commit
a7c634e546
@ -0,0 +1,16 @@ |
||||
SBINDIR ?= /usr/sbin
|
||||
UNITDIR ?= /lib/systemd/system
|
||||
|
||||
install: |
||||
mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
|
||||
install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
|
||||
mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
|
||||
mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
|
||||
mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR)
|
||||
install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
|
||||
install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
|
||||
# nothing secret here, no need in 0600
|
||||
install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
|
||||
|
||||
rpm: |
||||
rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec
|
@ -0,0 +1,11 @@ |
||||
[Unit] |
||||
Description=OpenSSH Server Key Generation |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key |
||||
PartOf=doskast-sshd.service |
||||
|
||||
[Service] |
||||
ExecStart=/usr/sbin/doskast-sshd-keygen |
||||
Type=oneshot |
||||
RemainAfterExit=yes |
@ -0,0 +1,125 @@ |
||||
#!/bin/bash |
||||
|
||||
# Create the host keys for the OpenSSH server. |
||||
# |
||||
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment |
||||
# variable. |
||||
|
||||
# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow. |
||||
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" |
||||
FAIL='0' |
||||
|
||||
# Some functions to make the below more readable |
||||
KEYGEN=/usr/bin/ssh-keygen |
||||
DIR=/etc/doskast/ssh |
||||
RSA_KEY="$DIR"/ssh_host_rsa_key |
||||
DSA_KEY="$DIR"/ssh_host_dsa_key |
||||
ECDSA_KEY="$DIR"/ssh_host_ecdsa_key |
||||
ED25519_KEY="$DIR"/ssh_host_ed25519_key |
||||
|
||||
do_rsa_keygen() { |
||||
if [ ! -s $RSA_KEY ]; then |
||||
echo -n $"Generating SSH2 RSA host key: " |
||||
rm -f $RSA_KEY |
||||
# XXX use umask 077 here! |
||||
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $RSA_KEY |
||||
chmod 644 $RSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $RSA_KEY{,.pub} |
||||
fi |
||||
echo "RSA key $RSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate RSA key $RSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_dsa_keygen() { |
||||
if [ ! -s $DSA_KEY ]; then |
||||
echo -n $"Generating SSH2 DSA host key: " |
||||
rm -f $DSA_KEY |
||||
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $DSA_KEY |
||||
chmod 644 $DSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $DSA_KEY{,.pub} |
||||
fi |
||||
echo "DSA key $DSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate DSA key $DSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_ecdsa_keygen() { |
||||
if [ ! -s $ECDSA_KEY ]; then |
||||
echo -n $"Generating SSH2 ECDSA host key: " |
||||
rm -f $ECDSA_KEY |
||||
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $ECDSA_KEY |
||||
chmod 644 $ECDSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $ECDSA_KEY{,.pub} |
||||
fi |
||||
echo "ECDSA key $ECDSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate ECDSA key $ECDSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_ed25519_keygen() { |
||||
if [ ! -s $ED25519_KEY ]; then |
||||
echo -n $"Generating SSH2 ED25519 host key: " |
||||
rm -f "$ED25519_KEY" |
||||
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $ED25519_KEY |
||||
chmod 644 $ED25519_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $ED25519_KEY{,.pub} |
||||
fi |
||||
echo "ED25519 key $ED25519_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate ED25519 key $ED25519_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then |
||||
exit 0 |
||||
fi |
||||
|
||||
# legacy options |
||||
case $AUTOCREATE_SERVER_KEYS in |
||||
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; |
||||
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; |
||||
YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; |
||||
esac |
||||
|
||||
for KEY in $AUTOCREATE_SERVER_KEYS; do |
||||
case "$KEY" in |
||||
DSA) do_dsa_keygen;; |
||||
RSA) do_rsa_keygen;; |
||||
ECDSA) do_ecdsa_keygen;; |
||||
ED25519) do_ed25519_keygen;; |
||||
esac |
||||
done |
||||
|
||||
# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors |
||||
if [ "$FAIL" = '1' ] |
||||
then exit 1 |
||||
else exit 0 |
||||
fi |
@ -0,0 +1,22 @@ |
||||
Port 6260 |
||||
|
||||
HostKey /etc/doskast/ssh/ssh_host_rsa_key |
||||
HostKey /etc/doskast/ssh/ssh_host_ecdsa_key |
||||
HostKey /etc/doskast/ssh/ssh_host_ed25519_key |
||||
|
||||
PermitRootLogin no |
||||
PubkeyAuthentication yes |
||||
# keeping this default for compatibility with ssh-copy-id |
||||
AuthorizedKeysFile .ssh/authorized_keys |
||||
PasswordAuthentication no |
||||
KerberosAuthentication no |
||||
GSSAPIAuthentication no |
||||
# XXX Is PAM needed? |
||||
UsePAM no |
||||
AllowUsers doscast |
||||
|
||||
AllowAgentForwarding no |
||||
AllowTcpForwarding no |
||||
GatewayPorts no |
||||
X11Forwarding no |
||||
PidFile /run/doskast-sshd.pid |
@ -0,0 +1,14 @@ |
||||
[Unit] |
||||
Description=Doskast OpenSSH server |
||||
After=network.target doskast-sshd-keygen.service |
||||
Wants=doskast-sshd-keygen.service |
||||
|
||||
[Service] |
||||
ExecStart=/usr/sbin/sshd -D -f /etc/doskast/doskast-sshd.conf |
||||
ExecReload=/bin/kill -HUP $MAINPID |
||||
KillMode=process |
||||
Restart=on-failure |
||||
RestartSec=42s |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,32 @@ |
||||
Summary: Cast screen |
||||
Name: doskast |
||||
License: GPL-3.0 |
||||
Group: Graphical desktop/Other |
||||
Url: https://osmesh.ru |
||||
Version: 0.1 |
||||
Release: 1 |
||||
Source1: doskast-sshd.conf |
||||
Source2: doskast-sshd.service |
||||
Source3: doskast-sshd-keygen.service |
||||
Source4: doskast-sshd-keygen.sh |
||||
Source5: Makefile |
||||
|
||||
BuildRequires: make |
||||
|
||||
%description |
||||
%summary |
||||
|
||||
%prep |
||||
%build |
||||
%install |
||||
cp %sources . |
||||
%makeinstall_std |
||||
|
||||
%files |
||||
%_unitdir/doskast-sshd.service |
||||
%_unitdir/doskast-sshd-keygen.service |
||||
%_sbindir/doskast-sshd-keygen |
||||
%dir /etc/doskast |
||||
%dir /etc/doskast/ssh |
||||
# not "noreplace" |
||||
%config /etc/doskast/doskast-sshd.conf |
Loading…
Reference in new issue