blob: 922aa09f5e21e07229d498ac2bec4e6e0c90c44b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/bin/sh
usage="$(basename "$0") [-h] [-d] -- Enable/Disable ssh for root user
where:
-h help
-d disable ssh and remove priv-admin permission for root user"
enable_ssh() {
if [ -e /etc/systemd/system/dropbear@.service ] &&
[ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
echo "SSH is already enabled"
else
cp /usr/share/misc/dropbear@.service /etc/systemd/system/dropbear@.service
cp /usr/share/misc/dropbear.socket /etc/systemd/system/dropbear.socket
ln -s /etc/systemd/system/dropbear.socket /etc/systemd/system/sockets.target.wants/dropbear.socket
groupmems -g priv-admin -a root
systemctl daemon-reload
systemctl restart dropbear.socket
echo "Enabled SSH service for root user successful"
fi
}
disable_ssh() {
if [ -e /etc/systemd/system/dropbear@.service ] &&
[ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
systemctl stop dropbear.socket
systemctl stop dropbear@*.service
rm -rf /etc/systemd/system/sockets.target.wants/dropbear.socket
rm -rf /etc/systemd/system/dropbear.socket
rm -rf /etc/systemd/system/dropbear@.service
groupmems -g priv-admin -d root
echo "SSH disabled"
else
echo "SSH is already disabled"
fi
}
case "$1" in
"-h")
echo ${usage}
;;
"-d")
disable_ssh
;;
*)
enable_ssh
;;
esac
|