Automate sshd config fixing

diff --git a/input/howto/new-machine.creole b/input/howto/new-machine.creole
index 26e265a..68c8454 100644 (file)
--- a/input/howto/new-machine.creole
+++ b/input/howto/new-machine.creole
@@ -58,25 +58,25 @@ EOF
 
 * in /etc/ssh/sshd_config:
 ** disable the DSA hostkey, so that it only does RSA
-** remove old host keys: <BR>{{{
-    cd /etc/ssh/ && rm ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub
-}}}
+** remove old host keys:
 ** disable X11 forwarding
 ** Tell it to use alternate authorized_keys locations
-{{{
-    | HostKey /etc/ssh/ssh_host_rsa_key
-    | X11Forwarding no
-    | AuthorizedKeysFile /etc/ssh/userkeys/%u
-    | AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
-
-    vi /etc/ssh/sshd_config
+** maybe link root's auth key there:
+{{{
+    #| HostKey /etc/ssh/ssh_host_rsa_key
+    #| X11Forwarding no
+    #| AuthorizedKeysFile /etc/ssh/userkeys/%u
+    #| AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
+
+    cd /etc/ssh/ && rm -f ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub &&
+    mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root &&
+    sed -e -i 's/^HostKey.*_dsa_key/# &/;
+               s/^X11Forwarding yes/X11Forwarding no/;
+               $ a AuthorizedKeysFile /etc/ssh/userkeys/%u
+               $ a AuthorizedKeysFile2 /var/lib/misc/userkeys/%u' sshd_config &&
     (cd / && env -i /etc/init.d/ssh restart)
 }}}
 
-  * maybe link root's auth key there:
-{{{
-    mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root
-}}}
 
 
 * install userdir-ldap