[Ovirt-devel] [PATCH node] Disables SSH by default, and allows for enabling at firstboot. rhbz#509842
Darryl L. Pierce
dpierce at redhat.com
Mon Jul 6 21:27:38 UTC 2009
Adds a new firstboot menu option for enabling/disabling SSH login.
Signed-off-by: Darryl L. Pierce <dpierce at redhat.com>
---
Makefile.am | 1 +
ovirt-node.spec.in | 3 ++
scripts/ovirt-config-enable-ssh | 46 +++++++++++++++++++++++++++++++++++++++
3 files changed, 50 insertions(+), 0 deletions(-)
create mode 100755 scripts/ovirt-config-enable-ssh
diff --git a/Makefile.am b/Makefile.am
index 2f52144..7f4fa07 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,6 +33,7 @@ EXTRA_DIST = \
scripts/ovirt-config-boot \
scripts/ovirt-config-boot-wrapper \
scripts/ovirt-config-collectd \
+ scripts/ovirt-config-enable-ssh \
scripts/ovirt-config-hostname \
scripts/ovirt-config-logging \
scripts/ovirt-config-networking \
diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index 6fa45ce..361d092 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -148,6 +148,7 @@ cd -
%{__install} -p -m0755 scripts/ovirt-config-boot %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/ovirt-config-boot-wrapper %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/ovirt-config-collectd %{buildroot}%{_sbindir}
+%{__install} -p -m0755 scripts/ovirt-config-enable-ssh %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/ovirt-config-hostname %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/ovirt-config-logging %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/ovirt-config-networking %{buildroot}%{_sbindir}
@@ -224,6 +225,7 @@ ln -s ovirt-release %{buildroot}/etc/system-release
%{__install} -d -m0755 %{buildroot}%{_sysconfdir}/ovirt-config-setup.d
%{__ln_s} ../..%{_sbindir}/ovirt-config-storage %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"00_Disk Partitioning"
%{__ln_s} ../..%{_sbindir}/ovirt-config-password %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"05_Administrator Password"
+%{__ln_s} ../..%{_sbindir}/ovirt-config-enable-ssh %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"06_Enable SSH Access"
%{__ln_s} ../..%{_sbindir}/ovirt-config-hostname %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"10_Set Hostname"
%{__ln_s} ../..%{_sbindir}/ovirt-config-networking %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"15_Networking Setup"
%{__ln_s} ../..%{_sbindir}/ovirt-config-logging %{buildroot}%{_sysconfdir}/ovirt-config-setup.d/"30_Logging Setup"
@@ -306,6 +308,7 @@ fi
%{_sbindir}/ovirt-config-boot
%{_sbindir}/ovirt-config-boot-wrapper
%{_sbindir}/ovirt-config-collectd
+%{_sbindir}/ovirt-config-enable-ssh
%{_sbindir}/ovirt-config-hostname
%{_sbindir}/ovirt-config-logging
%{_sbindir}/ovirt-config-networking
diff --git a/scripts/ovirt-config-enable-ssh b/scripts/ovirt-config-enable-ssh
new file mode 100755
index 0000000..ec01b26
--- /dev/null
+++ b/scripts/ovirt-config-enable-ssh
@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# Iterates over the list of network devices on the node and prompts the user
+# to configure each.
+
+. /etc/init.d/ovirt-functions
+
+ME=$(basename "$0")
+warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
+die() { warn "$*"; exit 1; }
+
+WORKDIR=$(mktemp -d) || exit 1
+
+# Remove $WORKDIR upon interrupt (and HUP, PIPE, TERM) and upon normal
+# termination, being careful not to change the exit status.
+trap '__st=$?; rm -rf "$WORKDIR"; exit $__st' 0
+trap 'exit $?' 1 2 13 15
+
+toggle_ssh_access ()
+{
+ local allowed=$1
+ local config=$WORKDIR/augeas-ssh
+
+ if $allowed; then permit="yes"; else permit="no"; fi
+ printf "set /files/etc/ssh/sshd_config/PermitRootLogin ${permit}\n" > $config
+ cat $config | augtool
+
+ service sshd restart
+}
+
+while true; do
+ state="disabled"
+ prompt="Enable SSH access"
+ grep "^PermitRootLogin\ *yes" /etc/ssh/sshd_config > /dev/null
+ if [ $? == 0 ]; then
+ state="enabled"
+ prompt="Leave SSH access enabled"
+ fi
+ printf "\nSSH access is currently ${state}.\n\n"
+ read -ep "${prompt} (y/n/a)? "
+ case $REPLY in
+ Y|y) toggle_ssh_access true; exit 0;;
+ N|n) toggle_ssh_access false; exit 0;;
+ A|a) exit 99;;
+ esac
+done
--
1.6.2.5
More information about the ovirt-devel
mailing list