blob: b63fbd7dc8dd13b01f49ab071e95968ea0f5cc4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#! /bin/sh
set -e
testuser="testuser$$"
adduser --quiet --disabled-password --gecos "" "$testuser"
sudo -u "$testuser" mkdir -m700 "/home/$testuser/.ssh"
sudo -u "$testuser" \
ssh-keygen -t ed25519 -N '' -f "/home/$testuser/.ssh/id_ed25519"
sudo -u "$testuser" \
cp "/home/$testuser/.ssh/id_ed25519.pub" \
"/home/$testuser/.ssh/authorized_keys"
cleanup () {
if [ $? -ne 0 ]; then
echo "## Something failed"
echo
echo "## ssh server log"
journalctl -b -u ssh.service --lines 100
fi
}
trap cleanup EXIT
cat >/etc/xinetd.d/sshd <<EOF
service ssh
{
id = sshd
disable = no
type = UNLISTED
port = 22
socket_type = stream
wait = no
user = root
server = /usr/sbin/sshd
server_args = -i -4
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
}
EOF
mkdir -p /etc/systemd/system/xinetd.service.d
cat >/etc/systemd/system/xinetd.service.d/sshd.conf <<EOF
[Service]
RuntimeDirectory=sshd
EOF
systemctl daemon-reload
systemctl disable --now ssh.service
systemctl reload xinetd.service
sudo -u "$testuser" \
ssh -oStrictHostKeyChecking=accept-new "$testuser@localhost" date
|
