Refactor bee CLI and LiveCD integration

2026-03-13 16:52:16 +03:00
parent b7c888edb1
commit 6aca1682b9
47 changed files with 3137 additions and 1201 deletions
--- a/iso/overlay/usr/local/bin/bee-sshsetup
+++ b/iso/overlay/usr/local/bin/bee-sshsetup
@@ -4,15 +4,35 @@

 log() { echo "[bee-sshsetup] $*"; }

-# Always create dedicated 'bee' user for password fallback.
-if ! id bee > /dev/null 2>&1; then
-    useradd -m -s /bin/sh bee > /dev/null 2>&1
-fi
-echo "bee:eeb" | chpasswd > /dev/null 2>&1
+SSHD_DIR="/etc/ssh/sshd_config.d"
+AUTH_CONF="${SSHD_DIR}/99-bee-auth.conf"
+
+mkdir -p "$SSHD_DIR"

 if [ -f /etc/bee-ssh-password-fallback ]; then
+    if ! id bee > /dev/null 2>&1; then
+        useradd -m -s /bin/sh bee > /dev/null 2>&1
+    fi
+    echo "bee:eeb" | chpasswd > /dev/null 2>&1
+    cat > "$AUTH_CONF" <<'EOF'
+PermitRootLogin prohibit-password
+PasswordAuthentication yes
+KbdInteractiveAuthentication yes
+ChallengeResponseAuthentication yes
+UsePAM yes
+EOF
    log "SSH key auth unavailable — password fallback active"
    log "Login: bee / eeb"
 else
+    if id bee > /dev/null 2>&1; then
+        passwd -l bee > /dev/null 2>&1 || true
+    fi
+    cat > "$AUTH_CONF" <<'EOF'
+PermitRootLogin prohibit-password
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+EOF
    log "SSH key auth configured"
 fi