From 66d0f71e83cba5817f883980135bcb4390e8dd3c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 11 Jun 2019 11:48:39 +0200 Subject: [PATCH] Add template for sshd_config --- WAPT/control | 2 +- setup.py | 33 +++++++++++++++++++++++++++++++-- sshd_config.j2 | 6 ++++++ 3 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 sshd_config.j2 diff --git a/WAPT/control b/WAPT/control index ceba1ee..4d49240 100644 --- a/WAPT/control +++ b/WAPT/control @@ -1,5 +1,5 @@ package : fws-openssh -version : 7.9.0.0-2 +version : 7.9.0.0-5 architecture : all section : base priority : optional diff --git a/setup.py b/setup.py index 5d580e6..dc270d1 100644 --- a/setup.py +++ b/setup.py @@ -1,8 +1,22 @@ # -*- coding: utf-8 -*- from setuphelpers import * import requests,json +from jinja2 import Environment, FileSystemLoader uninstallkey = [] +variables = { + 'ssh_password_auth': False, + 'ssh_append_ciphers': True, + 'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ] +} + +# Read local variables file if available +if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')): + print('Reading local encrypted variables file') + from cryptography.fernet import Fernet + import yaml + f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read()) + variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read()))) def install(): print('Installing OpenSSH') @@ -31,8 +45,23 @@ def install(): run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"') run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes') - print(' Starting the service') - service_start('sshd') + print(' Deploy sshd_config') + jinja2 = Environment( + loader=FileSystemLoader('.'), + trim_blocks=True + ) + open(makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh','sshd_config'),'w').write( + jinja2.get_template('sshd_config.j2').render( + ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']), + ssh_password_auth = variables['ssh_password_auth'] + ) + ) + + print(' (Re)starting the service') + if service_is_running('sshd'): + service_restart('sshd') + else: + service_start('sshd') print(r' Enabling sshd service on boot') run('sc config sshd start= auto') diff --git a/sshd_config.j2 b/sshd_config.j2 new file mode 100644 index 0000000..bab9ba1 --- /dev/null +++ b/sshd_config.j2 @@ -0,0 +1,6 @@ +AuthorizedKeysFile .ssh/authorized_keys +Subsystem sftp sftp-server.exe +{% if ssh_ciphers | length > 0 %} +Ciphers {{ ssh_ciphers }} +{% endif %} +PasswordAuthentication {{ 'yes' if ssh_password_auth == True else 'no' }} \ No newline at end of file