Add template for sshd_config

master
Daniel Berteaud 6 years ago
parent 747563b5bb
commit 66d0f71e83
  1. 2
      WAPT/control
  2. 33
      setup.py
  3. 6
      sshd_config.j2

@ -1,5 +1,5 @@
package : fws-openssh package : fws-openssh
version : 7.9.0.0-2 version : 7.9.0.0-5
architecture : all architecture : all
section : base section : base
priority : optional priority : optional

@ -1,8 +1,22 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from setuphelpers import * from setuphelpers import *
import requests,json import requests,json
from jinja2 import Environment, FileSystemLoader
uninstallkey = [] uninstallkey = []
variables = {
'ssh_password_auth': False,
'ssh_append_ciphers': True,
'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
}
# Read local variables file if available
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
print('Reading local encrypted variables file')
from cryptography.fernet import Fernet
import yaml
f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
def install(): def install():
print('Installing OpenSSH') print('Installing OpenSSH')
@ -31,8 +45,23 @@ def install():
run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"') run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes') run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')
print(' Starting the service') print(' Deploy sshd_config')
service_start('sshd') jinja2 = Environment(
loader=FileSystemLoader('.'),
trim_blocks=True
)
open(makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh','sshd_config'),'w').write(
jinja2.get_template('sshd_config.j2').render(
ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
ssh_password_auth = variables['ssh_password_auth']
)
)
print(' (Re)starting the service')
if service_is_running('sshd'):
service_restart('sshd')
else:
service_start('sshd')
print(r' Enabling sshd service on boot') print(r' Enabling sshd service on boot')
run('sc config sshd start= auto') run('sc config sshd start= auto')

@ -0,0 +1,6 @@
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp sftp-server.exe
{% if ssh_ciphers | length > 0 %}
Ciphers {{ ssh_ciphers }}
{% endif %}
PasswordAuthentication {{ 'yes' if ssh_password_auth == True else 'no' }}
Loading…
Cancel
Save