From dc363bae6a0b98878182639fa6c006de66cc7826 Mon Sep 17 00:00:00 2001 From: Ian G Date: Fri, 4 Aug 2017 10:02:20 +0100 Subject: [PATCH 1/2] Add enable/disable SSH password authentication block --- sshpasswordauth/sshpasswordauth.json | 21 +++++++++++++++++++++ sshpasswordauth/sshpasswordauth.sh | 9 +++++++++ 2 files changed, 30 insertions(+) create mode 100644 sshpasswordauth/sshpasswordauth.json create mode 100644 sshpasswordauth/sshpasswordauth.sh diff --git a/sshpasswordauth/sshpasswordauth.json b/sshpasswordauth/sshpasswordauth.json new file mode 100644 index 0000000..c88f750 --- /dev/null +++ b/sshpasswordauth/sshpasswordauth.json @@ -0,0 +1,21 @@ +{ + "name": "sshpasswordauth", + "text": "%1 SSH password authentication", + "script": "sshpasswordauth.sh", + "args": [ + { + "type": "menu", + "options": ["Enable", "Disable"] + } + ], + "network": false, + "continue": true, + "type": "setting", + "category":"setting", + "supportedOperatingSystems": [ + "raspbian-pibakery.img", + "raspbian-lite-pibakery.img" + ], + "shortDescription":"Enable or disable password authentication for the SSH server.", + "longDescription":"The secure shell (SSH) service supports password authentication by default. Use this setting to disable it, and allow SSH access only via public key authentication. Make sure you have authorized a public key first!" +} diff --git a/sshpasswordauth/sshpasswordauth.sh b/sshpasswordauth/sshpasswordauth.sh new file mode 100644 index 0000000..fd71de0 --- /dev/null +++ b/sshpasswordauth/sshpasswordauth.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ "$1" == "Enable" ] +then + sed -re 's/^(\#?)(PasswordAuthentication)([[:space:]]+)(no|yes)[[:space:]]*$/\2\3yes/' -i /etc/ssh/sshd_config +else + sed -re 's/^(\#?)(PasswordAuthentication)([[:space:]]+)(no|yes)[[:space:]]*$/\2\3no/' -i /etc/ssh/sshd_config +fi +systemctl reload sshd From db14a4539758b81f9cf17aaaaad4c2d879b440f9 Mon Sep 17 00:00:00 2001 From: Ian G Date: Fri, 4 Aug 2017 10:02:48 +0100 Subject: [PATCH 2/2] Add enable/disable SSH server block --- sshenable/sshenable.json | 21 +++++++++++++++++++++ sshenable/sshenable.sh | 10 ++++++++++ 2 files changed, 31 insertions(+) create mode 100644 sshenable/sshenable.json create mode 100644 sshenable/sshenable.sh diff --git a/sshenable/sshenable.json b/sshenable/sshenable.json new file mode 100644 index 0000000..2d8737c --- /dev/null +++ b/sshenable/sshenable.json @@ -0,0 +1,21 @@ +{ + "name": "sshenable", + "text": "%1 secure shell (SSH) server", + "script": "sshenable.sh", + "args": [ + { + "type": "menu", + "options": ["Enable", "Disable"] + } + ], + "network": false, + "continue": true, + "type": "software", + "category":"software", + "supportedOperatingSystems": [ + "raspbian-pibakery.img", + "raspbian-lite-pibakery.img" + ], + "shortDescription":"Enable or disable the SSH server.", + "longDescription":"By default, the built in secure shell (SSH) server does not run on startup. Using this block you can enable it, or disable it if you have already enabled it." +} diff --git a/sshenable/sshenable.sh b/sshenable/sshenable.sh new file mode 100644 index 0000000..54fbdfa --- /dev/null +++ b/sshenable/sshenable.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ "$1" == "Enable" ] +then + systemctl enable ssh + systemctl start ssh +else + systemctl disable ssh + systemctl stop ssh +fi