Inicio Explorar Axuda
Iniciar sesión
yosoyhendrix
/
hestiacp
réplica de https://github.com/hestiacp/hestiacp
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Auto create filemanager sftp key when missing, no need to add it manually before using the filemanager

Add auto-expire functionality to v-add-user-sftp-key and remove unnecesary pubkey
Robert Zollner %!s(int64=5) %!d(string=hai) anos
pai
45c05322b8
achega
285f9b0f61
Modificáronse 4 ficheiros con 21 adicións e 27 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 0 3
      bin/v-add-user
  2. 16 18
      bin/v-add-user-sftp-key
  3. 4 5
      install/deb/filemanager/filegator/configuration.php
  4. 1 1
      install/upgrade/versions/latest.sh

+ 0 - 3
bin/v-add-user
Ver ficheiro 

@@ -236,9 +236,6 @@ fi
 
 # Adding jailed sftp env
 
 $BIN/v-add-user-sftp-jail $user
 
 
-# Adding sftp ssh key
 
-$BIN/v-add-user-sftp-key $user
 
-
 
 # Logging
 
 log_history "added system user $user" '' 'admin'
 
 log_event "$OK" "$ARGUMENTS"

+ 16 - 18
bin/v-add-user-sftp-key
Ver ficheiro 

@@ -1,6 +1,6 @@
 
 #!/bin/bash
 
 # info: add user sftp key
 
-# options: USER 
+# options: USER [TTL]
 
 #
 
 # The script creates and updates ssh key for filemanager usage
 
 
@@ -11,6 +11,7 @@
 
 
 # Argument definition
 
 user=$1
 
+ttl=$2
 
 
 # Includes
 
 source $HESTIA/func/main.sh
 
@@ -21,8 +22,8 @@ source $HESTIA/conf/hestia.conf
 
 #                    Verifications                         #
 
 #----------------------------------------------------------#
 
 
-check_args '1' "$#" 'USER'
 
-is_format_valid 'user'
 
+check_args '1' "$#" 'USER [TTL]'
 
+is_format_valid 'user' 'ttl'
 
 is_object_valid 'user' 'USER' "$user"
 
 
 
@@ -41,37 +42,34 @@ AUTHKEY_FILE="$HOMEDIR/$user/.ssh/authorized_keys"
 
 if [ ! -f "${PRVKEY_FILE}" ]; then
 
 
     ssh-keygen -q -b 1024 -t rsa -f "${PRVKEY_FILE}" -N ""
 
+    rm "${PUBKEY_FILE}"
 
     new_privkey=true
 
 
 fi
 
 
-if [ ! -f "${PUBKEY_FILE}" ] || [ "$new_privkey" = true ]; then
 
+if [ ! -f "${AUTHKEY_FILE}" ] || [ "$new_privkey" = true ]; then
 
 
-    ssh-keygen -y -f "${PRVKEY_FILE}" > "${PUBKEY_FILE}"
 
-    new_pubkey=true
 
+    pubkey_str="$(ssh-keygen -y -f ${PRVKEY_FILE})"
 
+    pubkey_desc="filemanager.ssh.key"
 
 
-fi
 
-
 
-if [ ! -f "${AUTHKEY_FILE}" ] || [ "$new_pubkey" = true ]; then
 
-
 
-    now=$(date +%s)
 
-    pubkey_str=$(cat "${PUBKEY_FILE}")
 
-    pubkey_desc="[${user}]filemanager.ssh.key"
 
-
 
-    if grep --quiet --no-messages -F "[${user}]filemanager.ssh.key" "${AUTHKEY_FILE}"; then
 
-        sed -i "/ \[${user}\]filemanager\.ssh\.key\$/d" "${AUTHKEY_FILE}"
 
+    if grep --quiet --no-messages -F "$pubkey_desc" "${AUTHKEY_FILE}"; then
 
+        sed -i "/filemanager\.ssh\.key\$/d" "${AUTHKEY_FILE}"
 
     fi
 
 
     # make sure authorized_keys is ending with EOL
 
     [ -f "${AUTHKEY_FILE}" ] && sed -i '$a\' "${AUTHKEY_FILE}"
 
 
-    echo "from=\"127.0.0.1\",command=\"internal-sftp\",restrict ${pubkey_str} TS:${now} ${pubkey_desc}" >> "${AUTHKEY_FILE}"
 
+    expire=0
 
+    if [[ "$ttl" -gt 0 ]]; then
 
+        expire=$(date +%s -d "+${ttl} min")
 
+        echo "rm ${PRVKEY_FILE}" | at "now +${ttl} minute" > /dev/null 2>&1
 
+    fi
 
+    echo "from=\"127.0.0.1\",command=\"internal-sftp\",restrict ${pubkey_str} TS:${expire} ${pubkey_desc}" >> "${AUTHKEY_FILE}"
 
 
 fi
 
 
 # 
 chown ${user}: "${AUTHKEY_FILE}"
 
-chown ${user}: "${PUBKEY_FILE}"
 
 chown admin: "${PRVKEY_FILE}"

+ 4 - 5
install/deb/filemanager/filegator/configuration.php
Ver ficheiro 

@@ -16,6 +16,10 @@ $dist_config['services']['Filegator\Services\Storage\Filesystem']['config']['ada
 
         if (isset($_SESSION['look']) && $_SESSION['look'] != 'admin' && $v_user === 'admin') {
 
             $v_user = $_SESSION['look'];
 
         }
 
+        # Create filemanager sftp key if missing and trash it after 30 min
 
+        if (! file_exists('/home/'.basename($v_user).'/.ssh/hst-filemanager-key')) {
 
+            exec ("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . escapeshellarg(basename($v_user)) . " 30", $output, $return_var);
 
+        }
 
 
         return new \League\Flysystem\Sftp\SftpAdapter([
 
             'host' => '127.0.0.1',
 
@@ -35,11 +39,6 @@ $dist_config['services']['Filegator\Services\Auth\AuthInterface'] = [
 
         ],
 
     ];
 
 
-$dist_config['services']['Filegator\Services\View\ViewInterface']['config'] = [
 
-        'add_to_head' => '',
 
-        'add_to_body' => '',
 
-];
 
-
 
 $dist_config['services']['Filegator\Services\View\ViewInterface']['config'] = [
 
     'add_to_head' => '',
 
     'add_to_body' => '

+ 1 - 1
install/upgrade/versions/latest.sh
Ver ficheiro 

@@ -87,7 +87,7 @@ if [ ! -e "$HESTIA/web/fm/configuration.php" ]; then
 
 
     # Add sftp key for every user
 
     for user in $(v-list-sys-users plain); do
 
-        v-add-user-sftp-key "$user"
 
+        [[ -f "/home/${user}/.ssh/hst-filemanager-key" ]] && rm "/home/${user}/.ssh/hst-filemanager-key"
 
     done
 
 fi