From 4ddb88fef3e7778a98296a20bb9681f29eba6e33 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Thu, 16 Apr 2026 14:23:05 +0000 Subject: [PATCH] ssh and sudoers updates for AD. --- .gitattributesdb | 24 ++++++++++++------------ etc/ssh/sshd_config | 6 ++++++ etc/sudoers.d/root-access | 2 +- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 3ef3040..bbb8189 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -647,36 +647,36 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1776109038.971357814 1776109038.971357814 root: b3B0 1776109409.270887344 1771501851.000000000 root:root 0755 - - c2Jpbg== 1773131431.000000000 1773131431.000000000 root:root 0777 - - b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1776109058.715119389 1776109058.715119389 root:root 0777 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8uYmFzaHJj 1775582233.723180133 1757586493.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8uZ2l0aWdub3Jl 1774104492.728356672 1757600312.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - LmxvY2Fs - - c2hhcmU= - - bmFubw== - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - LnNzaA== - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - LnNzaA== - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - c3R1ZmYtdG8ta2VlcA== - - cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - c3R1ZmYtdG8ta2VlcA== - - cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - - -cm9vdA== 1776349160.392100887 1771512801.616005200 root:root 0755 - - +cm9vdA== 1776349264.118852336 1771512801.616005200 root:root 0755 - - c3R1ZmYtdG8ta2VlcA== - - cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - - dXNy 1774997839.417383939 1771501851.000000000 root:root 0755 - - diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config index b18599a..cb7406c 100644 --- a/etc/ssh/sshd_config +++ b/etc/ssh/sshd_config @@ -9,3 +9,9 @@ PermitRootLogin prohibit-password StreamLocalBindUnlink yes Subsystem sftp internal-sftp X11Forwarding no + +Match Group "System Admins" + AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys + AuthorizedKeysCommandUser root + AuthenticationMethods "publickey" + # ,password" diff --git a/etc/sudoers.d/root-access b/etc/sudoers.d/root-access index 591225b..faa35c3 100644 --- a/etc/sudoers.d/root-access +++ b/etc/sudoers.d/root-access @@ -5,4 +5,4 @@ tadgy ALL=(root) ALL sysadmin ALL=(root) NOPASSWD: ALL ## Allow the Active Directory domain administrators access to root without a password. -%Domain\ Admins@slackware.uk.internal ALL=(root) NOPASSWD: ALL +%Systems\ Admins@slackware.uk.internal ALL=(root) NOPASSWD: ALL