rewrite 2fa_enable, delete ssh_enable

2025-07-01 04:22:11 +00:00 · 2016-03-07 15:48:44 +01:00 · 2016-03-07 15:48:44 +01:00 · 4c83de3995
commit 4c83de3995
parent 71b838c6e2
1 changed files with 36 additions and 23 deletions
--- a/installer/home/2fa_enable.sh
+++ b/installer/home/2fa_enable.sh
@ -2,30 +2,43 @@

 ########################################################
 # T-Pot                                                #
-# Two-Factor authentication enable script              #
+# Two-Factor-Authentication and SSH enable script      #
 #                                                      #
-# v0.01 by mo, DTAG, 2015-06-15                        #
+# v16.03.1 by mo, DTAG, 2016-03-07                     #
 ########################################################
+myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"

-echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH."
-while true
-do
-  echo -n "### Do you want to continue (y/n)? "; read myANSWER;
-  case $myANSWER in
-    n)
-      echo "### Exiting."
-      exit 0;
-      ;;
-    y)
-      break
-      ;;
-  esac
-done
-if [ -f /etc/pam.d/sshd.bak ];
-  then echo "### Already enabled. Exiting."
-  exit 1;
+
+# Let's ask if the user wants to enable two-factor ...
+dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70
+my2FA=$?
+
+# Let's ask if the user wants to enable ssh ...
+dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70
+mySSH=$?
+
+# Enable 2FA
+if [ $my2FA == 0 ] && ! [ -f /etc/pam.d/sshd.bak ];
+  then
+    clear
+    sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
+    sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
+    google-authenticator -t -d -f -r 3 -R 30 -w 21
+    echo "2FA enabled. Please press return to continue ..."
+    read
+  elif [ -f /etc/pam.d/sshd.bak ]
+    then 
+      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70  
+fi
+
+# Enable SSH
+if [ $mySSH == 0 ] && [ -f /etc/init/ssh.override ];
+  then
+    clear
+    sudo rm /etc/init/ssh.override
+    sudo service ssh start
+    dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70
+  elif ! [ -f /etc/init/ssh.override ]
+    then
+      dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70
 fi
-sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
-sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
-google-authenticator -t -d -f -r 3 -R 30 -w 21
-echo "### Please do not forget to run the ssh_enable script."