42 lines
1.1 KiB
Haskell
42 lines
1.1 KiB
Haskell
module Property.Ssh where
|
|
|
|
import Control.Applicative
|
|
import Control.Monad
|
|
import System.FilePath
|
|
|
|
import Property
|
|
import Property.User
|
|
import Utility.SafeCommand
|
|
import Utility.Exception
|
|
|
|
sshBool :: Bool -> String
|
|
sshBool True = "yes"
|
|
sshBool False = "no"
|
|
|
|
sshdConfig :: FilePath
|
|
sshdConfig = "/etc/ssh/sshd_config"
|
|
|
|
setSshdConfig :: String -> Bool -> Property
|
|
setSshdConfig setting allowed = combineProperties desc
|
|
[ lineNotInFile sshdConfig (setting ++ sshBool (not allowed))
|
|
, lineInFile sshdConfig (setting ++ sshBool allowed)
|
|
] `onChange` restartSshd
|
|
where
|
|
desc = unwords [ "ssh config:", setting, sshBool allowed ]
|
|
|
|
permitRootLogin :: Bool -> Property
|
|
permitRootLogin = setSshdConfig "PermitRootLogin"
|
|
|
|
passwordAuthentication :: Bool -> Property
|
|
passwordAuthentication = setSshdConfig "PasswordAuthentication"
|
|
|
|
hasAuthorizedKeys :: UserName -> IO Bool
|
|
hasAuthorizedKeys = go <=< homedir
|
|
where
|
|
go Nothing = return False
|
|
go (Just home) = not . null <$> catchDefaultIO ""
|
|
(readFile $ home </> ".ssh" </> "authorized_keys")
|
|
|
|
restartSshd :: Property
|
|
restartSshd = CmdProperty "ssh restart" "service" [Param "sshd", Param "restart"]
|