Browse Source

Add template for sshd_config

master
Daniel Berteaud 1 month ago
parent
commit
66d0f71e83
3 changed files with 38 additions and 3 deletions
  1. 1
    1
      WAPT/control
  2. 31
    2
      setup.py
  3. 6
    0
      sshd_config.j2

+ 1
- 1
WAPT/control View File

@@ -1,5 +1,5 @@
1 1
 package           : fws-openssh
2
-version           : 7.9.0.0-2
2
+version           : 7.9.0.0-5
3 3
 architecture      : all
4 4
 section           : base
5 5
 priority          : optional

+ 31
- 2
setup.py View File

@@ -1,8 +1,22 @@
1 1
 # -*- coding: utf-8 -*-
2 2
 from setuphelpers import *
3 3
 import requests,json
4
+from jinja2 import Environment, FileSystemLoader
4 5
 
5 6
 uninstallkey = []
7
+variables = {
8
+    'ssh_password_auth': False,
9
+    'ssh_append_ciphers': True,
10
+    'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
11
+}
12
+
13
+# Read local variables file if available
14
+if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
15
+    print('Reading local encrypted variables file')
16
+    from cryptography.fernet import Fernet
17
+    import yaml
18
+    f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
19
+    variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
6 20
 
7 21
 def install():
8 22
     print('Installing OpenSSH')
@@ -31,8 +45,23 @@ def install():
31 45
     run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
32 46
     run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')
33 47
 
34
-    print('    Starting the service')
35
-    service_start('sshd')
48
+    print('    Deploy sshd_config')
49
+    jinja2 = Environment(
50
+        loader=FileSystemLoader('.'),
51
+        trim_blocks=True
52
+    )
53
+    open(makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh','sshd_config'),'w').write(
54
+        jinja2.get_template('sshd_config.j2').render(
55
+            ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
56
+            ssh_password_auth = variables['ssh_password_auth']
57
+        )
58
+    )
59
+
60
+    print('    (Re)starting the service')
61
+    if service_is_running('sshd'):
62
+        service_restart('sshd')
63
+    else:
64
+        service_start('sshd')
36 65
 
37 66
     print(r'    Enabling sshd service on boot')
38 67
     run('sc config sshd start= auto')

+ 6
- 0
sshd_config.j2 View File

@@ -0,0 +1,6 @@
1
+AuthorizedKeysFile	.ssh/authorized_keys
2
+Subsystem	sftp	sftp-server.exe
3
+{% if ssh_ciphers | length > 0 %}
4
+Ciphers	{{ ssh_ciphers }}
5
+{% endif %}
6
+PasswordAuthentication {{ 'yes' if ssh_password_auth == True else 'no' }}

Loading…
Cancel
Save