-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathssh-server-setup.sh
More file actions
executable file
·130 lines (82 loc) · 2.74 KB
/
Copy pathssh-server-setup.sh
File metadata and controls
executable file
·130 lines (82 loc) · 2.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#/bin/bash
# cd to dir script is run from
cd "$( dirname "${BASH_SOURCE[0]}" )"
if [ `id -u` -ne 0 ]; then
echo "Must be root to run this script"
exit 1
fi
#Config dir exists
if [ ! -d "configs" ]; then
echo "Main configs dir missing. Can't do anything without it. This contains all the templates to deploy to the system"
echo "If you have assumed you don't need this, you're wrong. Please put it back"
exit 1
fi
#Temp dir exists
if [ ! -d "temp" ]; then
mkdir temp
fi
chmod 700 temp
#temp ssh-server dir exists
if [ -d "temp/ssh-server" ]; then
echo "Cleaning up old config files"
rm -r "temp/ssh-server"
fi
#copy files
cp -r configs/ssh-server temp/ssh-server
echo -e "\nSSH access? (admins) only / (all) users"
read allowedUsers
echo allowedusers: $allowedUsers
if [ "$allowedUsers" == "all" ]; then
sed -i "s/#allowgroups currentMembers/allowgroups currentMembers/g" temp/ssh-server/sshd_config
echo "test"
fi
echo -e "\nDo you want to allow root login? (y/n)?"
read allowroot
if [ "$allowroot" == "y" ]; then
sed -i "s/#allowgroups root /allowgroups root/g" temp/ssh-server/sshd_config
fi
systemHostname=`hostname`
echo -e "\nBanner Hostname. Default: $systemHostname"
read hostname
if [ -z $hostname ]; then
hostname=$systemHostname
fi
echo -e "\nBanner access displayed (eg restricted, all members)"
read bannerAccess
echo -e "\nBanner description (eg, ldap server, main login server)"
read description
echo -e
bannerip=`ifconfig | egrep -o "inet addr:[0-9]{0,3}\.[0-9]{0,3}\.[0-9]{0,3}\.[0-9]{0,3}" | sed 's/^inet addr://'| grep -v 127.0.0.1| head -n 1`
echo "Banner IP Default:$bannerip"
read bannerIP
echo "Confirmation:"
echo " Banner hostname: $hostname"
echo " Banner description: $description"
echo " Banner access displayed : $bannerAccess"
echo " Banner IP address: $bannerip"
echo " ssh users allowed: $allowedUsers"
echo " rootlogins: $allowroot"
echo -e "\nIs this correct? (y/n) \r"
read confirm
if [ "$confirm" != "y" ]; then
echo "setup aborted"
exit 1
fi
sed -i "s/%ip%/$bannerip/g" temp/ssh-server/sshd_banner
sed -i "s/%hostname%/$hostname/g" temp/ssh-server/sshd_banner
sed -i "s/%description%/$description/g" temp/ssh-server/sshd_banner
sed -i "s/%bannerAccess%/$bannerAccess/g" temp/ssh-server/sshd_banner
if [ "$allowedUsers" == "admins" ]; then
sed -i 's/#allow-login-all//' temp/ssh-server/sshd_config
fi
echo -e "\nConfigs written to 'temp'"
echo -e "Do you wish to copy files to system? (y/n) \r"
read confirm
if [ "$confirm" != "y" ]; then
echo "Your files are in the 'temp' directory, now exiting"
exit 0
fi
#Copy temp files to system
cp temp/ssh-server/sshd_config /etc/ssh/sshd_config
cp temp/ssh-server/sshd_banner /etc/ssh/sshd_banner
/etc/init.d/ssh restart