init pre-prototype

master
Mikhail Novosyolov 3 years ago
commit a7c634e546
  1. 16
      Makefile
  2. 11
      doskast-sshd-keygen.service
  3. 125
      doskast-sshd-keygen.sh
  4. 22
      doskast-sshd.conf
  5. 14
      doskast-sshd.service
  6. 32
      doskast.spec

@ -0,0 +1,16 @@
SBINDIR ?= /usr/sbin
UNITDIR ?= /lib/systemd/system
install:
mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR)
install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
# nothing secret here, no need in 0600
install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
rpm:
rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec

@ -0,0 +1,11 @@
[Unit]
Description=OpenSSH Server Key Generation
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key
PartOf=doskast-sshd.service
[Service]
ExecStart=/usr/sbin/doskast-sshd-keygen
Type=oneshot
RemainAfterExit=yes

@ -0,0 +1,125 @@
#!/bin/bash
# Create the host keys for the OpenSSH server.
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.
# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow.
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
FAIL='0'
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
DIR=/etc/doskast/ssh
RSA_KEY="$DIR"/ssh_host_rsa_key
DSA_KEY="$DIR"/ssh_host_dsa_key
ECDSA_KEY="$DIR"/ssh_host_ecdsa_key
ED25519_KEY="$DIR"/ssh_host_ed25519_key
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
rm -f $RSA_KEY
# XXX use umask 077 here!
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY{,.pub}
fi
echo "RSA key $RSA_KEY generated."
return 0
else
echo "Failed to generate RSA key $RSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n $"Generating SSH2 DSA host key: "
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY{,.pub}
fi
echo "DSA key $DSA_KEY generated."
return 0
else
echo "Failed to generate DSA key $DSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo -n $"Generating SSH2 ECDSA host key: "
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ECDSA_KEY{,.pub}
fi
echo "ECDSA key $ECDSA_KEY generated."
return 0
else
echo "Failed to generate ECDSA key $ECDSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_ed25519_keygen() {
if [ ! -s $ED25519_KEY ]; then
echo -n $"Generating SSH2 ED25519 host key: "
rm -f "$ED25519_KEY"
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ED25519_KEY
chmod 644 $ED25519_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ED25519_KEY{,.pub}
fi
echo "ED25519 key $ED25519_KEY generated."
return 0
else
echo "Failed to generate ED25519 key $ED25519_KEY!"
FAIL='1'
return 1
fi
fi
}
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
exit 0
fi
# legacy options
case $AUTOCREATE_SERVER_KEYS in
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
esac
for KEY in $AUTOCREATE_SERVER_KEYS; do
case "$KEY" in
DSA) do_dsa_keygen;;
RSA) do_rsa_keygen;;
ECDSA) do_ecdsa_keygen;;
ED25519) do_ed25519_keygen;;
esac
done
# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors
if [ "$FAIL" = '1' ]
then exit 1
else exit 0
fi

@ -0,0 +1,22 @@
Port 6260
HostKey /etc/doskast/ssh/ssh_host_rsa_key
HostKey /etc/doskast/ssh/ssh_host_ecdsa_key
HostKey /etc/doskast/ssh/ssh_host_ed25519_key
PermitRootLogin no
PubkeyAuthentication yes
# keeping this default for compatibility with ssh-copy-id
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
# XXX Is PAM needed?
UsePAM no
AllowUsers doscast
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PidFile /run/doskast-sshd.pid

@ -0,0 +1,14 @@
[Unit]
Description=Doskast OpenSSH server
After=network.target doskast-sshd-keygen.service
Wants=doskast-sshd-keygen.service
[Service]
ExecStart=/usr/sbin/sshd -D -f /etc/doskast/doskast-sshd.conf
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target

@ -0,0 +1,32 @@
Summary: Cast screen
Name: doskast
License: GPL-3.0
Group: Graphical desktop/Other
Url: https://osmesh.ru
Version: 0.1
Release: 1
Source1: doskast-sshd.conf
Source2: doskast-sshd.service
Source3: doskast-sshd-keygen.service
Source4: doskast-sshd-keygen.sh
Source5: Makefile
BuildRequires: make
%description
%summary
%prep
%build
%install
cp %sources .
%makeinstall_std
%files
%_unitdir/doskast-sshd.service
%_unitdir/doskast-sshd-keygen.service
%_sbindir/doskast-sshd-keygen
%dir /etc/doskast
%dir /etc/doskast/ssh
# not "noreplace"
%config /etc/doskast/doskast-sshd.conf
Loading…
Cancel
Save