openssh: feedback for #1750

Prodded by: @adschellevis
2026-03-13 16:14:40 +00:00 · 2017-08-09 14:24:45 +02:00 · 2017-08-09 14:24:45 +02:00 · db1b20b893
commit db1b20b893
parent 13f63a4919
5 changed files with 20 additions and 17 deletions
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@ -71,7 +71,7 @@ function filter_core_antilockout_ports()
            $lockout_ports[] = "80";
        }
        if (isset($config['system']['ssh']['enabled']) ||
-            (is_install_media() && !isset($config['system']['ssh']) && is_process_running('sshd'))) {
+            (!isset($config['system']['ssh']['noauto']) && is_install_media() && is_process_running('sshd'))) {
            $lockout_ports[] = empty($config['system']['ssh']['port']) ? "22" : $config['system']['ssh']['port'];
        }
    }
--- a/src/etc/inc/plugins.inc.d/openssh.inc
+++ b/src/etc/inc/plugins.inc.d/openssh.inc
@ -28,6 +28,12 @@
 * POSSIBILITY OF SUCH DAMAGE.
 */

+function openssh_enabled()
+{
+    return isset($config['system']['ssh']['enabled']) ||
+        (!isset($config['system']['ssh']['noauto']) && is_install_media());
+}
+
 function openssh_configure()
 {
    return array(
@ -42,8 +48,7 @@ function openssh_services()

    $services = array();

-    if (isset($config['system']['ssh']['enabled']) ||
-        (!isset($config['system']['ssh']) && is_install_media())) {
+    if (openssh_enabled()) {
        $pconfig = array();
        $pconfig['description'] = gettext('Secure Shell Daemon');
        $pconfig['configd']['restart'] = array('openssh restart');
@ -66,13 +71,11 @@ function openssh_configure_do($verbose = false)

    $sshcfg = null;

-    if (isset($config['system']['ssh'])) {
-        if (isset($config['system']['ssh']['enabled'])) {
-            $sshcfg = $config['system']['ssh'];
-        }
-    } elseif (is_install_media()) {
+    if (!isset($config['system']['ssh']['noauto']) && is_install_media()) {
        /* only revert to installer config when ssh is not set at all */
        $sshcfg = array('permitrootlogin' => 1, 'passwordauth' => 1);
+    } elseif (isset($config['system']['ssh']['enabled'])) {
+        $sshcfg = $config['system']['ssh'];
    }

    if ($sshcfg === null) {
@ -114,15 +117,15 @@ function openssh_configure_do($verbose = false)

    if ($generate_keys) {
        if (is_subsystem_dirty('sshdkeys')) {
-        return;
+            return;
        }
        log_error('Started creating your SSH keys. SSH startup is being delayed a wee bit.');
        mark_subsystem_dirty('sshdkeys');
        foreach ($keys as $type => $name) {
-        $file = "/conf/sshd/{$name}";
-        @unlink("{$file}.pub");
-        @unlink($file);
-        mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', array($type, $file));
+            $file = "/conf/sshd/{$name}";
+            @unlink("{$file}.pub");
+            @unlink($file);
+            mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', array($type, $file));
        }
        clear_subsystem_dirty('sshdkeys');
        log_error('Completed creating your SSH keys. SSH will now be started.');
--- a/src/etc/rc.livemode
+++ b/src/etc/rc.livemode
@ -58,7 +58,7 @@ if (is_install_media()) {

        echo "\n";

-        if (!isset($config['system']['ssh']) && is_process_running('sshd')) {
+        if (!isset($config['system']['ssh']['noauto']) && is_process_running('sshd')) {
            echo "Welcome!  Both `root' and `installer' users are availabe for system\n";
            echo "setup or invoking the installer, respectively.  The predefined root\n";
            echo "password works for both accounts.  Remote login via SSH is possible.\n";
--- a/src/www/guiconfig.inc
+++ b/src/www/guiconfig.inc
@ -252,7 +252,7 @@ function print_service_banner($service)
            }
            print_alert_box(
                gettext('You are currently running in LiveCD mode. A reboot will reset the configuration.') .' ' .
-                (!isset($config['system']['ssh']) && is_process_running('sshd') ?
+                (!isset($config['system']['ssh']['noauto']) && is_process_running('sshd') ?
                gettext('SSH remote login is enabled for the users "root" and ' .
                '"installer" using the same password.') : gettext('SSH remote login is disabled.'))
            );
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@ -196,8 +196,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            unset($config['system']['webgui']['althostnames']);
        }

-        /* always store ssh setting to prevent install scenario */
-        $config['system']['ssh']['reserved'] = 1;
+        /* always store setting to prevent installer auto-start */
+        $config['system']['ssh']['noauto'] = 1;

        if (!empty($pconfig['enablesshd'])) {
            $config['system']['ssh']['enabled'] = 'enabled';