marcio.fernandes
ce1d7a749a
Co-authored-by: Márcio Fernandes <marcio.fernandes@outlook.pt> Reviewed-on: #1
126 lines
3.6 KiB
Python
126 lines
3.6 KiB
Python
import yaml
|
|
import subprocess
|
|
import crypt
|
|
import os
|
|
import globals
|
|
import sys
|
|
|
|
config_file_path='/etc/ssh/sshd_config'
|
|
|
|
def set_sshd_option(file_path: str, key: str, value: str) -> None:
|
|
updated = False
|
|
lines = []
|
|
|
|
with open(file_path, 'r') as f:
|
|
for line in f:
|
|
if line.strip().startswith(key):
|
|
lines.append(f"{key} {value}\n")
|
|
updated = True
|
|
else:
|
|
lines.append(line)
|
|
|
|
if not updated:
|
|
lines.append(f"{key} {value}\n")
|
|
|
|
with open(file_path, 'w') as f:
|
|
f.writelines(lines)
|
|
|
|
print(f"✅ Updated {key} to '{value}' in {file_path}")
|
|
|
|
def load():
|
|
setup()
|
|
#print_server_config()
|
|
if globals.sshserver_enabled():
|
|
start_server()
|
|
|
|
|
|
|
|
|
|
def setup_certs():
|
|
certs=[
|
|
"/etc/ssh/certs/ssh_host_rsa_key",
|
|
"/etc/ssh/certs/ssh_host_ecdsa_key",
|
|
"/etc/ssh/certs/ssh_host_ed25519_key"
|
|
]
|
|
if not os.path.exists("/etc/ssh/certs"):
|
|
os.makedirs("/etc/ssh/certs")
|
|
print(f"📁 Created folder: /etc/ssh/certs")
|
|
|
|
if not os.listdir("/etc/ssh/certs"):
|
|
subprocess.run([
|
|
"ssh-keygen", "-t", "rsa", "-f",
|
|
"/etc/ssh/certs/ssh_host_rsa_key"
|
|
], check=True, stdout=sys.stdout, stderr=sys.stderr)
|
|
print(f"✅ RSA key and certificate created:🔑 /etc/ssh/certs/ssh_host_rsa_key")
|
|
|
|
subprocess.run([
|
|
"ssh-keygen", "-t", "ecdsa", "-f",
|
|
"/etc/ssh/certs/ssh_host_ecdsa_key"
|
|
], check=True, stdout=sys.stdout, stderr=sys.stderr)
|
|
print(f"✅ RSA key and certificate created:🔑 /etc/ssh/certs/ssh_host_ecdsa_key")
|
|
|
|
subprocess.run([
|
|
"ssh-keygen", "-t", "ed25519", "-f",
|
|
"/etc/ssh/certs/ssh_host_ed25519_key"
|
|
], check=True, stdout=sys.stdout, stderr=sys.stderr)
|
|
print(f"✅ RSA key and certificate created:🔑 /etc/ssh/certs/ssh_host_ed25519_key")
|
|
|
|
certLines=[]
|
|
for cert in certs:
|
|
if os.path.exists(cert):
|
|
certLines.append(f"HostKey {cert}\n")
|
|
else:
|
|
print(f"❌ HostKey path not found {cert}")
|
|
if not certLines: RuntimeError("❌ Missing server certificates configuration. Bind Volume to /etc/ssh/certs")
|
|
|
|
lines = []
|
|
with open(config_file_path, 'r') as f:
|
|
for line in f:
|
|
if line.strip().startswith("HostKey"):
|
|
continue # remove existing HostKey lines
|
|
lines.append(line)
|
|
|
|
for key in certLines:
|
|
print(f"✅ HostKey path updated to use {key}")
|
|
lines.append(key)
|
|
|
|
with open(config_file_path, 'w') as f:
|
|
f.writelines(lines)
|
|
|
|
|
|
|
|
def setup():
|
|
global config_file_path
|
|
|
|
serverConfig = globals.get_config().get("server") if globals.config_exits() else None
|
|
|
|
if not serverConfig:
|
|
return
|
|
|
|
optionsConfig = serverConfig.get("options")
|
|
if optionsConfig:
|
|
for option in optionsConfig:
|
|
set_sshd_option(config_file_path, option, optionsConfig[option])
|
|
setup_certs()
|
|
|
|
|
|
|
|
def print_server_config():
|
|
with open(config_file_path, 'r') as f:
|
|
content = f.read()
|
|
print(content)
|
|
|
|
|
|
def start_server():
|
|
print("INFO: Starting ssh server.")
|
|
serverPort=None
|
|
serverConfig = globals.get_config().get("server") if globals.config_exits() else None
|
|
if serverConfig:
|
|
serverPort = serverConfig.get("port")
|
|
if serverPort:
|
|
subprocess.run(["/usr/sbin/sshd", "-D", "-e", "-p", str(serverPort)])
|
|
else:
|
|
subprocess.run(["/usr/sbin/sshd", "-D", "-e"])
|
|
|
|
if __name__ == "__main__":
|
|
load() |