diff options
| author | Shulhan <ms@kilabit.info> | 2022-07-01 00:09:12 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2022-07-25 19:29:22 +0700 |
| commit | e5d68bdf0d8e73160bbb270eb730b0f5ea441803 (patch) | |
| tree | 82a1df4139d338553063c9cf1b4b7a03a86342d9 /build-arch-gce | |
| parent | 96a26cb01a019ca13b8054448373ac6700792cd4 (diff) | |
| download | compute-archlinux-image-builder-e5d68bdf0d8e73160bbb270eb730b0f5ea441803.tar.xz | |
all: use drop-ins replacement for configuring ssh server
Using this method give more flexibility to user that need to build
image with custom SSH server configuration.
Diffstat (limited to 'build-arch-gce')
| -rwxr-xr-x | build-arch-gce | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/build-arch-gce b/build-arch-gce index 81b938a..a1db33c 100755 --- a/build-arch-gce +++ b/build-arch-gce @@ -110,6 +110,10 @@ echo '-- Configuring journald.' mkdir -p $mount_dir/etc/systemd/journald.conf.d cp ./sys/etc/systemd/journald.conf.d/00-google.conf $mount_dir/etc/systemd/journald.conf.d/ +## Disable password authentication and root login on SSH server. +echo '-- Configuring ssh.' +cp ./sys/etc/ssh/sshd_config $mount_dir/etc/ssh/ + arch-chroot -- "$mount_dir" /bin/bash -s <<-'EOS' set -eEuo pipefail trap 'echo "Error: \`$BASH_COMMAND\` exited with status $?"' ERR @@ -121,11 +125,7 @@ arch-chroot -- "$mount_dir" /bin/bash -s <<-'EOS' echo '-- Running locale-gen.' locale-gen - echo '-- Configuring ssh.' - gawk -i assert -i inplace ' - /^#PasswordAuthentication / { $0 = "PasswordAuthentication no"; ++f1 } - /^#PermitRootLogin / { $0 = "PermitRootLogin no"; ++f2 } - { print } END { assert(f1 * f2 == 1, "f == 1") }' /etc/ssh/sshd_config + echo '-- Enabling sshd service.' systemctl --quiet enable sshd.service echo '-- Configuring pacman.' |