summaryrefslogtreecommitdiff
path: root/Property/Ssh.hs
diff options
context:
space:
mode:
Diffstat (limited to 'Property/Ssh.hs')
-rw-r--r--Property/Ssh.hs41
1 files changed, 41 insertions, 0 deletions
diff --git a/Property/Ssh.hs b/Property/Ssh.hs
new file mode 100644
index 00000000..cca021a4
--- /dev/null
+++ b/Property/Ssh.hs
@@ -0,0 +1,41 @@
+module Property.Ssh where
+
+import Control.Applicative
+import Control.Monad
+import System.FilePath
+
+import Property
+import Property.User
+import Utility.SafeCommand
+import Utility.Exception
+
+sshBool :: Bool -> String
+sshBool True = "yes"
+sshBool False = "no"
+
+sshdConfig :: FilePath
+sshdConfig = "/etc/ssh/sshd_config"
+
+setSshdConfig :: String -> Bool -> Property
+setSshdConfig setting allowed = combineProperties desc
+ [ lineNotInFile sshdConfig (setting ++ sshBool (not allowed))
+ , lineInFile sshdConfig (setting ++ sshBool allowed)
+ ] `onChange` restartSshd
+ where
+ desc = unwords [ "ssh config:", setting, sshBool allowed ]
+
+permitRootLogin :: Bool -> Property
+permitRootLogin = setSshdConfig "PermitRootLogin"
+
+passwordAuthentication :: Bool -> Property
+passwordAuthentication = setSshdConfig "PasswordAuthentication"
+
+hasAuthorizedKeys :: UserName -> IO Bool
+hasAuthorizedKeys = go <=< homedir
+ where
+ go Nothing = return False
+ go (Just home) = not . null <$> catchDefaultIO ""
+ (readFile $ home </> ".ssh" </> "authorized_keys")
+
+restartSshd :: Property
+restartSshd = CmdProperty "ssh restart" "service" [Param "sshd", Param "restart"]