aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-04-16 19:39:36 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 04:28:07 +0200
commit77ec2e80ad7085fb5f35a4624ac16bb65d580ca8 (patch)
tree8927703d2a499296feac693f1cc0ff40f578959f /src
parentfb7da2da82b4d90f23d6270d2e64823a8ce6d4b0 (diff)
Restrict SSH login to members of the 'ssh-login' group.
Don't use the group 'ssh', as it's automatically created by openssh-client's postinstall hook, and is used for ssh-agent's setgid.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/fripost-postinst-udeb/finish-install.d/07fripost4
-rw-r--r--src/fripost-postinst-udeb/sshd_config2
2 files changed, 5 insertions, 1 deletions
diff --git a/src/fripost-postinst-udeb/finish-install.d/07fripost b/src/fripost-postinst-udeb/finish-install.d/07fripost
index 2dfb98b..6b5d7b1 100755
--- a/src/fripost-postinst-udeb/finish-install.d/07fripost
+++ b/src/fripost-postinst-udeb/finish-install.d/07fripost
@@ -286,3 +286,7 @@ progress "Copying authorized_keys to ~$user/.ssh"
[ -d /target"$home/.ssh" ] || mkdir -m0700 /target"$home/.ssh"
copy_authorized_keys $import/authorized_keys /target"$home/.ssh/authorized_keys"
chown -R "$ugid" /target"$home/.ssh" # Probably 1000:1000, but who knows
+
+# Enable ssh login for "$user"
+/bin/in-target /usr/sbin/addgroup --system ssh-login
+/bin/in-target /usr/sbin/adduser "$user" ssh-login
diff --git a/src/fripost-postinst-udeb/sshd_config b/src/fripost-postinst-udeb/sshd_config
index e81b272..4281ad1 100644
--- a/src/fripost-postinst-udeb/sshd_config
+++ b/src/fripost-postinst-udeb/sshd_config
@@ -16,7 +16,7 @@ LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
-AllowGroups ssh
+AllowGroups ssh-login
StrictModes yes
PubkeyAuthentication yes