summaryrefslogtreecommitdiff
path: root/Property/Ssh.hs
diff options
context:
space:
mode:
authorJoey Hess2014-03-29 23:10:52 -0400
committerJoey Hess2014-03-29 23:16:43 -0400
commitd9af8bac5eb7836a3c90e37e870fd73d30b841fd (patch)
tree40443efd384415172cf393571fe3f1651ea57423 /Property/Ssh.hs
initial check-in
too young to have a name
Diffstat (limited to 'Property/Ssh.hs')
-rw-r--r--Property/Ssh.hs41
1 files changed, 41 insertions, 0 deletions
diff --git a/Property/Ssh.hs b/Property/Ssh.hs
new file mode 100644
index 00000000..cca021a4
--- /dev/null
+++ b/Property/Ssh.hs
@@ -0,0 +1,41 @@
+module Property.Ssh where
+
+import Control.Applicative
+import Control.Monad
+import System.FilePath
+
+import Property
+import Property.User
+import Utility.SafeCommand
+import Utility.Exception
+
+sshBool :: Bool -> String
+sshBool True = "yes"
+sshBool False = "no"
+
+sshdConfig :: FilePath
+sshdConfig = "/etc/ssh/sshd_config"
+
+setSshdConfig :: String -> Bool -> Property
+setSshdConfig setting allowed = combineProperties desc
+ [ lineNotInFile sshdConfig (setting ++ sshBool (not allowed))
+ , lineInFile sshdConfig (setting ++ sshBool allowed)
+ ] `onChange` restartSshd
+ where
+ desc = unwords [ "ssh config:", setting, sshBool allowed ]
+
+permitRootLogin :: Bool -> Property
+permitRootLogin = setSshdConfig "PermitRootLogin"
+
+passwordAuthentication :: Bool -> Property
+passwordAuthentication = setSshdConfig "PasswordAuthentication"
+
+hasAuthorizedKeys :: UserName -> IO Bool
+hasAuthorizedKeys = go <=< homedir
+ where
+ go Nothing = return False
+ go (Just home) = not . null <$> catchDefaultIO ""
+ (readFile $ home </> ".ssh" </> "authorized_keys")
+
+restartSshd :: Property
+restartSshd = CmdProperty "ssh restart" "service" [Param "sshd", Param "restart"]