commit a7c634e546227a8b2b6ba2e677f890f25eb3e01a Author: Mikhail Novosyolov Date: Fri Apr 1 09:31:43 2022 +0300 init pre-prototype diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..990d0f0 --- /dev/null +++ b/Makefile @@ -0,0 +1,16 @@ +SBINDIR ?= /usr/sbin +UNITDIR ?= /lib/systemd/system + +install: + mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR) + install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen + mkdir -p --mode=0755 $(DESTDIR)/etc/doskast + mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh + mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR) + install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR) + install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR) + # nothing secret here, no need in 0600 + install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf + +rpm: + rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec diff --git a/doskast-sshd-keygen.service b/doskast-sshd-keygen.service new file mode 100644 index 0000000..bcc3fbc --- /dev/null +++ b/doskast-sshd-keygen.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenSSH Server Key Generation +ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key +PartOf=doskast-sshd.service + +[Service] +ExecStart=/usr/sbin/doskast-sshd-keygen +Type=oneshot +RemainAfterExit=yes diff --git a/doskast-sshd-keygen.sh b/doskast-sshd-keygen.sh new file mode 100755 index 0000000..c352d2d --- /dev/null +++ b/doskast-sshd-keygen.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# Create the host keys for the OpenSSH server. +# +# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment +# variable. + +# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow. +AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" +FAIL='0' + +# Some functions to make the below more readable +KEYGEN=/usr/bin/ssh-keygen +DIR=/etc/doskast/ssh +RSA_KEY="$DIR"/ssh_host_rsa_key +DSA_KEY="$DIR"/ssh_host_dsa_key +ECDSA_KEY="$DIR"/ssh_host_ecdsa_key +ED25519_KEY="$DIR"/ssh_host_ed25519_key + +do_rsa_keygen() { + if [ ! -s $RSA_KEY ]; then + echo -n $"Generating SSH2 RSA host key: " + rm -f $RSA_KEY + # XXX use umask 077 here! + if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then + chmod 600 $RSA_KEY + chmod 644 $RSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA_KEY{,.pub} + fi + echo "RSA key $RSA_KEY generated." + return 0 + else + echo "Failed to generate RSA key $RSA_KEY!" + FAIL='1' + return 1 + fi + fi +} + +do_dsa_keygen() { + if [ ! -s $DSA_KEY ]; then + echo -n $"Generating SSH2 DSA host key: " + rm -f $DSA_KEY + if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then + chmod 600 $DSA_KEY + chmod 644 $DSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $DSA_KEY{,.pub} + fi + echo "DSA key $DSA_KEY generated." + return 0 + else + echo "Failed to generate DSA key $DSA_KEY!" + FAIL='1' + return 1 + fi + fi +} + +do_ecdsa_keygen() { + if [ ! -s $ECDSA_KEY ]; then + echo -n $"Generating SSH2 ECDSA host key: " + rm -f $ECDSA_KEY + if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then + chmod 600 $ECDSA_KEY + chmod 644 $ECDSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $ECDSA_KEY{,.pub} + fi + echo "ECDSA key $ECDSA_KEY generated." + return 0 + else + echo "Failed to generate ECDSA key $ECDSA_KEY!" + FAIL='1' + return 1 + fi + fi +} + +do_ed25519_keygen() { + if [ ! -s $ED25519_KEY ]; then + echo -n $"Generating SSH2 ED25519 host key: " + rm -f "$ED25519_KEY" + if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then + chmod 600 $ED25519_KEY + chmod 644 $ED25519_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $ED25519_KEY{,.pub} + fi + echo "ED25519 key $ED25519_KEY generated." + return 0 + else + echo "Failed to generate ED25519 key $ED25519_KEY!" + FAIL='1' + return 1 + fi + fi +} + +if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then + exit 0 +fi + +# legacy options +case $AUTOCREATE_SERVER_KEYS in + NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; + RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; + YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; +esac + +for KEY in $AUTOCREATE_SERVER_KEYS; do + case "$KEY" in + DSA) do_dsa_keygen;; + RSA) do_rsa_keygen;; + ECDSA) do_ecdsa_keygen;; + ED25519) do_ed25519_keygen;; + esac +done + +# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors +if [ "$FAIL" = '1' ] + then exit 1 + else exit 0 +fi diff --git a/doskast-sshd.conf b/doskast-sshd.conf new file mode 100644 index 0000000..ef2a657 --- /dev/null +++ b/doskast-sshd.conf @@ -0,0 +1,22 @@ +Port 6260 + +HostKey /etc/doskast/ssh/ssh_host_rsa_key +HostKey /etc/doskast/ssh/ssh_host_ecdsa_key +HostKey /etc/doskast/ssh/ssh_host_ed25519_key + +PermitRootLogin no +PubkeyAuthentication yes +# keeping this default for compatibility with ssh-copy-id +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +KerberosAuthentication no +GSSAPIAuthentication no +# XXX Is PAM needed? +UsePAM no +AllowUsers doscast + +AllowAgentForwarding no +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +PidFile /run/doskast-sshd.pid diff --git a/doskast-sshd.service b/doskast-sshd.service new file mode 100644 index 0000000..a34b374 --- /dev/null +++ b/doskast-sshd.service @@ -0,0 +1,14 @@ +[Unit] +Description=Doskast OpenSSH server +After=network.target doskast-sshd-keygen.service +Wants=doskast-sshd-keygen.service + +[Service] +ExecStart=/usr/sbin/sshd -D -f /etc/doskast/doskast-sshd.conf +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartSec=42s + +[Install] +WantedBy=multi-user.target diff --git a/doskast.spec b/doskast.spec new file mode 100644 index 0000000..295a4fa --- /dev/null +++ b/doskast.spec @@ -0,0 +1,32 @@ +Summary: Cast screen +Name: doskast +License: GPL-3.0 +Group: Graphical desktop/Other +Url: https://osmesh.ru +Version: 0.1 +Release: 1 +Source1: doskast-sshd.conf +Source2: doskast-sshd.service +Source3: doskast-sshd-keygen.service +Source4: doskast-sshd-keygen.sh +Source5: Makefile + +BuildRequires: make + +%description +%summary + +%prep +%build +%install +cp %sources . +%makeinstall_std + +%files +%_unitdir/doskast-sshd.service +%_unitdir/doskast-sshd-keygen.service +%_sbindir/doskast-sshd-keygen +%dir /etc/doskast +%dir /etc/doskast/ssh +# not "noreplace" +%config /etc/doskast/doskast-sshd.conf