diff --git a/docs/installation-and-configuration/installation-on-debian.rst b/docs/installation-and-configuration/installation-on-debian.rst index ac662339..469cd8a2 100644 --- a/docs/installation-and-configuration/installation-on-debian.rst +++ b/docs/installation-and-configuration/installation-on-debian.rst @@ -1,17 +1,17 @@ -Installation on Debian 8 or 9 -============================= +Installation on Debian 8, 9 or 10 +================================= -The followings shows you how to install and run PaSSHport on Debian 8 (Jessie) or 9 (Stretch). We start from a minimal installation of Debian (available `here `__), **with openssh-server and curl** packages installed. +The followings shows you how to install and run PaSSHport on Debian 8 (Jessie), 9 (Stretch) or 10 (Buster). We start from a minimal installation of Debian (available `here `__), **with openssh-server and curl** packages installed. The easy, automated way ----------------------- -You can review the installation script `here `__. +You can review the installation script `here `__. You can run it directly from command line ( please ensure that curl is installed : ``apt install curl`` ): .. code-block:: none - root@debian9:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian-8-9.sh) + root@debian:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian.sh) Once finished, you can go to the `Getting Started `_ chapter. @@ -25,76 +25,65 @@ First of all, we’ll need to update your repositories : .. code-block:: none - root@debian9:~# apt update + root@debian:~# apt update We will install python3-pip, and other packages that we’ll need later for this tutorial (it will get ~+100MB from the archives, so be patient) : .. code-block:: none - root@debian9:~# apt install python3-pip git openssl + root@debian:~# apt install python3-pip git openssl virtualenv libpython3-dev -Let’s update pip : - -.. code-block:: none - - root@debian9:~# pip3 install -U pip - -Now, install virtual-env using pip : +Next we will need to add a system user called « passhport », and switch to it : .. code-block:: none - root@debian9:~# pip3 install virtualenv + root@debian:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport + root@debian:~# su - passhport + passhport@debian:~$ -Next we will need to add a system user called « passhport », and switch to it : +Let’s get passhport sources from github : .. code-block:: none - root@debian9:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport - root@debian9:~# su - passhport - passhport@debian9:~$ + passhport@debian:~$ git clone http://github.com/LibrIT/passhport.git + Clonage dans 'passhport'... + remote: Counting objects: 2713, done. + remote: Compressing objects: 100% (50/50), done. + remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661 + Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait. + Résolution des deltas: 100% (1633/1633), fait. + passhport@debian:~$ We now need to create a virtual-env for passhport user : .. code-block:: none - passhport@debian9:~$ virtualenv -p python3 passhport-run-env + passhport@debian:~$ virtualenv -p python3 passhport-run-env Now that we have our virtual-env, we install the python’s modules we’ll need for PaSSHport : .. code-block:: none - passhport@debian9:~$ /home/passhport/passhport-run-env/bin/pip install sqlalchemy-migrate flask-migrate requests docopt configparser tabulate flask-login ldap3 psutil + passhport@debian:~$ /home/passhport/passhport-run-env/bin/pip install -r /home/passhport/passhport/requirements.txt Now, let’s start the real thing… -Let’s get passhport sources from github : - -.. code-block:: none - - passhport@debian9:~$ git clone http://github.com/LibrIT/passhport.git - Clonage dans 'passhport'... - remote: Counting objects: 2713, done. - remote: Compressing objects: 100% (50/50), done. - remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661 - Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait. - Résolution des deltas: 100% (1633/1633), fait. - passhport@debian9:~$ PaSSHport will need to write some logs, so, as root, we’ll create a directory in « /var/log », and give the ownership to the « passhport » user: .. code-block:: none - root@debian9:~# mkdir -p /var/log/passhport/ - root@debian9:~# chown passhport:passhport /var/log/passhport/ + root@debian:~# mkdir -p /var/log/passhport/ + root@debian:~# chown passhport:passhport /var/log/passhport/ We’ll also create the config directory, and copy the differents config file : .. code-block:: none - root@debian9:~# mkdir /etc/passhport - root@debian9:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. - root@debian9:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. - root@debian9:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. + root@debian:~# mkdir /etc/passhport + root@debian:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. + root@debian:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. + root@debian:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. We’ll also need to make some modifications in those config file, if you run passhportd on a distant server. Here we’ll change the default listening address (localhost) to the real IP of our server. @@ -102,7 +91,7 @@ First, passhportd : .. code-block:: none - root@debian9:~# vim /etc/passhport/passhportd.ini + root@debian:~# vim /etc/passhport/passhportd.ini Change the « LISTENING_IP » parameter, to the IP address of your server : @@ -137,17 +126,17 @@ Change the following parameter in /etc/passhport/passhport.ini and /etc/passhpor ``PASSHPORTD_HOSTNAME = 192.168.122.56`` -We’ll need ssh publickey, so we generate an 4096 bits RSA key: +We’ll need ssh publickey, so we generate a 4096 bits RSA key (keys lengh can be longer): .. code-block:: none - root@debian9:~# su - passhport - passhport@debian9:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa" + root@debian:~# su - passhport + passhport@debian:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa" Generating public/private rsa key pair. Your identification has been saved in /home/passhport/.ssh/id_rsa. Your public key has been saved in /home/passhport/.ssh/id_rsa.pub. The key fingerprint is: - SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian9 + SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian The key's randomart image is: +---[RSA 4096]----+ | . .... | @@ -160,20 +149,20 @@ We’ll need ssh publickey, so we generate an 4096 bits RSA key: | =o. o . | |++B+. | +----[SHA256]-----+ - passhport@debian9:~$ + passhport@debian:~$ This will be the key that’ll be use by PaSSHport to connect to your hosts. You can also generate a ECDSA key if you wish : .. code-block:: none - passhport@debian9:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa" + passhport@debian:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa" Again as root, let’s make the directory that’ll contains the database (because we use SQLite for this tutorial) : .. code-block:: none - root@debian9:~# mkdir -p /var/lib/passhport - root@debian9:~# chown -R passhport:passhport /var/lib/passhport/ + root@debian:~# mkdir -p /var/lib/passhport + root@debian:~# chown -R passhport:passhport /var/lib/passhport/ … then we’ll have to change 3 paramaters in the passhportd config file (as root, edit «/etc/passhport/passhportd.ini») : @@ -187,22 +176,22 @@ Now we can create the database and check that it has correcly been created: .. code-block:: none - root@debian9:~# su - passhport - passhport@debian9:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py - passhport@debian9:~$ ls -la /var/lib/passhport/ + root@debian:~# su - passhport + passhport@debian:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py + passhport@debian:~$ ls -la /var/lib/passhport/ total 172 drwxr-xr-x 3 passhport passhport 4096 févr. 28 16:10 . drwxr-xr-x 25 root root 4096 févr. 28 15:37 .. -rw-r--r-- 1 passhport passhport 159744 févr. 28 16:10 app.db drwxr-xr-x 4 passhport passhport 4096 févr. 28 16:10 db_repository - passhport@debian9:~$ + passhport@debian:~$ We’ll now need to create the certificate to secure the API. First, create the directory in which will be key and the cert, and make the directory rwx for passport only : .. code-block:: none - passhport@debian9:~$ mkdir /home/passhport/certs - passhport@debian9:~$ chmod 700 /home/passhport/certs + passhport@debian:~$ mkdir /home/passhport/certs + passhport@debian:~$ chmod 700 /home/passhport/certs Create the RSA key : @@ -253,41 +242,41 @@ Once executed, you’ll have a cert file next to the key file : .. code-block:: none - passhport@debian9:~$ ls -la /home/passhport/certs/ + passhport@debian:~$ ls -la /home/passhport/certs/ total 16 drwx------ 2 passhport passhport 4096 févr. 28 18:00 . drwxr-xr-x 8 passhport passhport 4096 févr. 28 17:46 .. -rw-r--r-- 1 passhport passhport 2171 févr. 28 18:00 cert.pem -rw------- 1 passhport passhport 3243 févr. 28 16:11 key.pem - passhport@debian9:~$ + passhport@debian:~$ As root, create some symlink to the two main *binaries*, passhportd and passhport-admin, so you can access it without typing full path : .. code-block:: none - root@debian9:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd - root@debian9:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin + root@debian:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd + root@debian:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin We now create the systemd service, and enables *passhportd* on startup : .. code-block:: none - root@debian9:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service - root@debian9:~# systemctl daemon-reload - root@debian9:~# systemctl enable passhportd + root@debian:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service + root@debian:~# systemctl daemon-reload + root@debian:~# systemctl enable passhportd And now, we’re ready to go, just launch passhportd daemon : .. code-block:: none - root@debian9:~# systemctl start passhportd + root@debian:~# systemctl start passhportd You can check that passhportd is running, by curling the IP you previously configured in */etc/passhport/passhportd.ini*, on port 5000 : .. code-block:: none - root@debian9:~# curl -s --insecure https://192.168.122.56:5000 + root@debian:~# curl -s --insecure https://192.168.122.56:5000 passhportd is running, gratz! - root@debian9:~# + root@debian:~# Bravo ! You successfully installed PaSSHport. You may now go to the `Getting Started `_ chapter. diff --git a/passhportd/app/models_mod/targetgroup.py b/passhportd/app/models_mod/targetgroup.py index 2a34cd86..429af200 100644 --- a/passhportd/app/models_mod/targetgroup.py +++ b/passhportd/app/models_mod/targetgroup.py @@ -79,7 +79,7 @@ def simplejson(self): output = "{\n" output = output + "\"Name\": \"" + format(self.name) + "\",\n" - output = output + "\"Comment\": \"" + format(self.comment) + "\",\n" + output = output + "\"Comment\": \"" + format(self.comment) + "\"\n" output = output + "}" return output @@ -109,7 +109,7 @@ def prepare_delete(self): self.tgadmins.pop() return self - + # User management def is_members(self, user): @@ -288,7 +288,7 @@ def accessible_target_list(self, parsed_targetgroups = None, style="object"): style = "object"): if target not in targets: targets.append(target) - # Return target objects or names depending of the style + # Return target objects or names depending of the style if style == "names": targetnames = [] for target in targets: @@ -386,7 +386,7 @@ def addtargetgroup(self, targetgroup): """Add a targetgroup to the relaton table""" if not self.is_tgmembers(targetgroup) and not self == targetgroup: self.tgmembers.append(targetgroup) - else: + else: return False return self @@ -410,7 +410,7 @@ def memberof(self, obj): members.append(targetgroup) else: return "Error in object type" - + ret = "[" for m in members: ret = ret + m.name + "," @@ -456,11 +456,11 @@ def all_targetgroupname_list(self, parsed_targetgroups = None): return targetgroupnames def show_targets(self, indentation): - """Return a formated list of the targets that the targetgroup + """Return a formated list of the targets that the targetgroup provides """ listing = [] - + indent = "" for i in range(indentation): indent = indent + " " diff --git a/passhportd/app/models_mod/user.py b/passhportd/app/models_mod/user.py index 179e9c74..38e74818 100644 --- a/passhportd/app/models_mod/user.py +++ b/passhportd/app/models_mod/user.py @@ -66,7 +66,7 @@ def simplejson(self): format(self.show_sshkeyhash()) + "\",\n" output = output + "\"logfilesize\": \"" + \ format(self.show_logfilesize()) + "\",\n" - output = output + "\"comment\": \"" + format(self.comment) + "\",\n" + output = output + "\"comment\": \"" + format(self.comment) + "\"\n" output = output + "}" return output diff --git a/passhportd/app/models_mod/usergroup.py b/passhportd/app/models_mod/usergroup.py index 22a58c62..220a4f51 100644 --- a/passhportd/app/models_mod/usergroup.py +++ b/passhportd/app/models_mod/usergroup.py @@ -71,7 +71,7 @@ def simplejson(self): output = output + "\"Name\": \"" + format(self.name) + "\",\n" output = output + "\"Comment\": \"" + format(self.comment) + "\",\n" output = output + "\"Directsize\": \"" + format(str(directsize)) + "\",\n" - output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\",\n" + output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\"\n" output = output + "}" return output @@ -80,7 +80,7 @@ def simplejson(self): def show_name(self): """Return a string containing the usergroup's name""" return self.name - + def show_comment(self): """Return a string containing the usergroup's comment""" @@ -189,7 +189,7 @@ def all_username_list(self, parsed_usergroups = []): """ usernames = self.username_list() - # Recursive on groups: + # Recursive on groups: # we list all usernames but we never parse a group twice # to avoid cirular issues. for usergroup in self.gmembers: @@ -217,7 +217,7 @@ def memberof(self, obj): members.append(usergroup) else: return "Error in object type" - + ret = "[" for m in members: ret = ret + m.name + "," @@ -278,7 +278,7 @@ def all_usergroupname_list(self, parsed_usergroups = []): in the usergroup """ usergroupnames = self.usergroupname_list() # ["G1","G2"] - + # Recursive on usergroups: # we list all usergroups but we never parse a group twice # to avoid cirular issues. @@ -356,7 +356,7 @@ def accessible_target_list(self, checked_usergroups = [], mode="string"): checked_usergroups.append(usergroup) for target in usergroup.accessible_target_list(checked_usergroups): if target not in self.targets: - if mode == "string": + if mode == "string": accessible_targets.append(target.name) else: accessible_targets.append(target) @@ -377,7 +377,7 @@ def show_targets(self, indentation): """Return all targets the group gives access First the targets with this group attached Then targets from targetgroups with this group attached - Then targets from groups with this group attached + Then targets from groups with this group attached Finally We relaunch this on the groups with this groups attached """ listing = [] diff --git a/passhportd/passhportd.ini b/passhportd/passhportd.ini index a340ae1f..387c660b 100644 --- a/passhportd/passhportd.ini +++ b/passhportd/passhportd.ini @@ -42,5 +42,5 @@ PYTHON_PATH = /home/passhport/passhport-run-env/bin/python3 OPEN_ACCESS_PATH = /home/passhport/passhwall.sh [MISC] -# Maximum log file size in Mb +# Maximum log file size in MB MAXLOGSIZE = 5 diff --git a/tools/passhport-install-script-debian-8-9.sh b/tools/passhport-install-script-debian.sh similarity index 99% rename from tools/passhport-install-script-debian-8-9.sh rename to tools/passhport-install-script-debian.sh index 8774c62e..02bacdee 100644 --- a/tools/passhport-install-script-debian-8-9.sh +++ b/tools/passhport-install-script-debian.sh @@ -26,7 +26,8 @@ done echo 'Hi there ! Please read carefully the following (not long)'. echo 'This script will attempt to install PaSSHport on this system.' -echo 'This script works on Debian 8 (Jessy) and Debian 9 (Stretch).' +echo 'This script works on Debian 8 (Jessy), Debian 9 (Stretch),' +echo 'and Debian 10 (Buster).' echo "It may also work on Debian 7, but it hasn't been tested." echo '' echo 'What this script will do to your existing system:' @@ -119,6 +120,15 @@ cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. echo '##############################################################' +echo '# Editing PaSSHport conf files…' +echo '##############################################################' +sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini +sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini +echo '##############################################################' echo '# Generating PaSSHport RSA (4096b) and ecdsa (521b) keys…' echo '##############################################################' su - passhport -c '/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"' @@ -129,15 +139,6 @@ echo '##############################################################' mkdir -p /var/lib/passhport chown -R passhport:passhport /var/lib/passhport/ echo '##############################################################' -echo '# Editing PaSSHport conf files…' -echo '##############################################################' -sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini -sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini -echo '##############################################################' echo '# Creating database for PaSSHport (SQLite)…' echo '##############################################################' su - passhport -c "/home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py"