Merge pull request #69 from Intel-BMC/update2021-0.63 1-0.63

Update
author: jmbills <jason.m.bills@intel.com> 2021-08-03 01:45:08 +0300
committer: GitHub <noreply@github.com> 2021-08-03 01:45:08 +0300
commit: 10ad77d5bc86709d8ff7f95e7040e39f1c153903 (patch)
tree: 307cedb87f4c0a329740c55ac364ed489d1d8fc2 /meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
parent: c6b1c6ba7a01b7987d65d61c262c44c320193108 (diff)
parent: 67327ddc580cb9a85219a534844832a1682780d4 (diff)
download: openbmc-10ad77d5bc86709d8ff7f95e7040e39f1c153903.tar.xz
1 files changed, 46 insertions, 13 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
index e97995cc1..922aa09f5 100755
--- a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
+++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
@@ -1,15 +1,48 @@
 #!/bin/sh
 
-if [ -e /etc/systemd/system/dropbear@.service ] && \
-   [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]
-then
-    echo "SSH is already enabled"
-else
-    cp /usr/share/misc/dropbear@.service /etc/systemd/system/dropbear@.service
-    cp /usr/share/misc/dropbear.socket /etc/systemd/system/dropbear.socket
-    ln -s  /etc/systemd/system/dropbear.socket /etc/systemd/system/sockets.target.wants/dropbear.socket
-    groupmems -g priv-admin -a root
-    systemctl daemon-reload
-    systemctl restart dropbear.socket
-    echo "Enabled SSH service for root user successful"
-fi
+usage="$(basename "$0") [-h] [-d] -- Enable/Disable ssh for root user
+where:
+    -h  help
+    -d  disable ssh and remove priv-admin permission for root user"
+
+enable_ssh() {
+    if [ -e /etc/systemd/system/dropbear@.service ] &&
+        [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
+        echo "SSH is already enabled"
+    else
+        cp /usr/share/misc/dropbear@.service /etc/systemd/system/dropbear@.service
+        cp /usr/share/misc/dropbear.socket /etc/systemd/system/dropbear.socket
+        ln -s /etc/systemd/system/dropbear.socket /etc/systemd/system/sockets.target.wants/dropbear.socket
+        groupmems -g priv-admin -a root
+        systemctl daemon-reload
+        systemctl restart dropbear.socket
+        echo "Enabled SSH service for root user successful"
+    fi
+}
+
+disable_ssh() {
+    if [ -e /etc/systemd/system/dropbear@.service ] &&
+        [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
+        systemctl stop dropbear.socket
+        systemctl stop dropbear@*.service
+        rm -rf /etc/systemd/system/sockets.target.wants/dropbear.socket
+        rm -rf /etc/systemd/system/dropbear.socket
+        rm -rf /etc/systemd/system/dropbear@.service
+        groupmems -g priv-admin -d root
+        echo "SSH disabled"
+    else
+        echo "SSH is already disabled"
+    fi
+}
+
+case "$1" in
+"-h")
+    echo ${usage}
+    ;;
+"-d")
+    disable_ssh
+    ;;
+*)
+    enable_ssh
+    ;;
+esac
author	jmbills <jason.m.bills@intel.com>	2021-08-03 01:45:08 +0300
committer	GitHub <noreply@github.com>	2021-08-03 01:45:08 +0300
commit	10ad77d5bc86709d8ff7f95e7040e39f1c153903 (patch)
tree	307cedb87f4c0a329740c55ac364ed489d1d8fc2 /meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
parent	c6b1c6ba7a01b7987d65d61c262c44c320193108 (diff)
parent	67327ddc580cb9a85219a534844832a1682780d4 (diff)
download	openbmc-10ad77d5bc86709d8ff7f95e7040e39f1c153903.tar.xz