tpotce/installer/home/2fa_enable.sh

#!/bin/bash

########################################################
# T-Pot                                                #
# Two-Factor-Authentication and SSH enable script      #
#                                                      #
# v16.03.2 by mo, DTAG, 2016-03-09                     #
########################################################
myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"


# Let's ask if the user wants to enable two-factor ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70
my2FA=$?

# Let's ask if the user wants to enable ssh ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70
mySSH=$?

# Enable 2FA
if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
  then
    clear
    sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
    sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
    google-authenticator -t -d -f -r 3 -R 30 -w 21
    echo "2FA enabled. Please press return to continue ..."
    read
  elif [ -f /etc/pam.d/sshd.bak ]
    then
      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
fi

# Enable SSH
if [ "$mySSH" = "0" ] && [ -f /etc/init/ssh.override ];
  then
    clear
    sudo rm /etc/init/ssh.override
    sudo service ssh start
    dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70
  elif ! [ -f /etc/init/ssh.override ]
    then
      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70
fi
Installer upgrade 2015-01-27 16:46:52 +00:00			`#!/bin/bash`

			`########################################################`
prepare for T-Pot 16.03 2015-12-08 14:47:39 +00:00			`# T-Pot #`
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00			`# Two-Factor-Authentication and SSH enable script #`
Installer upgrade 2015-01-27 16:46:52 +00:00			`# #`
clean up, update readme 2016-03-09 13:05:06 +00:00			`# v16.03.2 by mo, DTAG, 2016-03-09 #`
Installer upgrade 2015-01-27 16:46:52 +00:00			`########################################################`
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00			`myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"`
Installer upgrade 2015-01-27 16:46:52 +00:00
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00
			`# Let's ask if the user wants to enable two-factor ...`
			`dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70`
			`my2FA=$?`

			`# Let's ask if the user wants to enable ssh ...`
			`dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70`
			`mySSH=$?`

			`# Enable 2FA`
clean up, update readme 2016-03-09 13:05:06 +00:00			`if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];`
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00			`then`
			`clear`
			`sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd`
			`sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config`
			`google-authenticator -t -d -f -r 3 -R 30 -w 21`
			`echo "2FA enabled. Please press return to continue ..."`
			`read`
			`elif [ -f /etc/pam.d/sshd.bak ]`
clean up, update readme 2016-03-09 13:05:06 +00:00			`then`
			`dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70`
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00			`fi`

			`# Enable SSH`
clean up, update readme 2016-03-09 13:05:06 +00:00			`if [ "$mySSH" = "0" ] && [ -f /etc/init/ssh.override ];`
rewrite 2fa_enable, delete ssh_enable 2016-03-07 14:48:44 +00:00			`then`
			`clear`
			`sudo rm /etc/init/ssh.override`
			`sudo service ssh start`
			`dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70`
			`elif ! [ -f /etc/init/ssh.override ]`
			`then`
			`dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70`
Installer upgrade 2015-01-27 16:46:52 +00:00			`fi`