Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-29 11:48:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
tpotce/installer/home/2fa_enable.sh
Marco Ochse fbfb5a1d90 very basic installation stuff
2016-05-12 19:26:06 +02:00

43 lines
2.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
########################################################
# T-Pot #
# Two-Factor-Authentication and SSH enable script #
# #
# v16.10.0 by mo, DTAG, 2016-05-12 #
########################################################
myBACKTITLE="T-Pot - Two-Factor-Authentication and SSH enable script"
# Let's ask if the user wants to enable two-factor ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable 2FA? ]" --yesno "\nDo you want to enable Two-Factor-Authentication based on Google Authenticator for SSH?" 8 70
my2FA=$?
# Let's ask if the user wants to enable ssh ...
dialog --backtitle "$myBACKTITLE" --title "[ Enable SSH? ]" --yesno "\nDo you want to enable the SSH service?" 8 70
mySSH=$?
# Enable 2FA
if [ "$my2FA" = "0" ] && ! [ -f /etc/pam.d/sshd.bak ];
then
clear
sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd
sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config
google-authenticator -t -d -f -r 3 -R 30 -w 21
echo "2FA enabled. Please press return to continue ..."
read
elif [ -f /etc/pam.d/sshd.bak ]
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that Two-Factor-Authentication has already been enabled. Please run 'google-authenticator -t -d -f -r 3 -R 30 -w 21' if you want to rewrite your token." 8 70
fi
# Enable SSH
if [ "$mySSH" = "0" ] && [ "$(systemctl status ssh | grep -o dead)" = "dead" ];
then
clear
sudo systemctl enable ssh
sudo systemctl start ssh
dialog --backtitle "$myBACKTITLE" --title "[ SSH enabled ]" --msgbox "\nThe SSH service has been enabled and is now reachable via port tcp/64295. Password authentication is disabled by default." 8 70
elif [ "$(systemctl status ssh | grep -o dead)" = "" ]
then
dialog --backtitle "$myBACKTITLE" --title "[ Already enabled ]" --msgbox "\nIt seems that SSH has already been enabled." 8 70
fi
Reference in a new issue View git blame Copy permalink