From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 27 Jun 2009 13:30:40 +0000 (+0200)
Subject: Automate sshd config fixing
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-wiki.git;a=commitdiff_plain;h=5702ccfa3b77e91c8ef2576d610650440c5f7da2

Automate sshd config fixing
---

diff --git a/input/howto/new-machine.creole b/input/howto/new-machine.creole
index 26e265a..68c8454 100644
--- a/input/howto/new-machine.creole
+++ b/input/howto/new-machine.creole
@@ -58,25 +58,25 @@ EOF
 
 * in /etc/ssh/sshd_config:
 ** disable the DSA hostkey, so that it only does RSA
-** remove old host keys: <BR>{{{
-    cd /etc/ssh/ && rm ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub
-}}}
+** remove old host keys:
 ** disable X11 forwarding
 ** Tell it to use alternate authorized_keys locations
-{{{
-    | HostKey /etc/ssh/ssh_host_rsa_key
-    | X11Forwarding no
-    | AuthorizedKeysFile /etc/ssh/userkeys/%u
-    | AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
-
-    vi /etc/ssh/sshd_config
+** maybe link root's auth key there:
+{{{
+    #| HostKey /etc/ssh/ssh_host_rsa_key
+    #| X11Forwarding no
+    #| AuthorizedKeysFile /etc/ssh/userkeys/%u
+    #| AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
+
+    cd /etc/ssh/ && rm -f ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub &&
+    mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root &&
+    sed -e -i 's/^HostKey.*_dsa_key/# &/;
+               s/^X11Forwarding yes/X11Forwarding no/;
+               $ a AuthorizedKeysFile /etc/ssh/userkeys/%u
+               $ a AuthorizedKeysFile2 /var/lib/misc/userkeys/%u' sshd_config &&
     (cd / && env -i /etc/init.d/ssh restart)
 }}}
 
-  * maybe link root's auth key there:
-{{{
-    mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root
-}}}
 
 
 * install userdir-ldap