[CentOS] centos7 :: ks.cfg :: customisation of sshd

Thu Feb 18 18:27:28 UTC 2016
Mike - st257 <silvertip257 at gmail.com>

On Wed, Feb 17, 2016 at 2:48 PM, Adrian Sevcenco <Adrian.Sevcenco at cern.ch>

> Hi! I want to change the sshd port at install for centos7 but i am not sure
> if i am on the good track (and it is time expensive to make many
> try-outs)..
> So, i would be grateful if someone with experience can spot if i have
> problems
> with my planning.. (the actual purpose is that after installation i have
> access
> for my ansible provisioning)
> first make sure ssh is started
> services --enabled=sshd,chronyd
> then .. i imagine that in the %post section
> %post --interpreter=/usr/bin/bash --log=/root/ks-post.log
> 1. i could use sed to change the port
> sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config
> 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/'
> /etc/ssh/sshd_config
> 3. enable key access
> mkdir -p /root/.ssh
> chmod 700 /root/.ssh
> cat << EOF >> /root/.ssh/authorized_keys
> my_ssh_pubkey
> 4. semanage port -a -t ssh_port_t -p tcp 60000
> 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp
> 6. systemctl enable firewalld.service
> did i miss anything?

The %post section is definitely where you want your commands.
I'd combine the sed commands in points 1 and 2, but that's a small nit
picky suggestion.
( You forgot to escape the space before 60000 in the first sed expression
you provided. )

sed -i -e 's/#Port\ 22/Port\ 60000/'  -e's/#PermitRootLogin\
yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config

Though I will note there is some sort of syntax error with the
PermitRootLogin sed expression (present in the original you provided). I
spent a moment looking at it and the problem with that second expression
evades me right now. *grumble*

//  SilverTip257  //