Merge pull request #8 from deadcxap/codex/move-include-directive-in-setup.sh-68stmx

Корректная нумерация SSH drop-in и возврат Include
This commit is contained in:
deadcxap
2025-08-24 10:17:45 +03:00
committed by GitHub
+8 -18
View File
@@ -126,32 +126,22 @@ configure_ssh() {
printf \"%s\n\" \"$SSH_KEY\" > \"/home/$USERNAME/.ssh/authorized_keys\"
chmod 600 \"/home/$USERNAME/.ssh/authorized_keys\"
chown -R \"$USERNAME\":\"$USERNAME\" \"/home/$USERNAME/.ssh\"
if ! grep -qE \"^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf\" /etc/ssh/sshd_config; then
echo \"Include /etc/ssh/sshd_config.d/*.conf\" >> /etc/ssh/sshd_config
if ! grep -qE '^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\*.conf' /etc/ssh/sshd_config; then
sed -i '1iInclude /etc/ssh/sshd_config.d/*.conf' /etc/ssh/sshd_config
fi
install -d -m 755 /etc/ssh/sshd_config.d
dir=/etc/ssh/sshd_config.d
shopt -s nullglob
for f in \"\$dir\"/*.conf; do
base=\$(basename \"\$f\")
case \"\$base\" in
[0-9][0-9]-*.conf)
[[ \$base == 99-* ]] && mv \"\$f\" \"\${f%.conf}.disabled\"
;;
*)
mv \"\$f\" \"\${f%.conf}.disabled\"
;;
esac
if [[ \$base == 00-* ]]; then
mv \"\$f\" \"\$dir/01-\$base\"
elif [[ \$base != [0-9][0-9]-* ]]; then
mv \"\$f\" \"\${f%.conf}.disabled\"
fi
done
shopt -u nullglob
max=\$(find \"\$dir\" -maxdepth 1 -type f -name '[0-9][0-9]-*.conf' | sed -n 's#.*/\\([0-9][0-9]\\)-.*#\\1#p' | sort -n | tail -1)
if [ -z \"\$max\" ]; then
next=10
else
next=\$((10#\$max + 10))
[ \"\$next\" -gt 99 ] && next=99
fi
newfile=\$(printf '%s/%02d-hardening.conf' \"\$dir\" \"\$next\")
newfile=\"\$dir/00-hardening.conf\"
printf \"%s\n\" 'PasswordAuthentication no' 'PermitRootLogin no' 'KbdInteractiveAuthentication no' > \"\$newfile\"
chown root:root \"\$newfile\"
chmod 0644 \"\$newfile\"