Merge branch 'er888kh:main' into main

README.md

@@ -15,20 +15,38 @@ Then copy `env-sample` as `.env` and change its variables according to your
 own needs. For example you may need to change `TEMPLATE_PATH` if you want to
 use your own template file instead of the one at `generator/template.json`.
 
+Initialize the required directories:
+```bash
+# Run the following commands as Root
+mkdir -p /tmp/etc/ssh/
+mkdir -p /etc/ssh-liberty-bridge/
+```
+
 Then generate host keys for your `ssh-server`. Please put these keys in a safe
 place and never share the ones that don't end in `.pub` (your public keys) with others.
 
 ```bash
 # Run the following commands as Root
-mkdir -p /tmp/etc/ssh/
-mkdir -p /etc/ssh-liberty-bridge/
 ssh-keygen -A -f /tmp  # Creates the required keys in /tmp/etc/ssh
+
+# Remove unneeded key pairs
 rm /tmp/etc/ssh/ssh_host_dsa_key*
 rm /tmp/etc/ssh/ssh_host_rsa_key*
+
+# Copy the keys to the installation directory
 cp /tmp/etc/ssh/* /etc/ssh-liberty-bridge/
-shred /tmp/etc/ssh/*  # Overwrite the files to really make sure nothing gets left behind
+
+# Delete the temporary key files and make sure they are not recoverable
+shred /tmp/etc/ssh/*
 rm /tmp/etc/ssh/*
-# Make sure to restrict access to /etc/ssh-server/ contents afterwards
+```
+
+And change file ownership and permissions so only your user could read the created files.
+```bash
+# Run these commands from your user but use sudo.
+# Or run as root without sudo and write your username instead of `$USER`
+sudo chown -R $USER:$USER /etc/ssh-liberty-bridge/
+sudo chmod 0600 /etc/ssh-liberty-bridge/*
 ```
 
 After this, you have to install `redis` on your server. After doing so, it is of *utmost importance*
@@ -84,7 +102,7 @@ python3 main.py --help
 
 Note that almost any variable specified by `.env` file can be overridden using the cli interface
 of the generator or normal environmental variables. Also if the `.env` file is not in its usual
-location, you may provide it to your code using the `--env` flag.
+location, you may provide it to your code using the `--env` flag. You may also have to run the commands as root to access your user config path. In this case you also have to install python requirements from the first step as root.
 
 For example, to add 5 new users, do the following:
 

env-sample

@@ -1,5 +1,7 @@
 # It is vital to use a strong password for redis
 # We use database index 0 (the default one). You may change this in production
+# URL format:
+# REDIS_URL="redis://<USERNAME>:<PASSWORD>@<HOSTNAME>:<PORT>/<DATABASE_INDEX>"
 REDIS_URL="redis://default:password1234@localhost:6379/0"
 
 # The address on which the ssh server listens
@@ -9,6 +11,7 @@ LISTEN_ADDR=":2222"
 CONFIG_PATH="/var/ssh-users/"
 
 # The URL using which the users can download their configuration
+# You need to manually host the configuration files in on this URL
 HOST_ADDR="http://localhost:8083/{uuid}.json"
 
 # The server address users connect to
@@ -17,7 +20,7 @@ SERVER_PORT=2222
 
 # The key path of the server
 # Must have trailing slash
-HOST_KEY_PATH="/etc/ssh-server/"
+HOST_KEY_PATH="/etc/ssh-liberty-bridge/"
 
 # User configuration template file.
 # The following variables will be substituted:

generator/generate.py

@@ -128,7 +128,7 @@ def remove_client(path: pathlib.Path, client_uuid: str) -> None:
         raise RuntimeError("Cannot find the specified client")
 
     redis_client.srem(USERS_SET, client_string)
-    redis_client.srem(USERS_USAGE, client_uuid)
+    redis_client.hdel(USERS_USAGE, client_uuid)
     redis_client.save()
     try:
         os.remove(path / (client_uuid + ".json"))