diff options
| author | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-31 14:09:06 +0200 |
|---|---|---|
| committer | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-31 14:09:06 +0200 |
| commit | 5461c13bdcace38ce40494acde0e21d2cb3c9081 (patch) | |
| tree | ffe2da2ce1c041465a995c942278e35fb3063aa3 /init | |
| parent | ce1b8892253d49b894e13215fc4b1415bfc1df29 (diff) | |
Use user build instead of root for SSH login
Diffstat (limited to 'init')
| -rwxr-xr-x | init | 16 |
1 files changed, 10 insertions, 6 deletions
@@ -394,10 +394,13 @@ newaliases # - Change host key locations to (persistent) /state/etc/ssh/ and remove # existing keys. If no corresponding key exists in /state, generate it. # +# - Disable root login. +# # - Disable password authentication. # sed -r -i \ -e "s%^#?HostKey +(.+)%HostKey /state\1%" \ + -e "s%^#?PermitRootLogin.*%PermitRootLogin no%" \ -e "s%^#?PasswordAuthentication.*%PasswordAuthentication no%" \ /etc/ssh/sshd_config @@ -412,15 +415,16 @@ for k in $(echo /etc/ssh/ssh_host_*_key | \ done rm -f /etc/ssh/ssh_host_*_key* -# Add buildos.ssh_key to root's authorized_keys. +# Add buildos.ssh_key to build's authorized_keys. # if [ -n "$ssh_key" ]; then - info "adding buildos.ssh_key to ~root/.ssh/authorized_keys" - mkdir -p /root/.ssh - chmod 700 /root/.ssh + info "adding buildos.ssh_key to ~build/.ssh/authorized_keys" + mkdir -p /build/.ssh + echo "$ssh_key" >>/build/.ssh/authorized_keys - echo "$ssh_key" >>/root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys + chown build:build /build/.ssh /build/.ssh/authorized_keys + chmod 700 /build/.ssh + chmod 600 /build/.ssh/authorized_keys fi # Configure the TFTP server (tftpd-hpa). |