do you
want to set up SSH key authentication?"

So can we add this functionality without always asking any questions?

How about, if setup-sshd finds a (valid) pre-existing
authorized_keys it will ask the question:

Found the following ssh keys:
<list of keys>

Would you like to disable password authentication (Y/n)? [Y]

And maybe have an option -k <keysfile> which lets you quietly do the
same with:

setup-sshd -k /media/usb/ssh-keys

I mean, what users remembers the public ssh key to be able to enter it
in vi?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---