X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133])
	(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: n@tanael.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id C6B88DC009A;
	Mon,  1 Dec 2014 10:04:07 +0000 (UTC)
Date: Mon, 1 Dec 2014 11:04:03 +0100
From: Natanael Copa <ncopa@alpinelinux.org>
To: Alan Lacerda <alancordeiro@gmail.com>
Cc: alpine-devel@lists.alpinelinux.org, Alan Lacerda
 <alacerda@alpinelinux.org>
Subject: Re: [alpine-devel] [PATCH] alpine-conf: setup-sshd offers to setup
 openssh key authentication
Message-ID: <20141201110403.2af5528f@ncopa-desktop.alpinelinux.org>
In-Reply-To: <1417101696-6236-1-git-send-email-alacerda@alpinelinux.org>
References: <1417101696-6236-1-git-send-email-alacerda@alpinelinux.org>
X-Mailer: Claws Mail 3.11.0 (GTK+ 2.24.23; x86_64-alpine-linux-musl)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 27 Nov 2014 15:21:36 +0000
Alan Lacerda <alancordeiro@gmail.com> wrote:

> ---
>  setup-sshd.in | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/setup-sshd.in b/setup-sshd.in
> index 1890b7c..1e6da29 100644
> --- a/setup-sshd.in
> +++ b/setup-sshd.in
> @@ -46,6 +46,25 @@ case "$sshdchoice" in
>  	dropbear) svc=dropbear;;
>  esac
>  
> +echo -n "Do you want to set up SSH key authentication [y|N]? "
> +default_read sshauthkey "n"
> +
> +if [ "$sshdchoice" = "openssh" ]; then
> +	if [ "$sshauthkey" = "y" ] || [ "$sshauthkey" = "Y" ]; then
> +		sed -i 's/\#PasswordAuthentication\
> yes/PasswordAuthentication\ no/g' /etc/ssh/sshd_config
> +		mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys
> +		echo -n "Do you want to add keys to the
> authorized_keys file [Y|n]? "
> +		default_read sshaddkey "y"
> +		if [ "$sshaddkey" = "y" ] || [ "$sshaddkey" = "Y" ];
> then
> +			vi ~/.ssh/authorized_keys
> +		else
> +			echo ""
> +			echo "WARNING: Do not forget to add your
> public key to ~/.ssh/authorized_keys"
> +			echo ""
> +		fi
> +	fi
> +fi
> +
>  if [ -n "$svc" ]; then
>  	rc-update add $svc default
>  	rc-service $svc start

I am sceptic.

Problem 1: I want ask as few questions as possible so I am not happy
with adding new questions.

Problem 2: The question asked is misleading. If you want both password
and key authentication, what should you answer to the question: "Do you
want to set up SSH key authentication?"

So can we add this functionality without always asking any questions?

How about, if setup-sshd finds a (valid) pre-existing
authorized_keys it will ask the question:

Found the following ssh keys:
<list of keys>

Would you like to disable password authentication (Y/n)? [Y]

And maybe have an option -k <keysfile> which lets you quietly do the
same with:

setup-sshd -k /media/usb/ssh-keys

I mean, what users remembers the public ssh key to be able to enter it
in vi?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---