WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: edit ssh_config and sshd_config  (Read 3012 times)

Offline Pengo

  • Newbie
  • *
  • Posts: 30
edit ssh_config and sshd_config
« on: January 12, 2016, 06:16:03 AM »
Hi,

First of all big thumbs up for piCore 7rc2; it's working fine  (except for the already covered openssl update issue).

I am running 7rc2 as a mini server, serving 3 websites on 3 different ipaddresses / interfaces. All working absolutely fine!!

For administration purposes I want to restrict ssh logins to one of these ip addfresses (thus make the ListenAddress specific in sshd_config)

I see however that the /usr/local/etc/ssh/sshd_config is not editable.
Now my question; What is the cleanest way to solve this issue and be able to change the sshd_config?

Kind regards,
Pengo

Offline patrikg

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 711
Re: edit ssh_config and sshd_config
« Reply #1 on: January 12, 2016, 07:07:29 AM »
Have you tried sudo ?
And not to forget to add this files into your backup files list file.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14799
Re: edit ssh_config and sshd_config
« Reply #2 on: January 12, 2016, 07:11:49 AM »
You can create a (or add to an existing) start-up script in the extension that looks something like this:
Code: [Select]
#!/bin/sh

if [ ! -d /usr/local/etc/app_name ]; then
  mkdir -p /usr/local/etc/app_name
fi

if [ ! -f /usr/local/etc/app_name/app.conf ]; then
  cp -p /usr/local/share/app_name/files/app.conf /usr/local/etc/app_name
fi

Where app.conf is the default config file for the app.

Offline Pengo

  • Newbie
  • *
  • Posts: 30
Re: edit ssh_config and sshd_config
« Reply #3 on: January 12, 2016, 07:17:21 AM »
Hi patrikg,

Thanks for your reply.

Indeed i tried sudo and also added to to list of files to backup.
But the sshd_config is not editable (it's a link to a file in /tmp/tcloop/openssh/usr/local/etc/ssh/sshd_config  ; hence coming from the openssh extension and I guess therefor not editable?).

I saw a reply from Juanito in the meantime; will try that one later...  (which also seems to be advised in the corebook)

Next to that (now that I think of it) I can also call sshd with commandline overides (-o ListenAddress-x.x.x.x -o port=yyyy)

Pengo
« Last Edit: January 12, 2016, 07:42:32 AM by Pengo »

Offline Misalf

  • Hero Member
  • *****
  • Posts: 1702
Re: edit ssh_config and sshd_config
« Reply #4 on: January 12, 2016, 07:44:23 AM »
sudo cp  from the extensions mount point to the actual directory, overwriting the symlink with the real file, then edit and backup.
Download a copy and keep it handy: Core book ;)

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14799
Re: edit ssh_config and sshd_config
« Reply #5 on: January 12, 2016, 07:46:45 AM »
This will only work until the next reboot when the extension will overwrite the backup - hence the start-up script above.

Offline Pengo

  • Newbie
  • *
  • Posts: 30
Re: edit ssh_config and sshd_config
« Reply #6 on: January 12, 2016, 08:01:18 AM »
for now i changed /opt/bootlocal.sh to call sshd like this:

/usr/local/sbin/sshd -o ListenAddress=x.x.x.x -o port=yyy

after backup; reboot; this seems to work 
It's not the cleanest solution; that one came from Juanito but fit for purpose for now.

Thanks to all people who replied!

Kind regards,
Pengo

Offline Misalf

  • Hero Member
  • *****
  • Posts: 1702
Re: edit ssh_config and sshd_config
« Reply #7 on: January 12, 2016, 08:17:00 AM »
Glad you got it working.

This will only work until the next reboot when the extension will overwrite the backup - hence the start-up script above.
That confuses me. Isn't the opposite is true? Extensions don't replace files (apart from their startup scripts possibly, but they should as well only  [ ! -f ... ] && cp ... ) and restoration of the backup is done after extension loading.
Download a copy and keep it handy: Core book ;)

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14799
Re: edit ssh_config and sshd_config
« Reply #8 on: January 12, 2016, 11:51:44 PM »
I wasn't thinking of extensions loaded on boot, but those loaded at some random point later  :)