From f9e0d09ec0082a096dcd4980bc5ffebe8e3139ae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 10:17:32 +0200 Subject: [PATCH 1/7] Changelog: Add SSH mode. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ff70e6e5..3d1e7640d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [unreleased] ### Added +- Optional SSH access mode. - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support. - LDAP authentication - External OAuth provider authentication From b6cf62ddeab04db6bd2695c5537c81e0fb1aecaf Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 10:28:50 +0200 Subject: [PATCH 2/7] Mix: Don't start esshd application if we don't need it. --- mix.exs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index 95c052c34..bc5b6204f 100644 --- a/mix.exs +++ b/mix.exs @@ -40,9 +40,16 @@ def project do # # Type `mix help compile.app` for more information. def application do + extra_applications = [:logger, :runtime_tools, :comeonin, :quack] + extra_applications = if Application.get_env(:esshd, :enabled, false) do + [:esshd | extra_applications] + else + extra_applications + end + [ mod: {Pleroma.Application, []}, - extra_applications: [:logger, :runtime_tools, :comeonin, :esshd, :quack], + extra_applications: extra_applications, included_applications: [:ex_syslogger] ] end From db9a82d168cfc452611a44d92df2b81a5e6d1e69 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 10:40:15 +0200 Subject: [PATCH 3/7] Linting. --- mix.exs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mix.exs b/mix.exs index bc5b6204f..25ec46a46 100644 --- a/mix.exs +++ b/mix.exs @@ -41,11 +41,13 @@ def project do # Type `mix help compile.app` for more information. def application do extra_applications = [:logger, :runtime_tools, :comeonin, :quack] - extra_applications = if Application.get_env(:esshd, :enabled, false) do - [:esshd | extra_applications] - else - extra_applications - end + + extra_applications = + if Application.get_env(:esshd, :enabled, false) do + [:esshd | extra_applications] + else + extra_applications + end [ mod: {Pleroma.Application, []}, From b22145cbc40b57cf83f6389f063a76a03625ff16 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 10:44:26 +0200 Subject: [PATCH 4/7] Documentation: Specify PEM format for SSH keys. Otherwise openssh-client 7.9 will generate a different format that can't be used by esshd. --- docs/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/config.md b/docs/config.md index 197326bbd..63ca61d1e 100644 --- a/docs/config.md +++ b/docs/config.md @@ -477,7 +477,7 @@ config :esshd, password_authenticator: "Pleroma.BBS.Authenticator" ``` -Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT` +Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -m PEM -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT` ## :auth From 3b12e1ba7c99382c678ce17629352135f44dcb9f Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 11:01:10 +0200 Subject: [PATCH 5/7] Changelog: Add tip for debian users. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d1e7640d..b88edd072 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [unreleased] ### Added -- Optional SSH access mode. +- Optional SSH access mode. (Needs `erlang-ssh` package on Debian). - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support. - LDAP authentication - External OAuth provider authentication From f323031927ecaf155e661b17cc9b96333fb9e4ad Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 May 2019 12:57:20 +0200 Subject: [PATCH 6/7] Mix: Only start sshd when needed, second try. --- mix.exs | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/mix.exs b/mix.exs index 25ec46a46..b2c075c85 100644 --- a/mix.exs +++ b/mix.exs @@ -40,18 +40,9 @@ def project do # # Type `mix help compile.app` for more information. def application do - extra_applications = [:logger, :runtime_tools, :comeonin, :quack] - - extra_applications = - if Application.get_env(:esshd, :enabled, false) do - [:esshd | extra_applications] - else - extra_applications - end - [ mod: {Pleroma.Application, []}, - extra_applications: extra_applications, + extra_applications: [:logger, :runtime_tools, :comeonin, :quack], included_applications: [:ex_syslogger] ] end @@ -129,7 +120,7 @@ defp deps do {:recon, github: "ferd/recon", tag: "2.4.0"}, {:quack, "~> 0.1.1"}, {:benchee, "~> 1.0"}, - {:esshd, "~> 0.1.0"}, + {:esshd, "~> 0.1.0", runtime: Application.get_env(:esshd, :enabled, false)}, {:ex_rated, "~> 1.2"}, {:plug_static_index_html, "~> 1.0.0"}, {:excoveralls, "~> 0.11.1", only: :test} From 78ac8ee56139ed98625c54ce627eb37047a361f0 Mon Sep 17 00:00:00 2001 From: lambda Date: Wed, 22 May 2019 11:07:51 +0000 Subject: [PATCH 7/7] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b88edd072..bb2306fc4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [unreleased] ### Added -- Optional SSH access mode. (Needs `erlang-ssh` package on Debian). +- Optional SSH access mode. (Needs `erlang-ssh` package on some distributions). - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support. - LDAP authentication - External OAuth provider authentication