diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d6859c120..8eb1668eb 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,7 +34,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ @@ -43,6 +43,7 @@ - iiab-update - iiab-summary - iiab-diagnostics + - iiab-root-login - name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update file: diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-network b/scripts/iiab-network old mode 100644 new mode 100755 diff --git a/scripts/iiab-root-login b/scripts/iiab-root-login new file mode 100755 index 000000000..2d968e857 --- /dev/null +++ b/scripts/iiab-root-login @@ -0,0 +1,60 @@ +#!/bin/bash -e +# "-e" tries to exit right away on error. + +# Enable (and set!) root login password for ssh and sftp. +# To help everyday IIAB implementers upload content with FileZilla: +# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F + +# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use: +# sudo iiab-root-login + +if [ ! -f /etc/ssh/sshd_config ]; then + echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n' + exit 1 +fi + +if ! systemctl is-active ssh > /dev/null; then + echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n" + exit 1 +fi + +if [ $# -eq 0 ]; then + echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m' + echo -en '\nWhat ssh and sftp password do you want for user "root" ? ' + read ans < /dev/tty +else + ans=$1 + echo +fi + +if [[ $ans == "" ]]; then + echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n' + exit 1 +else + echo root:"$ans" | chpasswd + echo -e 'Password changed, for user "root".\n' +fi + +# Comment out problematic line(s) in file(s) like... +# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf +# ...that appear in Multipass VMs, etc: +sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true +sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true + +if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config +else + echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +fi + +if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config +else + echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config +fi + +if systemctl reload ssh; then + echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n' +else + echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n' +fi diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-update b/scripts/iiab-update index 76095753f..689f715e0 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -41,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then