Use augeas instead of echo / sed to edit ssh/sshd configuration
Implements: blueprint merge-dib-hadoop-elements Change-Id: I1f2f8c3d69d879660aabf6f72560e6d22012a0a5
This commit is contained in:
parent
4cd9ca4df8
commit
0092ac37df
|
@ -2,7 +2,7 @@
|
||||||
echo "Hadoop setup begins"
|
echo "Hadoop setup begins"
|
||||||
tmp_dir=/tmp/hadoop
|
tmp_dir=/tmp/hadoop
|
||||||
|
|
||||||
install-packages openssh-server wget
|
install-packages wget
|
||||||
echo "Creating hadoop user & group"
|
echo "Creating hadoop user & group"
|
||||||
adduser -G adm,wheel hadoop
|
adduser -G adm,wheel hadoop
|
||||||
|
|
||||||
|
|
|
@ -1,21 +1,28 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
echo "Adjusting ssh configuration"
|
echo "Adjusting ssh configuration"
|
||||||
|
|
||||||
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
|
# /etc/ssh/sshd_config is provided by openssh-server
|
||||||
echo "UseDNS no" >> /etc/ssh/sshd_config
|
# /etc/ssh/ssh_config is provided by openssh-clients
|
||||||
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
|
# Note0: augtool is provided by augeas-tools on Ubuntu
|
||||||
echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
|
# Note1: augtool on Ubuntu does not auto-save, pass -s
|
||||||
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
|
install-packages augeas openssh-server openssh-clients
|
||||||
echo "StrictModes yes" >> /etc/ssh/sshd_config
|
|
||||||
echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
|
|
||||||
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
|
|
||||||
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
|
|
||||||
|
|
||||||
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
|
augtool set /files/etc/ssh/sshd_config/PasswordAuthentication yes
|
||||||
echo "GSSAPIDelegateCredentials no" >> /etc/ssh/ssh_config
|
augtool set /files/etc/ssh/sshd_config/UseDNS no
|
||||||
sed -i 's/ GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
|
augtool set /files/etc/ssh/sshd_config/PermitTunnel yes
|
||||||
|
augtool set /files/etc/ssh/sshd_config/SyslogFacility AUTH
|
||||||
|
augtool set /files/etc/ssh/sshd_config/PermitRootLogin yes
|
||||||
|
augtool set /files/etc/ssh/sshd_config/StrictModes yes
|
||||||
|
augtool set /files/etc/ssh/sshd_config/RSAAuthentication yes
|
||||||
|
augtool set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
|
||||||
|
augtool set /files/etc/ssh/sshd_config/IgnoreRhosts yes
|
||||||
|
|
||||||
|
augtool set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
|
||||||
|
augtool set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no
|
||||||
|
augtool set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no
|
||||||
|
|
||||||
|
# No known augeas lense for cloud-init config
|
||||||
sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
|
sed -i 's/ssh_pwauth: 0/ssh_pwauth: 1/' /etc/cloud/cloud.cfg
|
||||||
chmod 640 /etc/sudoers
|
|
||||||
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers
|
augtool clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
|
||||||
chmod 0440 /etc/sudoers
|
|
||||||
|
|
Loading…
Reference in New Issue