summaryrefslogtreecommitdiff
path: root/playbooks.d/ssh/playbook.bash
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2022-08-30 04:11:27 +0200
committerPatrick Spek <p.spek@tyil.nl>2022-08-30 04:11:27 +0200
commit801ea22dcac551b33b8f3c3007431bc0c896b939 (patch)
tree27960ad39001f5a68e6776cdea79a43d04585459 /playbooks.d/ssh/playbook.bash
parentbad3514384cb3d8d08f13fdec684a54e47700357 (diff)
Update SSH config
Credits to https://www.monotux.tech/posts/2021/11/maximize-ssh-audit-score/
Diffstat (limited to 'playbooks.d/ssh/playbook.bash')
-rw-r--r--playbooks.d/ssh/playbook.bash18
1 files changed, 18 insertions, 0 deletions
diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash
index e9b28d5..12f6bb6 100644
--- a/playbooks.d/ssh/playbook.bash
+++ b/playbooks.d/ssh/playbook.bash
@@ -17,6 +17,14 @@ playbook_sync() {
"sftp=$(config "ssh.sftp")" \
> /etc/ssh/sshd_config
+ # Generate stronger keys if needed
+ if (( $(ssh_key_size "$(config "fs.etcdir")/ssh/ssh_host_rsa_key") < 4096 ))
+ then
+ warn "$BASHTARD_PLAYBOOK" "Generating new RSA SSH host key"
+ rm -f -- "$(config "fs.etcdir")/ssh/ssh_host_rsa_key"
+ ssh-keygen -t rsa -b 4096 -f "$(config "fs.etcdir")/ssh/ssh_host_rsa_key" -N ""
+ fi
+
info "$BASHTARD_PLAYBOOK" "Generating MotD"
file_template "motd" \
"fqdn=${BASHTARD_PLATFORM[fqdn]}" \
@@ -32,3 +40,13 @@ playbook_del() {
svc stop "sshd"
svc disable "sshd"
}
+
+ssh_key_size() {
+ if [[ ! -f "$1" ]]
+ then
+ printf "0"
+ return
+ fi
+
+ ssh-keygen -l -f "$1" | awk '{ print $1 }'
+}