Skip to content

Commit 9ef6735

Browse files
jasonheecsjasonheecs
committed
Added sshd_config modifications
1 parent 2779c7f commit 9ef6735

File tree

3 files changed

+42
-2
lines changed

3 files changed

+42
-2
lines changed

setup.sh

+5-1
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,8 @@ fi
2929
addUserAccount "${username}" "${password}"
3030

3131
read -rp $'Paste in the public SSH key for the new user:\n' sshKey
32-
addSSHKey "${username}" "${sshKey}"
32+
addSSHKey "${username}" "${sshKey}"
33+
changeSSHConfig
34+
setupUfw
35+
36+
sudo service ssh restart

setupLibrary.sh

+10
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,14 @@ function execAsUser() {
2929
local exec_command=${2}
3030

3131
sudo -u "${username}" -H sh -c "${exec_command}"
32+
}
33+
34+
function changeSSHConfig() {
35+
sudo sed -re 's/^(\#?)(PasswordAuthentication)([[:space:]]+)yes/\2\3no/' -i.$(echo 'old') /etc/ssh/sshd_config
36+
sudo sed -re 's/^(\#?)(PermitRootLogin)([[:space:]]+)(.*)/PermitRootLogin no/' -i /etc/ssh/sshd_config
37+
}
38+
39+
function setupUfw() {
40+
sudo ufw allow OpenSSH
41+
yes y | sudo ufw enable
3242
}

tests/tests.sh

+27-1
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,31 @@ function testAddingOfSSHKey() {
4040
assertEquals "${ssh_file}" "${dummy_key}"
4141
}
4242

43+
function testChangeSSHConfig() {
44+
changeSSHConfig
45+
46+
local ssh_config="$(sudo cat /etc/ssh/sshd_config)"
47+
assertContains "PasswordAuthentication no" "${ssh_config}"
48+
assertContains "PermitRootLogin no" "${ssh_config}"
49+
}
50+
51+
function testUfw() {
52+
setupUfw
53+
54+
local ufw_status=$(sudo ufw status)
55+
assertContains "Status: active" "${ufw_status}"
56+
assertContains "OpenSSH" "${ufw_status}"
57+
}
58+
4359
function testTeardown () {
4460
echo "Test Teardown"
61+
4562
deleteTestUser
4663
revertSudoers
64+
revertSSHConfig
65+
66+
sudo ufw delete allow OpenSSH
67+
sudo ufw disable
4768
}
4869

4970
### Helper Functions ###
@@ -55,12 +76,17 @@ function deleteTestUser() {
5576

5677
function revertSudoers() {
5778
sudo cp /etc/sudoers.bak /etc/sudoers
58-
sudo rm -rf sudoers.bak
79+
sudo rm -rf /etc/sudoers.bak
5980
}
6081

6182
function disableSudoPassword() {
6283
sudo cp /etc/sudoers /etc/sudoers.bak
6384
sudo bash -c "echo '${test_user_account} ALL=(ALL) NOPASSWD: ALL' | (EDITOR='tee -a' visudo)"
6485
}
6586

87+
function revertSSHConfig() {
88+
sudo cp /etc/ssh/sshd_config.old /etc/ssh/sshd_config
89+
sudo rm -rf /etc/ssh/sshd_config.old
90+
}
91+
6692
runUnitTests

0 commit comments

Comments
 (0)