need to be able to idempotently only change the config files
This commit is contained in:
parent
f904052111
commit
8add03fadb
9
TODO
9
TODO
@ -1,3 +1,10 @@
|
|||||||
-git
|
-git
|
||||||
-net/addr needs DNS/PTR/allocation stuff etc.
|
-net/addr needs DNS/PTR/allocation stuff etc.
|
||||||
-net/mirroring
|
-net/mirroring
|
||||||
|
|
||||||
|
-storage, see if we can access lvm and cryptsetup functions via https://github.com/storaged-project/libblockdev/issues/41
|
||||||
|
--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.MDRaid.html
|
||||||
|
--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.Encrypted.html
|
||||||
|
--http://mindbending.org/en/python-and-udisks-part-2
|
||||||
|
--http://storaged.org/doc/udisks2-api/2.6.5/gdbus-org.freedesktop.UDisks2.Block.html
|
||||||
|
--https://dbus.freedesktop.org/doc/dbus-python/doc/tutorial.html
|
@ -20,8 +20,8 @@ conf_options['sshd'] = {'KexAlgorithms': 'curve25519-sha256@libssh.org,diffie-he
|
|||||||
'ChallengeResponseAuthentication': 'no',
|
'ChallengeResponseAuthentication': 'no',
|
||||||
'PubkeyAuthentication': 'yes',
|
'PubkeyAuthentication': 'yes',
|
||||||
'Ciphers': 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr',
|
'Ciphers': 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr',
|
||||||
'MACs': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,' +
|
'MACs': ('hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,' +
|
||||||
'umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com'}
|
'hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com')}
|
||||||
# Uncomment if this is further configured
|
# Uncomment if this is further configured
|
||||||
#conf_options['sshd']['AllowGroups'] = 'ssh-user'
|
#conf_options['sshd']['AllowGroups'] = 'ssh-user'
|
||||||
|
|
||||||
@ -177,12 +177,18 @@ def clientKeys(user = 'root'):
|
|||||||
return(pubkeys)
|
return(pubkeys)
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
#Warning: The moduli stuff takes a LONG time to run. Hours.
|
_chkfile = '/etc/ssh/.aif-generated'
|
||||||
buildmoduli = True
|
if not os.path.isfile(_chkfile):
|
||||||
hostKeys(buildmoduli)
|
#Warning: The moduli stuff takes a LONG time to run. Hours.
|
||||||
|
buildmoduli = True
|
||||||
|
hostKeys(buildmoduli)
|
||||||
for t in ('sshd', 'ssh'):
|
for t in ('sshd', 'ssh'):
|
||||||
config(conf_options[t], t)
|
config(conf_options[t], t)
|
||||||
clientKeys()
|
clientKeys()
|
||||||
|
with open(_chkfile, 'w') as f:
|
||||||
|
f.write(('ssh, sshd, and hostkey configurations/keys have been ' +
|
||||||
|
'modified by sshsecure.py from OpTools.\nhttps://git.square-r00t.net/OpTools/\n'))
|
||||||
|
return()
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
Loading…
Reference in New Issue
Block a user