From d9af8bac5eb7836a3c90e37e870fd73d30b841fd Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 29 Mar 2014 23:10:52 -0400 Subject: initial check-in too young to have a name --- Property/Ssh.hs | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Property/Ssh.hs (limited to 'Property/Ssh.hs') diff --git a/Property/Ssh.hs b/Property/Ssh.hs new file mode 100644 index 00000000..cca021a4 --- /dev/null +++ b/Property/Ssh.hs @@ -0,0 +1,41 @@ +module Property.Ssh where + +import Control.Applicative +import Control.Monad +import System.FilePath + +import Property +import Property.User +import Utility.SafeCommand +import Utility.Exception + +sshBool :: Bool -> String +sshBool True = "yes" +sshBool False = "no" + +sshdConfig :: FilePath +sshdConfig = "/etc/ssh/sshd_config" + +setSshdConfig :: String -> Bool -> Property +setSshdConfig setting allowed = combineProperties desc + [ lineNotInFile sshdConfig (setting ++ sshBool (not allowed)) + , lineInFile sshdConfig (setting ++ sshBool allowed) + ] `onChange` restartSshd + where + desc = unwords [ "ssh config:", setting, sshBool allowed ] + +permitRootLogin :: Bool -> Property +permitRootLogin = setSshdConfig "PermitRootLogin" + +passwordAuthentication :: Bool -> Property +passwordAuthentication = setSshdConfig "PasswordAuthentication" + +hasAuthorizedKeys :: UserName -> IO Bool +hasAuthorizedKeys = go <=< homedir + where + go Nothing = return False + go (Just home) = not . null <$> catchDefaultIO "" + (readFile $ home ".ssh" "authorized_keys") + +restartSshd :: Property +restartSshd = CmdProperty "ssh restart" "service" [Param "sshd", Param "restart"] -- cgit v1.2.3