-
-
Notifications
You must be signed in to change notification settings - Fork 295
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
98c6649
commit 58d4ca6
Showing
2 changed files
with
82 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Activate/deactivate SSH | ||
| # | ||
| # | ||
| # Copyleft 2017 by Courtney Hicks | ||
| # GPL licensed (see end of file) * Use at your own risk! | ||
| # | ||
|
|
||
| ACTIVE_=no | ||
| USER_=pi | ||
| PASS_=raspberry | ||
| CONFIRM_=raspberry | ||
|
|
||
| DESCRIPTION="Activate or deactivate SSH" | ||
|
|
||
| install() { :; } | ||
|
|
||
| is_active() | ||
| { | ||
| systemctl status ssh &>/dev/null | ||
| } | ||
|
|
||
| configure() | ||
| { | ||
| [[ $ACTIVE_ != "yes" ]] && { | ||
| systemctl disable ssh | ||
| echo "SSH disabled" | ||
| return 0 | ||
| } | ||
|
|
||
| # Check for bad ideas | ||
| [[ "$USER_" == "pi" ]] && [[ "$PASS_" == "raspberry" ]] && { | ||
| echo "Refusing to use the default Raspbian user and password. It's insecure" | ||
| return 1 | ||
| } | ||
|
|
||
| # Change credentials | ||
| id "$USER_" &>/dev/null || useradd "$USER_" | ||
| echo -e "$PASS_\n$CONFIRM_" | passwd "$USER_" || return 1 | ||
|
|
||
| # Check for insecure default password ( taken from old jessie method ) | ||
| local SHADOW="$( grep -E '^pi:' /etc/shadow )" | ||
| test -n "${SHADOW}" && { | ||
| local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p') | ||
| local HASH=$(mkpasswd -msha-512 raspberry "$SALT") | ||
|
|
||
| grep -q "${HASH}" <<< "${SHADOW}" && { | ||
| systemctl stop ssh | ||
| systemctl disable ssh | ||
| echo "The user pi is using the default password. Refusing to activate SSH" | ||
| echo "SSH disabled" | ||
| return 1 | ||
| } | ||
| } | ||
|
|
||
| # Enable | ||
| systemctl enable ssh | ||
| systemctl start ssh | ||
| echo "SSH enabled" | ||
| } | ||
|
|
||
| # License | ||
| # | ||
| # This script is free software; you can redistribute it and/or modify it | ||
| # under the terms of the GNU General Public License as published by | ||
| # the Free Software Foundation; either version 2 of the License, or | ||
| # (at your option) any later version. | ||
| # | ||
| # This script is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this script; if not, write to the | ||
| # Free Software Foundation, Inc., 59 Temple Place, Suite 330, | ||
| # Boston, MA 02111-1307 USA |