github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/dep/sshd/dep.go (about) 1 package sshd 2 3 import ( 4 "bytes" 5 "fmt" 6 "io" 7 "os/exec" 8 "strings" 9 10 "github.com/caos/orbos/internal/operator/common" 11 "github.com/caos/orbos/internal/operator/nodeagent" 12 "github.com/caos/orbos/internal/operator/nodeagent/dep" 13 "github.com/caos/orbos/internal/operator/nodeagent/dep/middleware" 14 ) 15 16 type Installer interface { 17 isSSHD() 18 nodeagent.Installer 19 } 20 21 type sshdDep struct { 22 systemd *dep.SystemD 23 } 24 25 func New(systemd *dep.SystemD) Installer { 26 return &sshdDep{systemd} 27 } 28 29 func (sshdDep) Is(other nodeagent.Installer) bool { 30 _, ok := middleware.Unwrap(other).(Installer) 31 return ok 32 } 33 34 func (sshdDep) isSSHD() {} 35 36 func (sshdDep) String() string { return "SSHD" } 37 38 func (*sshdDep) Equals(other nodeagent.Installer) bool { 39 _, ok := other.(*sshdDep) 40 return ok 41 } 42 43 func (*sshdDep) InstalledFilter() []string { return nil } 44 45 func (s *sshdDep) Current() (pkg common.Package, err error) { 46 47 buf := new(bytes.Buffer) 48 defer buf.Reset() 49 50 swapon := exec.Command("sshd", "-T") 51 swapon.Stdout = buf 52 if err := swapon.Run(); err != nil { 53 return pkg, err 54 } 55 56 for { 57 if err != nil && err != io.EOF { 58 return pkg, err 59 } 60 line, err := buf.ReadString('\n') 61 fields := strings.Fields(line) 62 value := "" 63 if len(fields) > 1 { 64 value = fields[1] 65 } 66 67 if strings.Contains(line, "listenaddress") { 68 checkIP := "127.0.0.1" 69 if value != "[::]:22" && value != "0.0.0.0:22" { 70 if pkg.Config == nil { 71 pkg.Config = make(map[string]string) 72 } 73 checkIP = strings.Split(value, ":")[0] 74 pkg.Config["listenaddress"] = checkIP 75 } 76 out, _ := exec.Command("ssh", "-T", checkIP).CombinedOutput() 77 if strings.Contains(string(out), "Connection refused") { 78 if pkg.Config == nil { 79 pkg.Config = make(map[string]string) 80 } 81 pkg.Config["listening"] = "false" 82 } 83 } 84 85 if strings.Contains(line, "gssapiauthentication") && value != "no" { 86 if pkg.Config == nil { 87 pkg.Config = make(map[string]string) 88 } 89 pkg.Config["gssapiauthentication"] = value 90 } 91 92 if err == io.EOF { 93 break 94 } 95 } 96 return pkg, nil 97 } 98 99 func (s *sshdDep) Ensure(remove common.Package, ensure common.Package, _ bool) error { 100 101 appendLines := []string{"GSSAPIAuthentication no"} 102 listenAddress := ensure.Config["listenaddress"] 103 if listenAddress != "" { 104 appendLines = append(appendLines, fmt.Sprintf("ListenAddress %s", listenAddress)) 105 } 106 107 if err := dep.ManipulateFile("/etc/ssh/sshd_config", []string{"GSSAPIAuthentication"}, appendLines, func(line string) *string { 108 if strings.HasPrefix(line, "ListenAddress") { 109 return nil 110 } 111 return &line 112 }); err != nil { 113 return err 114 } 115 116 return s.systemd.Start("sshd") 117 }