diff options
Diffstat (limited to 'src/property/sshd.lisp')
| -rw-r--r-- | src/property/sshd.lisp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/property/sshd.lisp b/src/property/sshd.lisp index 5a3be00..6e751d6 100644 --- a/src/property/sshd.lisp +++ b/src/property/sshd.lisp @@ -29,3 +29,16 @@ (:desc (format nil "sshd configured ~{~A ~A~^, ~}" pairs)) (:apply (apply #'file:contains-conf-space "/etc/ssh/sshd_config" pairs))) + +(defprop no-passwords :posix () + "Configure SSH to disallow password logins. +To prevent lockouts, also enables logging in as root with an SSH key, and +refuses to proceed if root has no authorized_keys." + (:desc "SSH passwords disabled") + (:apply + (assert-euid-root) + (unless (and (remote-exists-p ".ssh/authorized_keys") + (plusp (length (readfile ".ssh/authorized_keys")))) + (failed-change "root has no authorized_keys")) + (configured "PermitRootLogin" "without-password" + "PasswordAuthentication" "no"))) |