diff options
Diffstat (limited to 'meta-unit-core/recipes-connectivity')
| -rw-r--r-- | meta-unit-core/recipes-connectivity/openssh/openssh_%.bbappend | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/meta-unit-core/recipes-connectivity/openssh/openssh_%.bbappend b/meta-unit-core/recipes-connectivity/openssh/openssh_%.bbappend new file mode 100644 index 0000000..d520f4a --- /dev/null +++ b/meta-unit-core/recipes-connectivity/openssh/openssh_%.bbappend @@ -0,0 +1,23 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +do_install:append () { + # Disable root login completely + sed -i -e 's:#PermitRootLogin.*:PermitRootLogin no:' ${D}${sysconfdir}/ssh/sshd_config + + # Enable public key authentication + sed -i -e 's:#PubkeyAuthentication yes:PubkeyAuthentication yes:' ${D}${sysconfdir}/ssh/sshd_config + + # Add global authorized_keys file to AuthorizedKeysFile + sed -i -e 's:^AuthorizedKeysFile.*:AuthorizedKeysFile\t.ssh/authorized_keys /etc/ssh/authorized_keys:' ${D}${sysconfdir}/ssh/sshd_config + + # Disable password authentication + sed -i -e 's:#PasswordAuthentication yes:PasswordAuthentication no:' ${D}${sysconfdir}/ssh/sshd_config + + # Explicitly disable empty passwords + sed -i -e 's:#PermitEmptyPasswords no:PermitEmptyPasswords no:' ${D}${sysconfdir}/ssh/sshd_config + + # Restrict SSH access to unitexe user only + echo "" >> ${D}${sysconfdir}/ssh/sshd_config + echo "# Allow only the unitexe user" >> ${D}${sysconfdir}/ssh/sshd_config + echo "AllowUsers unitexe" >> ${D}${sysconfdir}/ssh/sshd_config +} |