mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
60 lines
2 KiB
Bash
Executable file
60 lines
2 KiB
Bash
Executable file
#!/bin/bash -e
|
|
# "-e" tries to exit right away on error.
|
|
|
|
# Enable (and set!) root login password for ssh and sftp.
|
|
# To help everyday IIAB implementers upload content with FileZilla:
|
|
# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F
|
|
|
|
# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use:
|
|
# sudo iiab-root-login <PASSWORD>
|
|
|
|
if [ ! -f /etc/ssh/sshd_config ]; then
|
|
echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n'
|
|
exit 1
|
|
fi
|
|
|
|
if ! systemctl is-active ssh > /dev/null; then
|
|
echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n"
|
|
exit 1
|
|
fi
|
|
|
|
if [ $# -eq 0 ]; then
|
|
echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m'
|
|
echo -en '\nWhat ssh and sftp password do you want for user "root" ? '
|
|
read ans < /dev/tty
|
|
else
|
|
ans=$1
|
|
echo
|
|
fi
|
|
|
|
if [[ $ans == "" ]]; then
|
|
echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n'
|
|
exit 1
|
|
else
|
|
echo root:"$ans" | chpasswd
|
|
echo -e 'Password changed, for user "root".\n'
|
|
fi
|
|
|
|
# Comment out problematic line(s) in file(s) like...
|
|
# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
|
|
# ...that appear in Multipass VMs, etc:
|
|
sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true
|
|
sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true
|
|
|
|
if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then
|
|
sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config
|
|
else
|
|
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then
|
|
sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config
|
|
else
|
|
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
if systemctl reload ssh; then
|
|
echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n'
|
|
else
|
|
echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n'
|
|
fi
|