-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup-ssh.sh
executable file
·37 lines (26 loc) · 1.27 KB
/
setup-ssh.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Configure SSH options and only allow access to the custodian, sysadmin and
# owner
echo "INFO: setup-ssh.sh: Configuring sshd and ssh to only use Protocol v2"
MAC="$(/sbin/ifconfig ${KSDEVICE} | grep HWaddr | cut -dr -f3 | sed -e 's/ *//g')"
echo "INFO: read-hdb.sh: Getting system information from HDB for MAC address (${MAC})"
wget -N -q -O - http://hdb.ic.ac.uk/Zope/complete_reg/self_info?mac=${MAC} > /root/selfinfo
CUSTODIAN="$(cat /root/selfinfo | grep custodian | cut -d ';' -f 2)"
OWNER="$(cat /root/selfinfo | grep machineowner | cut -d ';' -f 2)"
SYSADMIN="$(cat /root/selfinfo | grep sysadmin | cut -d ';' -f 2)"
if [ "${CUSTODIAN}" = "" ]; then
CUSTODIAN="${OWNER}"
fi
if [ "${SYSADMIN}" == "" ]; then
SYSADMIN="${CUSTODIAN}"
fi
echo "INFO: setup-ssh.sh: Setting ssh banner"
echo > /etc/issue
echo "Unauthorised Access Is Prohibited" >> /etc/issue
echo >> /etc/issue
sed -i -e 's/#Banner.*/Banner \/etc\/issue/g' /etc/ssh/sshd_config
echo "INFO: setup-ssh.sh: Configuring sshd to allow owner, custodian and system administrator remote access (${OWNER},${CUSTODIAN},${SYSADMIN})"
/usr/sbin/usermod -a -G sshd root
for FIELD in "${OWNER}" "${CUSTODIAN}" "${SYSADMIN}"; do
/usr/sbin/usermod -a -G sshd ${FIELD}
done
echo "AllowGroups sshd" >> /etc/ssh/sshd_config