#!/bin/sh WORKDIR=/root case "$LANG" in fr_FR) echo "-----------------------" echo "Configuration de SSH..." echo "-----------------------" echo -n "Voulez vous créer une paire de clé publique/privé pour 'root' ? (o/n) [n] " ;; *) echo "------------------" echo "Configuring SSH..." echo "------------------" echo -n "Do you want to generate a public/private keypair for user 'root' ? (y/n) [n] " ;; esac read sshkeys if [ "$sshkeys" = "o" -o "$sshkeys" = "y" ]; then passok=1 while [ "$passok" != "0" ] ; do ssh-keygen -t rsa -f ${WORKDIR}/key.ppk 2>${WORKDIR}/err passok=$(grep -c "passphrase too short" < ${WORKDIR}/err) if [ "$passok" = "1" ]; then echo "passphrase too short: have 4 bytes, need > 4" echo fi done cat ${WORKDIR}/key.ppk.pub > /root/.ssh/authorized_keys cat ${WORKDIR}/key.ppk >> /root/.ssh/authorized_keys case "$LANG" in fr_FR) echo "Désactivation de l'authentification SSH à l'aide de mots de passe standards" ;; *) echo "Disabling SSH authentification SSH with standards passwords" ;; esac config setprop sshd PasswordAuthentication no signal-event remoteaccess-update case "$LANG" in fr_FR) echo "Envoi de la clé privée par mail à l'admin..." ;; *) echo "Sending private key by e-mail to the admin..." ;; esac echo > ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt case "$LANG" in fr_FR) echo "- L'accès SSH à votre serveur SME a été sécurisé avec une paire de clés publique-privé." >> ${WORKDIR}/ssh.txt echo "- L'authenfication par SSH à l'aide de mots de passe standards a été désactivée pour augmenter le niveau de sécurité." >> ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt echo "- Les clés ont étés générés avec OPENSSH et si vous utilisez PuTTY et WinSCP, vous devrez alors modifier" >> ${WORKDIR}/ssh.txt echo "- la clé publique qui vous a été envoyée dans ce mail avant de pouvoir l'utiliser avec WinSCP par exemple." >> ${WORKDIR}/ssh.txt echo "- Il suffit d'éditer la clé avec PuTTYGen et de la sauvegarder dans le bon format." >> ${WORKDIR}/ssh.txt echo "- Vous pourrez ensuite utiliser la clé avec WinSCP..." >> ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt echo "- ATTENTION : Ne perdez pas le fichier joint à ce mail, il a été supprimé du serveur !" >> ${WORKDIR}/ssh.txt echo "- Si vous perdez ce fichier, vous devrez réactiver l'authentification par SSH à l'aide de mots de passe" >> ${WORKDIR}/ssh.txt echo "- standards dans le server-manager pour supprimer et recréer le fichier '${WORKDIR}/.ssh/authorized_keys'" >> ${WORKDIR}/ssh.txt mutt -s "Mise en place des clés SSH" admin < ${WORKDIR}/ssh.txt -a ${WORKDIR}/key.ppk ;; *) echo "- SSH access to your server has been secured with a public-private key pair." >> ${WORKDIR}/ssh.txt echo "- SSH authenfication with standards passwords has been disabled to increase security level." >> ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt echo "- Keys have been generated using OPENSSH and if you're using PuTTY and WinSCP, you should then modify" >> ${WORKDIR}/ssh.txt echo "- the public key that was attached to this e-mail before being able to use it with WinSCP for exemple." >> ${WORKDIR}/ssh.txt echo "- You just have to edit the key with PuTTYGen and saving it in the good format." >> ${WORKDIR}/ssh.txt echo "- You will then be able to use the key with WinSCP..." >> ${WORKDIR}/ssh.txt echo >> ${WORKDIR}/ssh.txt echo "- BE CAREFUL : Don't lose this attached file as it has been deleted from the server!" >> ${WORKDIR}/ssh.txt echo "- If you lose this file, you will have to reactivate SSH authentification with standards passwords" >> ${WORKDIR}/ssh.txt echo "- in the server-manager to delete and recreate the file '${WORKDIR}/.ssh/authorized_keys'" >> ${WORKDIR}/ssh.txt mutt -s "SSH keys installation report" admin < ${WORKDIR}/ssh.txt -a ${WORKDIR}/key.ppk ;; esac rm -f ${WORKDIR}/err rm -f ${WORKDIR}/key.ppk.pub rm -f ${WORKDIR}/key.ppk rm -f ${WORKDIR}/ssh.txt echo echo echo fi