linx/StateGrid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2235771f09b50edd8e1bfd7b456ce008a0e168f4
StateGrid/install_shell/set_ssh.sh
Qin Bo 2235771f09 Initial commit 
Signed-off-by: Qin Bo <bqin@linx-info.com>
2014-02-19 09:07:55 +08:00

89 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
. ./check_function.sh
# sshd_config
SSHD_CONFIG=/etc/ssh/sshd_config
check_config $SSHD_CONFIG ChallengeResponseAuthentication no
if [ $rtn -eq 1 ]; then
sed -i '/ChallengeResponseAuthentication/s@yes@no@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'ChallengeResponseAuthentication no' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG UsePAM yes
if [ $rtn -eq 1 ]; then
sed -i '/UsePAM/s@no@yes@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'UsePAM yes' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG X11Forwarding yes
if [ $rtn -eq 1 ]; then
sed -i '/X11Forwarding/s@no@yes@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'X11Forwarding yes' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG UseDNS no
if [ $rtn -eq 1 ]; then
sed -i '/UseDNS/s@yes@no@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'UseDNS no' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG MaxStartups 60
if [ $rtn -eq 1 ]; then
sed -i '/MaxStartups/d' $SSHD_CONFIG
echo 'MaxStartups 60' >> $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'MaxStartups 60' >> $SSHD_CONFIG
fi
SSH_CONFIG=/etc/ssh/ssh_config
check_config $SSH_CONFIG StrictHostKeyChecking no
if [ $rtn -eq 1 ]; then
sed -i '/StrictHostKeyChecking/d' $SSH_CONFIG
echo 'StrictHostKeyChecking no' >> $SSH_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'StrictHostKeyChecking no' >> $SSH_CONFIG
fi
check_config $SSHD_CONFIG IgnoreUserKnownHosts yes
if [ $rtn -eq 1 ]; then
sed -i '/IgnoreUserKnownHosts/d' $SSHD_CONFIG
echo 'IgnoreUserKnownHosts yes' >> $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'IgnoreUserKnownHosts yes' >> $SSHD_CONFIG
fi
sed -i '/AddressFamily/d' $SSHD_CONFIG
sed -i "/^ListenAddress/i\AddressFamily inet" ${SSHD_CONFIG}
# openssh-cap.conf
cat > /etc/security/capability/openssh-cap.conf <<EOF
/usr/sbin/sshd
{
cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_resource+ep
}
EOF
setcap -f /etc/security/capability/openssh-cap.conf
grep 'pam_limits.so' /etc/pam.d/kde &>/dev/null
if [ ! $? -eq 0 ]; then
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/kde
fi
# To create ssh key..
USERNAME=$1
su - root -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''"
su - ${USERNAME} -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''"
# restart ssh daemon
#/etc/init.d/sshd restart
Reference in New Issue View Git Blame Copy Permalink