39 lines
1002 B
Bash
Executable File
39 lines
1002 B
Bash
Executable File
#!/bin/sh
|
|
# bee-sshsetup — configure SSH access
|
|
# Called by bee-sshsetup.service before SSH starts.
|
|
|
|
log() { echo "[bee-sshsetup] $*"; }
|
|
|
|
SSHD_DIR="/etc/ssh/sshd_config.d"
|
|
AUTH_CONF="${SSHD_DIR}/99-bee-auth.conf"
|
|
|
|
mkdir -p "$SSHD_DIR"
|
|
|
|
if [ -f /etc/bee-ssh-password-fallback ]; then
|
|
if ! id bee > /dev/null 2>&1; then
|
|
useradd -m -s /bin/sh bee > /dev/null 2>&1
|
|
fi
|
|
echo "bee:eeb" | chpasswd > /dev/null 2>&1
|
|
cat > "$AUTH_CONF" <<'EOF'
|
|
PermitRootLogin prohibit-password
|
|
PasswordAuthentication yes
|
|
KbdInteractiveAuthentication yes
|
|
ChallengeResponseAuthentication yes
|
|
UsePAM yes
|
|
EOF
|
|
log "SSH key auth unavailable — password fallback active"
|
|
log "Login: bee / eeb"
|
|
else
|
|
if id bee > /dev/null 2>&1; then
|
|
passwd -l bee > /dev/null 2>&1 || true
|
|
fi
|
|
cat > "$AUTH_CONF" <<'EOF'
|
|
PermitRootLogin prohibit-password
|
|
PasswordAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
ChallengeResponseAuthentication no
|
|
UsePAM yes
|
|
EOF
|
|
log "SSH key auth configured"
|
|
fi
|