Skip to content

Bb authorized keys for#60

Open
asakapab0i wants to merge 8 commits intomasterfrom
bb-allow-root-authorized-keys-for
Open

Bb authorized keys for#60
asakapab0i wants to merge 8 commits intomasterfrom
bb-allow-root-authorized-keys-for

Conversation

@asakapab0i
Copy link
Contributor

@asakapab0i asakapab0i commented Dec 16, 2022
edited
Loading

Description of the change

Description here

Type of change

  • Bug fix
  • New feature

Testing

  • Testing information has been added - test cases checklist and steps followed for testing.
  • Testing screenshot(s) attached for more information.

Security

  • This PR has security related considerations.

Test results

Fresh instance with no --allow-authorized-keys-for parameter

--- Old /etc/ssh/sshd_config
+++ New /etc/ssh/sshd_config
@@ -121,3 +121,11 @@
 #      AllowTcpForwarding no
 #      PermitTTY no
 #      ForceCommand cvs server
+
+AuthorizedKeysFile     noner
+
+Match User *
+       AuthorizedKeysFile ./ssh/authorized_keys
+
+AuthorizedKeysCommand          /usr/local/sbin/foxpass_ssh_keys.sh
+AuthorizedKeysCommandUser      root

With --allow-authorized-keys-for parameter e.g --allow-authorized-keys-for ubuntu

--- Old /etc/ssh/sshd_config
+++ New /etc/ssh/sshd_config
@@ -122,9 +122,9 @@
 #      PermitTTY no
 #      ForceCommand cvs server

-AuthorizedKeysFile     noner
+AuthorizedKeysFile    noner

-Match User *
+Match User ubuntu
        AuthorizedKeysFile ./ssh/authorized_keys

With --allow-authorized-keys-for parameter for multiple users e.g --allow-authorized-keys-for ubuntu,test,bryan

--- Old /etc/ssh/sshd_config
+++ New /etc/ssh/sshd_config
@@ -124,7 +124,7 @@

 AuthorizedKeysFile    noner

-Match User ubuntu
+Match User ubuntu,test,bryan
        AuthorizedKeysFile ./ssh/authorized_keys

With existing AuthorizedKeysFile before running the install script with --allow-authorized-keys-for parameter

--- Old /etc/ssh/sshd_config
+++ New /etc/ssh/sshd_config
@@ -122,7 +122,7 @@
 #      PermitTTY no
 #      ForceCommand cvs server

-AuthorizedKeysFile    .ssh/authorized_keys
+AuthorizedKeysFile    noner

With no existing AuthorizedKeysFile running the install script with --allow-authorized-keys-for parameter

--- Old /etc/ssh/sshd_config
+++ New /etc/ssh/sshd_config
@@ -129,3 +129,5 @@
 AuthorizedKeysCommand          /usr/local/sbin/foxpass_ssh_keys.sh
 AuthorizedKeysCommandUser      root

+
+AuthorizedKeysFile     noner

Rerunning the script twice should not create a duplicate line.

Passed

@asakapab0i asakapab0i requested review from aren and grk-it December 16, 2022 06:50
aren
aren reviewed Dec 29, 2022
View reviewed changes
aren
aren reviewed Dec 29, 2022
View reviewed changes
@asakapab0i asakapab0i requested a review from aren December 30, 2022 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grk-it grk-it Awaiting requested review from grk-it

@aren aren Awaiting requested review from aren

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asakapab0i @aren