add option to disable ssh access for joinmarket

fixes: #52
openoms · Jun 20, 2021 · 7f13c69 · 7f13c69
1 parent fda5e21
commit 7f13c69
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 2 deletions.
diff --git a/scripts/info.qtgui.sh b/scripts/info.qtgui.sh
@@ -21,6 +21,12 @@ esac
 # get local ip
 localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
 
+joinmarketSSHchanged=0
+if grep -Eq "^joinmarketSSH=off" /home/joinmarket/joinin.conf; then
+  sudo /home/joinmarket/set.ssh.sh on
+  joinmarketSSHchanged=1
+fi
+
 echo "
 ************************************************************************************
 Instructions to open the JoinMarket-QT GUI on the desktop
@@ -91,4 +97,8 @@ Press ENTER when done with the instructions to exit to the menu
 "
 
 sleep 2
-read key
+read key
+
+if [ $joinmarketSSHchanged = 1 ];then
+  sudo /home/joinmarket/set.ssh.sh off
+fi
diff --git a/scripts/menu.tools.sh b/scripts/menu.tools.sh
@@ -64,7 +64,7 @@ isLocalBitcoinCLI=$(sudo -u bitcoin bitcoin-cli -version|grep -c "Bitcoin Core R
 
 # BASIC MENU INFO
 HEIGHT=11
-WIDTH=55
+WIDTH=60
 CHOICE_HEIGHT=5
 TITLE="Tools"
 MENU=""
@@ -96,6 +96,17 @@ if [ "${runningEnv}" != mynode ]; then
   HEIGHT=$((HEIGHT+1))
   CHOICE_HEIGHT=$((CHOICE_HEIGHT+1))
 fi
+if [ "${runningEnv}" != standalone ]; then
+  if grep -Eq "^joinmarketSSH=off" /home/joinmarket/joinin.conf; then
+    sshAction="Enable"
+  else
+    sshAction="Disable"
+  fi
+  OPTIONS+=(
+    SSH "$sshAction ssh access with the joinmarket user")
+  HEIGHT=$((HEIGHT+1))
+  CHOICE_HEIGHT=$((CHOICE_HEIGHT+1))
+fi
 OPTIONS+=(
     LOGS "Show the bitcoind logs on $network")
 
@@ -196,4 +207,13 @@ Input how many previous blocks from the tip you want to scan" 14 108
     fi
     echo "Press ENTER to return to the menu..."
     read key;;  
+  SSH)
+    if [ $sshAction = "Disable" ];then
+      sudo /home/joinmarket/set.ssh.sh off
+    elif [ $sshAction = "Enable" ];then
+      sudo /home/joinmarket/set.ssh.sh on
+    fi
+    echo            
+    echo "Press ENTER to return to the menu..."
+    read key;;
 esac
diff --git a/scripts/set.ssh.sh b/scripts/set.ssh.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+if [ ${#1} -eq 0 ]||[ $1 = "-h" ]||[ $1 = "--help" ];then
+  echo "Enable or disable ssh access with the joinmarket user"
+  echo "sudo set.ssh.sh [off|on]"
+  echo
+fi
+
+# check if sudo
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root or with sudo"
+  exit 1
+fi
+
+# add default value to config if needed
+if ! grep -Eq "^joinmarketSSH=" /home/joinmarket/joinin.conf; then
+  echo "joinmarketSSH=on" >> /home/joinmarket/joinin.conf
+fi
+
+echo
+if [ $1 = "off" ];then
+  echo "# Disable ssh access with the joinmarket user"
+  if ! grep -Eq "^DenyUsers joinmarket" /etc/ssh/sshd_config; then
+    echo "DenyUsers joinmarket" >> /etc/ssh/sshd_config
+    # set value in config
+    sudo sed -i "s/^joinmarketSSH=.*/joinmarketSSH=off/g" /home/joinmarket/joinin.conf
+    systemctl restart ssh
+  fi
+elif [ $1 = "on" ]; then
+  echo "# Enable ssh access with the joinmarket user"
+  sed -i "s/^DenyUsers joinmarket//g" /etc/ssh/sshd_config
+  # set value in config
+  sed -i "s/^joinmarketSSH=.*/joinmarketSSH=on/g" /home/joinmarket/joinin.conf
+  systemctl restart ssh
+else
+  echo "# Invalid option $*"
+  exit 1
+fi