From ec244aa739817334b429c231db6b430ee7d607d6 Mon Sep 17 00:00:00 2001 From: Robert Date: Sun, 10 Dec 2023 12:49:58 -0500 Subject: [PATCH] gen --- app/neato_fns.php | 25 +++++++++++++++ app/utils/keygen.php | 9 +++++- config_files/deploy_sshd.php | 60 +++++++++++++++++++++++++++--------- 3 files changed, 79 insertions(+), 15 deletions(-) diff --git a/app/neato_fns.php b/app/neato_fns.php index 2c05719..384683d 100644 --- a/app/neato_fns.php +++ b/app/neato_fns.php @@ -210,3 +210,28 @@ function safe_cmd_quotes($data) { function safe_cmd($input, $in = '') { return (!empty($in)) ? escapeshellcmd(escapeshellarg($input) . " " . escapeshellarg($in)) : escapeshellcmd(escapeshellarg($input)); } + +function cgetopt($Options = []) { + global $argv; + $options = []; + $currentOption = null; + for ($i = 1; $i < count($argv); $i++) { + $arg = $argv[$i]; + if (substr($arg, 0, 1) == '-') { + $arg = substr($arg, 1); + if (in_array($arg, $Options)) { + $currentOption = $arg; + $options[$currentOption] = true; + } else { + $currentOption = null; + } + } else { + // Option value + if ($currentOption !== null) { + $options[$currentOption] = $arg; + $currentOption = null; + } + } + } + return $options; +} \ No newline at end of file diff --git a/app/utils/keygen.php b/app/utils/keygen.php index 0b2584c..f8ef1bc 100644 --- a/app/utils/keygen.php +++ b/app/utils/keygen.php @@ -17,5 +17,12 @@ class keygen { check_for_error($exit_code, "Unable to run ssh-keygen command: {$file}"); return $exit_code; } - + + public static function sign(string $host_ca_file, string $hostname, string $type="-h", string $fqdn = "", string $validfor = "+52w", string $file) { + exec(\neato::get_user_bin . 'ssh-keygen -s '. safe_cmd($host_ca_file).' -I '. safe_cmd($hostname).' '. safe_cmd($type).' -n '. safe_cmd($fqdn).' -V '. safe_cmd($validfor).' '. safe_cmd($file), $output, $exit_code); + display($output); + check_for_error($exit_code, "Unable to run ssh-keygen command: {$file}"); + return $exit_code; + } + } \ No newline at end of file diff --git a/config_files/deploy_sshd.php b/config_files/deploy_sshd.php index bce9228..e3ab2bd 100644 --- a/config_files/deploy_sshd.php +++ b/config_files/deploy_sshd.php @@ -1,27 +1,57 @@ value; + } } -if (file_exists("/etc/ssh/ssh_host_ed25519_key")) { - cp("/etc/ssh/ssh_host_ed25519_key", "/etc/ssh/ssh_host_ed25519_key_backup"); - rm("/etc/ssh/ssh_host_ed25519_key"); +$usePAM = $pam ?? PAM::no->getValue(); // yes or no + +enum INet: string { + case IPv4 = "inet"; + case IPv6 = "inet6"; + case any = "any"; + + public function getValue(): string { + return $this->value; + } } +$allowedInet = $inet ?? INet::any->getValue(); // any, IPv4, or IPv6 -do_command('keygen::rsa', "/etc/ssh/ssh_host_rsa_key"); -do_command('keygen::ed25519', "/etc/ssh/ssh_host_ed25519_key"); +force_root(); +run_once(); + +if ($rekey == "yes") { + if (file_exists("/etc/ssh/ssh_host_rsa_key")) { + cp("/etc/ssh/ssh_host_rsa_key", "/etc/ssh/ssh_host_rsa_key_backup"); + rm("/etc/ssh/ssh_host_rsa_key"); + } + if (file_exists("/etc/ssh/ssh_host_ed25519_key")) { + cp("/etc/ssh/ssh_host_ed25519_key", "/etc/ssh/ssh_host_ed25519_key_backup"); + rm("/etc/ssh/ssh_host_ed25519_key"); + } + do_command('keygen::rsa', "/etc/ssh/ssh_host_rsa_key"); + do_command('keygen::ed25519', "/etc/ssh/ssh_host_ed25519_key"); +} $sshd = "Protocol 2 Port $PortNumber -#AddressFamily inet +AddressFamily $allowedInet #ListenAddress :: #ListenAddress 0.0.0.0 @@ -46,6 +76,8 @@ LogLevel INFO LoginGraceTime 2m PermitRootLogin no AllowUsers $AllowUsers +#AllowGroups ssh_users +#DenyGroups StrictModes yes MaxAuthTries 6 MaxSessions 10