Script to check and modify /etc/ssh/sshd_config

hce · June 1, 2013, 11:06pm

Hi,

How can I check and modify /etc/ssh/sshd_config parameters in a script? I'll particular to check and enable / disable PasswordAuthentication and PubkeyAuthentication. I know I can edit sshd_config by vi, but for some reason we need change it in a script.

Thank you.

hce

alister · June 1, 2013, 11:21pm

In case you aren't aware, you can override sshd_config settings with command options.

Regards,
Alister

hce · June 2, 2013, 1:25am

Thanks Alister, could you please give an example of how to change "PasswordAuthentication = yes" in the command options?

Thank you.

Kind regards.

mirni · June 2, 2013, 1:29am

From man ssh :

hce · June 2, 2013, 5:05am

Thanks mirni, but I tried:

ssh -o PasswordAuthentication=yes root@remote_vm

It did not work. Not clear if we are in the same page. I actually asked how to change the /etc/ssh/sshd_config which defines "PasswordAuthentication no" by command line in script in the remote_vm machine. I guess the ssh -o option is only to change /etc/ssh/ssh_config setting, is it correct?

Thank you.

Kind regards.

alister · June 2, 2013, 8:52am

Have a look at your sshd man page. The answer is there.

And, in case it isn't obvious, an ssh client can't override a server's settings. That would be very insecure.

Regards,
Alister

MadeInGermany · June 2, 2013, 9:42am

Yes, command line options are for ssh, and they override ssh_config.
For changing existing options in sshd_config you can use awk

file=/etc/ssh/sshd_config
cp -p $file $file.old &&
awk '
$1=="PasswordAuthentication" {$2="yes"}
$1=="PubkeyAuthentication" {$2="yes"}
{print}
' $file.old > $file

or do it in a shell loop

file=/etc/ssh/sshd_config
cp -p $file $file.old &&
while read key other
do
 case $key in
 PasswordAuthentication) other=yes;;
 PubkeyAuthentication) other=yes;;
 esac
 echo "$key $other"
done < $file.old > $file

frank_rizzo · June 2, 2013, 10:19am

augtool -b -s set /files/etc/ssh/sshd_config/PasswordAuthentication no

restart sshd

alister · June 2, 2013, 10:42am

sshd also supports overriding sshd_config settings with command options.

It may exist, but at the moment I can't envision a scenario where it makes sense to use a script to toggle settings in an important system config file. If the changes are meant to be long lasting, then simply edit the file manually and be done with it. If the overrides are only needed occasionally, it would be simpler and safer to use command options for the job, either to override specific settings in the default config file or to use a different config file altogether.

Regards,
Alister

hce · June 2, 2013, 8:36pm

Thanks MadeInGermany and all other responses, that did the trick.

Greatly appreciated.

hce