[Ovirt-devel] Re: [PATCH node] Provides a means to toggle SSH password auth from the firstboot menu. rhbz#509842
Alan Pevec
apevec at redhat.com
Thu Jul 9 21:08:48 UTC 2009
Darryl L. Pierce wrote:
> +toggle_ssh_access ()
> +{
> + local allowed=$1
> + local config=$WORKDIR/augeas-ssh
$WORKDIR is not initialized, so this ends up in /
but better to avoid temp file completely:
> +
> + if $allowed; then permit="yes"; else permit="no"; fi
> + printf "set /files/etc/ssh/sshd_config/PasswordAuthentication ${permit}\n" > $config
> + cat $config | augtool
augtool <<EOF
set /files/etc/ssh/sshd_config/PasswordAuthentication ${permit}
EOF
> +
> + service sshd restart
reload should be enough
> +}
> +
> +toggle_ssh () {
> + local prompt=$1
> +
> + printf "\nToggle SSH\n\n"
> +
> + while true; do
> + read -ep "${prompt} (y/n)? "
ask_yes_or_no instead?
> + case $REPLY in
> + Y|y) toggle_ssh_access true; return;;
> + N|n) toggle_ssh_access false; return;;
> + esac
> + done
> +}
> +
> +PASSWORD="Set administrator password"
> +SSH="Enable SSH password authentication"
should be "Toggle SSH" - otherwise need to make it dynamic and change the label
> +QUIT="Quit and Return To Menu"
> +
> +while true; do
> + state="disabled"
> + prompt="Enable SSH access"
> + grep "^PasswordAuthentication\ *yes" /etc/ssh/sshd_config > /dev/null
leave parsing config files to augeas:
+ augtool get /files/etc/ssh/sshd_config/PasswordAuthentication|grep -q yes$
yes, still need grep b/c shell programming sucks but parsing is out
> + if [ $? == 0 ]; then
> + state="enabled"
> + prompt="Leave SSH access enabled"
> + fi
> + printf "\nSSH password authentication is currently ${state}.\n\n"
> +
> + PS3="Please select an option: "
> + select option in "$PASSWORD" "$SSH" "$QUIT"
> + do
> + case $option in
> + $PASSWORD) set_password; break;;
> + $SSH) toggle_ssh "$prompt"; break;;
> + $QUIT) exit;;
> + esac
> + done
> +
> + printf "\n"
> +done
More information about the ovirt-devel
mailing list