diff options
author | Patrick Spek <p.spek@tyil.nl> | 2022-08-30 04:11:27 +0200 |
---|---|---|
committer | Patrick Spek <p.spek@tyil.nl> | 2022-08-30 04:11:27 +0200 |
commit | 801ea22dcac551b33b8f3c3007431bc0c896b939 (patch) | |
tree | 27960ad39001f5a68e6776cdea79a43d04585459 /playbooks.d/ssh/playbook.bash | |
parent | bad3514384cb3d8d08f13fdec684a54e47700357 (diff) |
Update SSH config
Credits to
https://www.monotux.tech/posts/2021/11/maximize-ssh-audit-score/
Diffstat (limited to 'playbooks.d/ssh/playbook.bash')
-rw-r--r-- | playbooks.d/ssh/playbook.bash | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash index e9b28d5..12f6bb6 100644 --- a/playbooks.d/ssh/playbook.bash +++ b/playbooks.d/ssh/playbook.bash @@ -17,6 +17,14 @@ playbook_sync() { "sftp=$(config "ssh.sftp")" \ > /etc/ssh/sshd_config + # Generate stronger keys if needed + if (( $(ssh_key_size "$(config "fs.etcdir")/ssh/ssh_host_rsa_key") < 4096 )) + then + warn "$BASHTARD_PLAYBOOK" "Generating new RSA SSH host key" + rm -f -- "$(config "fs.etcdir")/ssh/ssh_host_rsa_key" + ssh-keygen -t rsa -b 4096 -f "$(config "fs.etcdir")/ssh/ssh_host_rsa_key" -N "" + fi + info "$BASHTARD_PLAYBOOK" "Generating MotD" file_template "motd" \ "fqdn=${BASHTARD_PLATFORM[fqdn]}" \ @@ -32,3 +40,13 @@ playbook_del() { svc stop "sshd" svc disable "sshd" } + +ssh_key_size() { + if [[ ! -f "$1" ]] + then + printf "0" + return + fi + + ssh-keygen -l -f "$1" | awk '{ print $1 }' +} |