allow root ssh access (with certs only)

nothub · Nov 25, 2023 · ab5aa09 · ab5aa09
1 parent 7839617
commit ab5aa09
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/configs/sshd_config b/configs/sshd_config
@@ -15,7 +15,7 @@ LogLevel VERBOSE
 # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
 Subsystem sftp  /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
 
-PermitRootLogin No
+PermitRootLogin without-password
 LoginGraceTime 1m
 UseDNS no
 PrintMotd no

diff --git a/installer/late.sh b/installer/late.sh
@@ -30,11 +30,16 @@ cp -a "/cdrom/configs/issue"       "${prefix}/etc/issue"
 cp -a "/cdrom/configs/motd"        "${prefix}/etc/motd"
 cp -a "/cdrom/configs/sshd_config" "${prefix}/etc/ssh/sshd_config"
 
-# authorize ssh keys
+# authorize ssh keys for root user
+mkdir -p  "${prefix}/root/.ssh"
+chmod 700 "${prefix}/root/.ssh"
+cp -a "/cdrom/configs/authorized_keys" "${prefix}/root/.ssh/authorized_keys"
+chmod 640 "${prefix}/root/.ssh/authorized_keys"
+# authorize ssh keys for admin user
 mkdir -p  "${prefix}/home/${admin}/.ssh"
 chmod 700 "${prefix}/home/${admin}/.ssh"
 cp -a "/cdrom/configs/authorized_keys" "${prefix}/home/${admin}/.ssh/authorized_keys"
-chmod 644 "${prefix}/home/${admin}/.ssh/authorized_keys"
+chmod 640 "${prefix}/home/${admin}/.ssh/authorized_keys"
 
 # reset user homedir owner
 chown -R "1000:1000" "${prefix}/home/${admin}"