evolix/evoadmin-web
22
0
Fork 1
Code Issues 31 Pull requests 4 Releases 1 Wiki Activity

Fix ssh group membership. #94

Merged
lpoujol merged 1 commit from fix-ssh-memebership into unstable 2024-04-16 17:55:10 +02:00
Conversation 3 Commits 1 Files changed 1 +5 -7
bwaegeneire commented 2024-03-25 14:21:44 +01:00
Owner
Copy link

We now use split SSH configuration files, so the user was never a member
of the ssh group on newly installed systems. This change don't modify
the SSH configuration of new systems since evolinux-ssh members' are
already allowed to connect by SSH.

We now use split SSH configuration files, so the user was never a member of the ssh group on newly installed systems. This change don't modify the SSH configuration of new systems since evolinux-ssh members' are already allowed to connect by SSH.
bwaegeneire added 1 commit 2024-03-25 14:21:47 +01:00
e66b095733 Fix ssh group membership. 
We now use split SSH configuration files, so the user was never a member
of the ssh group on newly installed systems. This change don't modify
the SSH configuration of new systems since evolinux-ssh members' are
already allowed to connect by SSH.
lpoujol commented 2024-03-27 10:52:56 +01:00
Owner
Copy link

Hey

I had a fix in the works, but you were faster to push. Thanks !
We took different paths as I adapted the grep command to go recursively, hence not changing the initial logic of the script and just broadening it to englobe old and new configuration ways

It was a simple :

grep -rqE '^AllowGroups' /etc/ssh/sshd_config*

The question would remain for the AllowUsers cases, the grep could be extended, but then we need to change the right file, otherwise we'd break the ssh config. Unless we decide that AllowUsers is exclusively in /etc/ssh/sshd_config

PS : Beware of the missing dash in the usermod command (for the --group argument)

Hey I had a fix in the works, but you were faster to push. Thanks ! We took different paths as I adapted the grep command to go recursively, hence not changing the initial logic of the script and just broadening it to englobe old and new configuration ways It was a simple : ``` grep -rqE '^AllowGroups' /etc/ssh/sshd_config* ``` The question would remain for the _AllowUsers_ cases, the grep could be extended, but then we need to change the right file, otherwise we'd break the ssh config. Unless we decide that _AllowUsers_ is exclusively in `/etc/ssh/sshd_config` PS : Beware of the missing dash in the usermod command (for the `--group` argument)
lpoujol reviewed 2024-03-27 11:03:18 +01:00
scripts/web-add.sh Outdated
@ -373,1 +367,4 @@
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
else
if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then
usermod --append -groups "$SSH_GROUP" "$in_login"
lpoujol commented 2024-03-27 11:03:18 +01:00
Owner
Copy link

This wont work (missing '-' in group argument)

This wont work (missing '-' in group argument)
bwaegeneire commented 2024-04-03 16:25:16 +02:00
Author
Owner
Copy link

Fixed.

Fixed.
bwaegeneire marked this conversation as resolved
bwaegeneire force-pushed fix-ssh-memebership from e66b095733 to c9ba84107f 2024-04-03 16:24:45 +02:00 Compare
bwaegeneire force-pushed fix-ssh-memebership from c9ba84107f to 99741826f6 2024-04-03 16:29:18 +02:00 Compare
bwaegeneire commented 2024-04-03 16:31:31 +02:00
Author
Owner
Copy link

We had a chat with @lpoujol about the implementation. I added the missing dash to the --groups options.

This can be merged as if, or if some one want it add /etc/ssh/sshd_config.d/*.conf after /etc/ssh/sshd_config.

We had a chat with @lpoujol about the implementation. I added the missing dash to the `--groups` options. This can be merged as if, or if some one want it add `/etc/ssh/sshd_config.d/*.conf` after `/etc/ssh/sshd_config`.
lpoujol changed target branch from master to unstable 2024-04-16 17:54:06 +02:00
lpoujol commented 2024-04-16 17:54:43 +02:00
Owner
Copy link

Works for me.

Let's go forward with that

Works for me. Let's go forward with that
lpoujol merged commit b014f1584a into unstable 2024-04-16 17:55:10 +02:00
lpoujol referenced this pull request from a commit 2024-04-16 17:59:05 +02:00
Update CHANGELOG.md
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
Bug

Fixing or reporting bugs

  
Doc

Things that needs to be documented (use and/or dev)

  
Feature

Adding new features

  
Forge

Issues imported from https://forge.evolix.org/projects/evoadmin-web/issues

Archived

  
Mode
Cluster

  
Mode
MultiPHP

  
Script

Code that can be run both on the command line or by evoadmin

  
Server

Server configuration

  
Web

Code that is run on or by the http server.

  
wontfix
No labels
Bug
Doc
Feature
Forge
Mode
Cluster
Mode
MultiPHP
Script
Server
Web
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: evolix/evoadmin-web#94
No description provided.
Delete branch "fix-ssh-memebership"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?