blob: d520f4a01ccdcb371edc0ba3bf2b64a2b46e9be8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
do_install:append () {
# Disable root login completely
sed -i -e 's:#PermitRootLogin.*:PermitRootLogin no:' ${D}${sysconfdir}/ssh/sshd_config
# Enable public key authentication
sed -i -e 's:#PubkeyAuthentication yes:PubkeyAuthentication yes:' ${D}${sysconfdir}/ssh/sshd_config
# Add global authorized_keys file to AuthorizedKeysFile
sed -i -e 's:^AuthorizedKeysFile.*:AuthorizedKeysFile\t.ssh/authorized_keys /etc/ssh/authorized_keys:' ${D}${sysconfdir}/ssh/sshd_config
# Disable password authentication
sed -i -e 's:#PasswordAuthentication yes:PasswordAuthentication no:' ${D}${sysconfdir}/ssh/sshd_config
# Explicitly disable empty passwords
sed -i -e 's:#PermitEmptyPasswords no:PermitEmptyPasswords no:' ${D}${sysconfdir}/ssh/sshd_config
# Restrict SSH access to unitexe user only
echo "" >> ${D}${sysconfdir}/ssh/sshd_config
echo "# Allow only the unitexe user" >> ${D}${sysconfdir}/ssh/sshd_config
echo "AllowUsers unitexe" >> ${D}${sysconfdir}/ssh/sshd_config
}
|
