From 4f06e6afa477d3ce8126a38d18456992b0296287 Mon Sep 17 00:00:00 2001
From: ageissler <ageissler@conet.de>
Date: Tue, 29 Oct 2024 10:18:07 +0100
Subject: [PATCH] setup/init-sshd.sh aktualisiert

---
 setup/init-sshd.sh | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/setup/init-sshd.sh b/setup/init-sshd.sh
index cc1f786..c61e9a5 100644
--- a/setup/init-sshd.sh
+++ b/setup/init-sshd.sh
@@ -1 +1,41 @@
-#!/bin/bash
\ No newline at end of file
+#!/bin/bash
+
+###############################################################
+###
+### ssh server konfig
+###
+###############################################################
+
+START='### unique ssh config start ###'
+
+END='### unique ssh config end ###'
+
+CFG='Match User conetadm
+    PasswordAuthentication yes
+    PubkeyAuthentication yes
+    AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24
+
+Match User ansible
+    PasswordAuthentication no
+    PubkeyAuthentication yes
+    AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12'
+
+UNIQ="$START
+$CFG
+$END"
+
+grep "$START" /etc/ssh/sshd_config
+if [ "$?" == "1" ]
+then
+   echo uniq Eintrag nicht vorhanden, wird angehängt
+else
+   echo uniq Eintrag gefunden, wird ersetzt
+   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
+   sed -i "/$START/,/$END/d" /etc/ssh/sshd_config
+fi
+echo "$UNIQ" >> /etc/ssh/sshd_config
+
+sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config
+sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config
+
+systemctl restart sshd
\ No newline at end of file