Merge branch 'master' of dark/ssh-reg into master

master
phre4k 5 years ago committed by Gitea
commit d79e06a70e

@ -0,0 +1,49 @@
FROM python:3-slim
MAINTAINER n1trux
RUN apt-get update &&\
apt-get -y upgrade &&\
DEBIAN_FRONTEND=noninteractive apt-get -y install \
nano rsync openssh-server acl
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# private/{scripts, administrate.py}, public/{scripts, userapplications.py}, config/userapplicatonsconfig.ini
#configs, logs, db
COPY config/applicationsconfig.ini /app/data/applicationsconfig.ini
# admin scripts
COPY private/ /app/admin/
# user accessible scripts
# Make TILDE_ENV
COPY public/ /app/user/
#SSH config into /etc :)
COPY config/etc /etc
# create user for applications
RUN useradd -Md /app/user/ -s /app/user/userapplication.py tilde
# make tilde's password empty
RUN passwd -d tilde
RUN usermod -U tilde
# add admin user
RUN useradd -Md /app/admin -s /app/admin/administrate.py admin
# privilege separation directory
RUN mkdir -p /var/run/sshd
# expose SSH port
EXPOSE 22
ENV TILDE_CONF="/app/data/applicationsconfig.ini"
#COPY config/environment /app/user/.ssh/environment
RUN mkdir /app/user/.ssh
RUN echo TILDE_CONF=$TILDE_CONF > /app/user/.ssh/environment
RUN touch /app/data/applications.sqlite
RUN touch /app/data/applications.log
# Doesnt work, @TODO why
#RUN setfacl -R -m u:tilde:rwx /app/data/
RUN chown -R tilde /app/data
CMD ["/usr/sbin/sshd", "-D"]

@ -0,0 +1,23 @@
[DEFAULT]
base_path=/app/data/
applications_db=%(base_path)sapplications.sqlite
log_dir=/app/data/
log_file=%(log_dir)sapplications.log
user_creationscript=%(base_path)s/scripts/make-tilde-user.sh
[USERS]
UserGroup=tilde
userPWLock=yes
chmodPerms=0o700
chmodParams=-Rv
chownParams=%(chmodParams)s
chownGroups=%(UserGroup)s:%(UserGroup)s
[LOG_LEVEL]
log_level=%(log_debug)s
log_notset=0
log_debug=10
log_info=20
log_warning=30
log_error=40
lo0g_critical=50

@ -0,0 +1 @@
TILDE_CONF=/app/data/applicationsconfig.ini

@ -0,0 +1,29 @@
MAIL_DIR /var/mail
FAILLOG_ENAB yes
LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
FTMP_FILE /var/log/btmp
SU_NAME su
HUSHLOGIN_FILE .hushlogin
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
TTYGROUP tty
TTYPERM 0600
ERASECHAR 0177
KILLCHAR 025
UMASK 022
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
UID_MIN 100000
UID_MAX 165536
GID_MIN 100000
GID_MAX 165536
LOGIN_RETRIES 5
LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
DEFAULT_HOME yes
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

@ -0,0 +1,11 @@
UseDNS no
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PermitUserEnvironment yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server
Match User tilde
PermitEmptyPasswords yes

@ -0,0 +1,11 @@
#!/bin/bash
cut -d: -f1 /etc/passwd | grep test > deltest.txt
while read name; do
userdel "$name"
rm -rf /home/$name
if [ "$#" -eq 1 ]; then
sqlite3 -batch $1 "DELETE FROM applications WHERE username = '$name'"
fi
done < deltest.txt
rm -f deltest.txt

@ -0,0 +1,23 @@
#!/bin/env bash
USERNAME=$1
REALNAME=$2
EMAIL=$3
PUBKEY=$4
adduser $USERNAME
# empty password
usermod --lock $USERNAME
# add to tilde group
usermod -a -G tilde $USERNAME
# paste ssh key
mkdir /home/$USERNAME/.ssh
echo $PUBKEY >/home/$USERNAME/.ssh/authorized_keys
# fix perms
chmod -Rv 700 /home/$USERNAME/.ssh/
chown -Rv $USERNAME:$USERNAME /home/$USERNAME/.ssh/
echo "user created."
return 0

@ -0,0 +1,35 @@
#!/usr/bin/expect
expr {srand([clock seconds])} ;# initialize RNG
set username "testuser"
set mail "test@testmail.com"
set name "test Name"
set sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Tob2HvgKL5yns9BQpb/EJENR3UurMdhM9oc7tQ/USw/nIiisRDp4qmwqZM3kyl1RfkGoSiEALCogM693jl/2RO2MFLW/Da9WFuXwBmV4wMbQZQiZJCvqyMBW7uPHgfCXJ2E8T707Ixwv9S9gtmwgAqg/+x12C0fF7P45MpO3Mvc+6ZPdP5qg/GCaej67KHqfVTb4/OMrvHkRTlETFYVNj4B/uwuA7NxTi8YkCSKH+BGCLYDl95uISrHOxaKbeDb6OgkgdYS9ygg2F7r3S36n8woLdSXqJNpxx2zLgO8Ow9KE0paezyeQqPPjbYu6l8y2IAkKCWTHKTAQ6DFgcvAD darksider3@prism"
set y "y"
set random "[expr {int(rand() * 1000)}]"
spawn ./userapplication.py
expect "allowed:"
send "$username$random\r"
expect "full name:"
send "$name\r"
expect "email address:"
send "$random$mail\r"
expect "ssh public key:"
send "$sshkey\r"
expect "correct?*"
send "$y\r"
interact
spawn ./administrate.py
expect -glob "*-> "
send "1\r"
expect -glob "*->"
send "\r"
expect -glob "*-> "
send "A\r"
expect -glob "*..."
send "\r"
expect -glob "*-> "
send "4\r"
interact
Loading…
Cancel
Save