|
|
|
@ -268,7 +268,7 @@ echo "echo \"Done.\"" >> /mnt/setup-chroot.sh
|
|
|
|
|
|
|
|
|
|
|
|
# network configuration should have optional static configuration - not just DHCP, it's very important
|
|
|
|
# network configuration should have optional static configuration - not just DHCP, it's very important
|
|
|
|
|
|
|
|
|
|
|
|
echo "systemctl unmask networking && systemctl enable networking 2>&1 1>/dev/null" >> /mnt/setup-chroot.sh
|
|
|
|
echo "systemctl unmask networking 2>&1 1>/dev/null && systemctl enable networking 2>&1 1>/dev/null" >> /mnt/setup-chroot.sh
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# configure docker storage to use zfs
|
|
|
|
# configure docker storage to use zfs
|
|
|
|
@ -387,9 +387,9 @@ echo 'echo ""' >> /mnt/setup-chroot.sh
|
|
|
|
echo 'echo "Enabling SSH..."'>> /mnt/setup-chroot.sh
|
|
|
|
echo 'echo "Enabling SSH..."'>> /mnt/setup-chroot.sh
|
|
|
|
|
|
|
|
|
|
|
|
echo "sed -ir 's/^ *#? *ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^ *#? *ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^ *#? *PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^#PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^ *#? *UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^UsePAM.*/UsePAM no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^ *#? *PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
echo "sed -ir 's/^#PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config" >> /mnt/setup-chroot.sh
|
|
|
|
|
|
|
|
|
|
|
|
echo "errors=\$(systemctl enable ssh 2>&1 1>/dev/null)">> /mnt/setup-chroot.sh
|
|
|
|
echo "errors=\$(systemctl enable ssh 2>&1 1>/dev/null)">> /mnt/setup-chroot.sh
|
|
|
|
#&& ufw allow in on any from any to any port 22 proto tcp 2>&1 1>/dev/null
|
|
|
|
#&& ufw allow in on any from any to any port 22 proto tcp 2>&1 1>/dev/null
|
|
|
|
@ -481,11 +481,10 @@ echo "echo \"Done.\"" >> /mnt/setup-chroot.sh
|
|
|
|
|
|
|
|
|
|
|
|
# add the firewall rule for SSH, but there may already be an exception for this, test the network in the live environment
|
|
|
|
# add the firewall rule for SSH, but there may already be an exception for this, test the network in the live environment
|
|
|
|
|
|
|
|
|
|
|
|
sed -ir 's/### RULES ###/### RULES ###\n-A ufw-user-input -i br0 -p tcp --dport 22 -j ACCEPT/g' /mnt/etc/ufw/user.rules
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
echo "Opening SSH port on firewall..."
|
|
|
|
exit 0
|
|
|
|
sed -ir 's/### RULES ###/### RULES ###\n-A ufw-user-input -i br0 -p tcp --dport 22 -j ACCEPT/g' /mnt/etc/ufw/user.rules 2>&1 1>/dev/null
|
|
|
|
|
|
|
|
echo "Done."
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# commented out for debugging
|
|
|
|
# commented out for debugging
|
|
|
|
echo ""
|
|
|
|
echo ""
|
|
|
|
|
sean
7 years ago