Merge branch 'bwi/v2.2.0' of http://192.168.68.6:3001/bartoszek/rublon-ssh into bwi/v2.2.0

added instalation script for pubkey
2025-01-16 16:48:23 +01:00 · 2025-01-16 16:47:17 +01:00
8 changed files with 54 additions and 85 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -35,6 +35,7 @@ install(
        ${CMAKE_CURRENT_LIST_DIR}/rsc/rublon.config.defaults
        ${CMAKE_CURRENT_LIST_DIR}/service/01-rublon-ssh_pubkey.conf.default
 	${CMAKE_CURRENT_LIST_DIR}/service/01-rublon-ssh.conf.default
+	${CMAKE_CURRENT_LIST_DIR}/service/inst_pubkey.sh
    DESTINATION
        share/rublon
    COMPONENT
@ -53,6 +54,8 @@ if (NOT ${outOS} MATCHES "ubuntu" OR NOT ${outOS} MATCHES "debian" OR NOT ${outO
            ${CMAKE_CURRENT_LIST_DIR}/service/login_rublon.te
            ${CMAKE_CURRENT_LIST_DIR}/service/pam_service.txt
            ${CMAKE_CURRENT_LIST_DIR}/service/rublon_veritas
+	    ${CMAKE_CURRENT_LIST_DIR}/service/inst_pubkey.sh
+	    ${CMAKE_CURRENT_LIST_DIR}/service/inst_pubkey_rhel9.sh
        DESTINATION
            share/rublon
        COMPONENT
--- a/service/01-rublon-ssh_pubkey.conf.default
+++ b/service/01-rublon-ssh_pubkey.conf.default
@ -1,6 +1,6 @@
 UsePAM yes
-ChallengeResponseAuthentication yes
 LoginGraceTime 15m
+ChallengeResponseAuthentication yes
 AuthenticationMethods publickey,keyboard-interactive
 MaxAuthTries 3
 PubkeyAuthentication yes
--- a/service/helpers/postinst_pubkey
+++ b/service/helpers/postinst_pubkey
@ -1,25 +0,0 @@
-#!/bin/bash
-
-SSHD_CONF=/etc/ssh/sshd_config
-SSHD_PAM_CONF=/etc/pam.d/sshd
-RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
-
-cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
-chown root:root $RUBLON_SSH_CONFIG
-chmod 640 $RUBLON_SSH_CONFIG
-
-if [ -f /etc/os-release ]
-then
-    . /etc/os-release
-fi
-grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
-
-if [ ${OS} == "Ubuntu"] 
-then
-	grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
-fi
-
-grep -qe '@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
-
-systemctrl restart sshd
-
--- a/service/helpers/pubkey_install_deb
+++ b/service/helpers/pubkey_install_deb
@ -14,24 +14,7 @@ then
 fi
 sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF

-if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
-then
-grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
-grep -qe '#auth       substack     password-auth' $SSHD_PAM_CONF || sed -i -e 's/auth       substack     password-auth/#auth substack password-auth/g' $SSHD_PAM_CONF
-
-elif [ $ID = "Debian" ]
-then
 grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
-else 
-   grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
-   grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
-fi
-
 grep -qe '#@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
-if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
-then
-systemctl restart sshd
-else
-deb-systemd-invoke restart ssh.service
-fi
+

--- a/service/inst_pubkey.sh
+++ b/service/inst_pubkey.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
+
+cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
+chown root:root $RUBLON_SSH_CONFIG
+chmod 640 $RUBLON_SSH_CONFIG
+
+grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe '#@include\s common-auth' $SSHD_PAM_CONF || sed -i 's/@include\s common-auth/#@include common-auth/' $SSHD_PAM_CONF
+ 
+deb-systemd-invoke restart ssh.service
+
+
--- a/service/inst_pubkey_rhel9.sh
+++ b/service/inst_pubkey_rhel9.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
+
+cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
+chown root:root $RUBLON_SSH_CONFIG
+chmod 640 $RUBLON_SSH_CONFIG
+
+grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe '#auth\s       substack\s     password-auth' $SSHD_PAM_CONF || sed -i 's/auth\s       substack\s     password-auth/#auth       substack     password-auth/' $SSHD_PAM_CONF
+ 
+systemctl restart sshd
+
+
--- a/service/inst_pubkey_rhel_8.sh
+++ b/service/inst_pubkey_rhel_8.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_SSH_CONFIG=/etc/ssh/01-rublon-ssh.conf
+
+cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
+chown root:root $RUBLON_SSH_CONFIG
+chmod 640 $RUBLON_SSH_CONFIG
+
+grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe '#auth       substack     password-auth' $SSHD_PAM_CONF || sed -i 's/auth       substack     password-auth/#auth       substack     password-auth/' $SSHD_PAM_CONF
+
+systemctl restart sshd
+
--- a/service/postinst_pubkey
+++ b/service/postinst_pubkey
@ -1,41 +0,0 @@
-#!/bin/bash
-
-SSHD_CONF=/etc/ssh/sshd_config
-SSHD_PAM_CONF=/etc/pam.d/sshd
-RUBLON_CONFIG=/etc/rublon.config
-RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
-
-if [ ! -f $RUBLON_CONFIG ]
-then
-    cp -a /usr/share/rublon/rublon.config.defaults $RUBLON_CONFIG
-    chown root:root $RUBLON_CONFIG
-    chmod 640 $RUBLON_CONFIG
-fi
-cp -a /usr/share/rublon/service/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
-chown root:root $RUBLON_SSH_CONFIG
-chmod 640 $RUBLON_SSH_CONFIG
-
-if [ -f /etc/os-release ]
-then
-    . /etc/os-release
-fi
-
-#if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" ]]
-#then
-#	cd /usr/share/rublon/service
- #   	checkmodule -M -m -o login_rublon.mod login_rublon.te
-#	semodule_package -o login_rublon.pp -m login_rublon.mod
-#	semodule -i login_rublon.pp
-#fi
-
-grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
-grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
-grep -qe '@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
-
-if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" ]]
-then
-	systemctl restart sshd
-else 
-	deb-systemd-invoke restart ssh.service
-fi
-
Author	SHA1	Message	Date
unknown	a480838103	Merge branch 'bwi/v2.2.0' of http://192.168.68.6:3001/bartoszek/rublon-ssh into bwi/v2.2.0	2025-01-16 16:48:23 +01:00
unknown	3ac8989b66	added instalation script for pubkey	2025-01-16 16:47:17 +01:00