Enable adding SSH pubkey and setting pubkey only (RPi-Distro#380)

This commit add the ability to specify an SSH public key as well as the option to disable password authentication and only allow public key authentication for SSH. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
analogdevicesinc · Mar 4, 2022 · 7fd9f45 · 7fd9f45
1 parent 09b2a99
commit 7fd9f45
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/stage2/01-sys-tweaks/01-run.sh b/stage2/01-sys-tweaks/01-run.sh
@@ -11,15 +11,17 @@ install -m 644 files/console-setup   	"${ROOTFS_DIR}/etc/default/"
 
 install -m 755 files/rc.local		"${ROOTFS_DIR}/etc/"
 
-install -m 644 files/iiod.service	"${ROOTFS_DIR}/lib/systemd/system/"
-install -m 644 files/x11vnc.service	"${ROOTFS_DIR}/lib/systemd/system/"
-
-install -d				"${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.vnc"
-install -m 644 files/passwd		"${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.vnc/"
+if [ -n "${PUBKEY_SSH_FIRST_USER}" ]; then
+	install -v -m 0700 -o 1000 -g 1000 -d "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh
+	echo "${PUBKEY_SSH_FIRST_USER}" >"${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
+	chown 1000:1000 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
+	chmod 0600 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys
+fi
 
-install -m 644 "${ROOTFS_DIR}/usr/share/doc/avahi-daemon/examples/ssh.service" "${ROOTFS_DIR}/etc/avahi/services/"
-#Enable root login for ssh
-sed -i 's/.*PermitRootLogin.*/PermitRootLogin yes/g' "${ROOTFS_DIR}/etc/ssh/sshd_config"
+if [ "${PUBKEY_ONLY_SSH}" = "1" ]; then
+	sed -i -Ee 's/^#?[[:blank:]]*PubkeyAuthentication[[:blank:]]*no[[:blank:]]*$/PubkeyAuthentication yes/
+s/^#?[[:blank:]]*PasswordAuthentication[[:blank:]]*yes[[:blank:]]*$/PasswordAuthentication no/' "${ROOTFS_DIR}"/etc/ssh/sshd_config
+fi
 
 on_chroot << EOF
 systemctl disable hwclock.sh