check_sshpermitrootno: Always specify lport
When sshd listens two ports (usually 22 and another one), the sshd -T command will fail if lport is not specified. This commit also simplifies the if-elif block.
This commit is contained in:
parent
7041505446
commit
ace7a76d90
|
@ -1201,16 +1201,10 @@ check_usrsharescripts() {
|
||||||
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be $expected"
|
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be $expected"
|
||||||
}
|
}
|
||||||
check_sshpermitrootno() {
|
check_sshpermitrootno() {
|
||||||
sshd_args="-C addr=,user=,host=,laddr=,lport=0"
|
# You could change the SSH port in /etc/evocheck.cf
|
||||||
if is_debian_stretch; then
|
sshd_args="-C addr=,user=,host=,laddr=,lport=${SSH_PORT:-22}"
|
||||||
# Noop, we'll use the default $sshd_args
|
if is_debian_buster; then
|
||||||
:
|
|
||||||
elif is_debian_buster; then
|
|
||||||
sshd_args="${sshd_args},rdomain="
|
sshd_args="${sshd_args},rdomain="
|
||||||
else
|
|
||||||
# NOTE: From Debian Bullseye 11 onward, with OpenSSH 8.1, the argument
|
|
||||||
# -T doesn't require the additional -C.
|
|
||||||
sshd_args=
|
|
||||||
fi
|
fi
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
if ! (sshd -T ${sshd_args} 2> /dev/null | grep -qi 'permitrootlogin no'); then
|
if ! (sshd -T ${sshd_args} 2> /dev/null | grep -qi 'permitrootlogin no'); then
|
||||||
|
|
Loading…
Reference in a new issue