install.sh,ncp.sh,1.54.0.sh: Disable root login via ssh

Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com>
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>

bin/ncp-dist-upgrade

@@ -2,7 +2,7 @@
 
 set -e
 
-[[ "$UID" -eq 0 ]] || {
+[[ "${EUID}" -eq 0 ]] || {
   echo "ERROR: Must be run as root (try sudo ncp-dist-upgrade)"
   exit 1
 }

install.sh

@@ -28,6 +28,17 @@ export PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}"
 type mysqld &>/dev/null && echo ">>> WARNING: existing mysqld configuration will be changed <<<"
 type mysqld &>/dev/null && mysql -e 'use nextcloud' &>/dev/null && { echo "The 'nextcloud' database already exists. Aborting"; exit 1; }
 
+[[ "$DEBIAN_FRONTEND" == "noninteractive" ]] || {
+  echo "WARNING: This installer will disable SSH login for the root user and reset its password.
+If you need to login with root, you should make sure, you have a root session open that you can use,
+to revert these changes afterwards (set PermitRootLogin to 'yes' in /etc/ssh/sshd_config and run passwd as root)."
+  for i in {1..10}
+  do
+    echo "Continuing in $((30-(3*i)))s (press Ctrl+C to abort)..."
+    sleep 3
+  done
+}
+
 # get dependencies
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y git ca-certificates sudo lsb-release wget jq

ncp.sh

@@ -83,6 +83,7 @@ EOF
   is_docker || is_lxc || {
     chsh -s /usr/sbin/nologin "$WEBADMIN"
     passwd -l root
+    sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin No/' /etc/ssh/sshd_config
   }
 
   ## NCP LAUNCHER

updates/1.54.0.sh

@@ -1,9 +1,10 @@
 #!/usr/bin/env bash
 
-if getent passwd "$LOGNAME" | grep -e 'root' | grep -e '/usr/sbin/nologin'
+if getent passwd "root" | grep -e '/usr/sbin/nologin'
 then
   chsh -s /bin/bash root
   passwd -l root
+  sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin No/' /etc/ssh/sshd_config
 fi
 
 apt-get update