]>
Commit | Line | Data |
---|---|---|
22616013 | 1 | #!/bin/bash |
3c0ef626 | 2 | # |
cdd66111 | 3 | # ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. |
3c0ef626 | 4 | # |
5 | # This file is part of the Cygwin port of OpenSSH. | |
6 | ||
22616013 | 7 | # ====================================================================== |
8 | # Initialization | |
9 | # ====================================================================== | |
10 | PROGNAME=$(basename -- $0) | |
11 | _tdir=$(dirname -- $0) | |
12 | PROGDIR=$(cd $_tdir && pwd) | |
13 | ||
14 | CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh | |
15 | ||
16 | # Subdirectory where the new package is being installed | |
17 | PREFIX=/usr | |
18 | ||
cdd66111 | 19 | # Directory where the config files are stored |
20 | SYSCONFDIR=/etc | |
21 | ||
22616013 | 22 | source ${CSIH_SCRIPT} |
23 | ||
3c0ef626 | 24 | auto_passphrase="no" |
25 | passphrase="" | |
22616013 | 26 | pwdhome= |
27 | with_passphrase= | |
28 | ||
29 | # ====================================================================== | |
30 | # Routine: create_ssh1_identity | |
31 | # optionally create ~/.ssh/identity[.pub] | |
32 | # optionally add result to ~/.ssh/authorized_keys | |
33 | # ====================================================================== | |
34 | create_ssh1_identity() { | |
35 | if [ ! -f "${pwdhome}/.ssh/identity" ] | |
36 | then | |
37 | if csih_request "Shall I create an SSH1 RSA identity file for you?" | |
38 | then | |
39 | csih_inform "Generating ${pwdhome}/.ssh/identity" | |
40 | if [ "${with_passphrase}" = "yes" ] | |
41 | then | |
42 | ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null | |
43 | else | |
44 | ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null | |
45 | fi | |
46 | if csih_request "Do you want to use this identity to login to this machine?" | |
47 | then | |
48 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
49 | cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
50 | fi | |
51 | fi | |
52 | fi | |
53 | } # === End of create_ssh1_identity() === # | |
54 | readonly -f create_ssh1_identity | |
55 | ||
56 | # ====================================================================== | |
57 | # Routine: create_ssh2_rsa_identity | |
58 | # optionally create ~/.ssh/id_rsa[.pub] | |
59 | # optionally add result to ~/.ssh/authorized_keys | |
60 | # ====================================================================== | |
61 | create_ssh2_rsa_identity() { | |
62 | if [ ! -f "${pwdhome}/.ssh/id_rsa" ] | |
63 | then | |
64 | if csih_request "Shall I create an SSH2 RSA identity file for you?" | |
65 | then | |
66 | csih_inform "Generating ${pwdhome}/.ssh/id_rsa" | |
67 | if [ "${with_passphrase}" = "yes" ] | |
68 | then | |
69 | ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
70 | else | |
71 | ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
72 | fi | |
73 | if csih_request "Do you want to use this identity to login to this machine?" | |
74 | then | |
75 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
76 | cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
77 | fi | |
78 | fi | |
79 | fi | |
80 | } # === End of create_ssh2_rsa_identity() === # | |
81 | readonly -f create_ssh2_rsa_identity | |
82 | ||
83 | # ====================================================================== | |
84 | # Routine: create_ssh2_dsa_identity | |
85 | # optionally create ~/.ssh/id_dsa[.pub] | |
86 | # optionally add result to ~/.ssh/authorized_keys | |
87 | # ====================================================================== | |
88 | create_ssh2_dsa_identity() { | |
89 | if [ ! -f "${pwdhome}/.ssh/id_dsa" ] | |
90 | then | |
91 | if csih_request "Shall I create an SSH2 DSA identity file for you?" | |
92 | then | |
93 | csih_inform "Generating ${pwdhome}/.ssh/id_dsa" | |
94 | if [ "${with_passphrase}" = "yes" ] | |
95 | then | |
96 | ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
97 | else | |
98 | ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
99 | fi | |
100 | if csih_request "Do you want to use this identity to login to this machine?" | |
101 | then | |
102 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
103 | cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
104 | fi | |
105 | fi | |
106 | fi | |
107 | } # === End of create_ssh2_dsa_identity() === # | |
108 | readonly -f create_ssh2_dsa_identity | |
109 | ||
110 | # ====================================================================== | |
111 | # Routine: check_user_homedir | |
112 | # Perform various checks on the user's home directory | |
113 | # SETS GLOBAL VARIABLE: | |
114 | # pwdhome | |
115 | # ====================================================================== | |
116 | check_user_homedir() { | |
117 | local uid=$(id -u) | |
118 | pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) | |
119 | if [ "X${pwdhome}" = "X" ] | |
120 | then | |
121 | csih_error_multiline \ | |
122 | "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ | |
123 | 'Setting $HOME is not sufficient!' | |
124 | fi | |
125 | ||
126 | if [ ! -d "${pwdhome}" ] | |
127 | then | |
128 | csih_error_multiline \ | |
129 | "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ | |
130 | 'but it is not a valid directory. Cannot create user identity files.' | |
131 | fi | |
132 | ||
133 | # If home is the root dir, set home to empty string to avoid error messages | |
134 | # in subsequent parts of that script. | |
135 | if [ "X${pwdhome}" = "X/" ] | |
136 | then | |
137 | # But first raise a warning! | |
138 | csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" | |
139 | if csih_request "Would you like to proceed anyway?" | |
140 | then | |
141 | pwdhome='' | |
142 | else | |
143 | csih_warning "Exiting. Configuration is not complete" | |
144 | exit 1 | |
145 | fi | |
146 | fi | |
147 | ||
148 | if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] | |
149 | then | |
150 | echo | |
151 | csih_warning 'group and other have been revoked write permission to your home' | |
152 | csih_warning "directory ${pwdhome}." | |
153 | csih_warning 'This is required by OpenSSH to allow public key authentication using' | |
154 | csih_warning 'the key files stored in your .ssh subdirectory.' | |
155 | csih_warning 'Revert this change ONLY if you know what you are doing!' | |
156 | echo | |
157 | fi | |
158 | } # === End of check_user_homedir() === # | |
159 | readonly -f check_user_homedir | |
3c0ef626 | 160 | |
22616013 | 161 | # ====================================================================== |
162 | # Routine: check_user_dot_ssh_dir | |
163 | # Perform various checks on the ~/.ssh directory | |
164 | # PREREQUISITE: | |
165 | # pwdhome -- check_user_homedir() | |
166 | # ====================================================================== | |
167 | check_user_dot_ssh_dir() { | |
168 | if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] | |
3c0ef626 | 169 | then |
22616013 | 170 | csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." |
171 | fi | |
172 | ||
173 | if [ ! -e "${pwdhome}/.ssh" ] | |
3c0ef626 | 174 | then |
22616013 | 175 | mkdir "${pwdhome}/.ssh" |
176 | if [ ! -e "${pwdhome}/.ssh" ] | |
177 | then | |
178 | csih_error "Creating users ${pwdhome}/.ssh directory failed" | |
179 | fi | |
3c0ef626 | 180 | fi |
22616013 | 181 | } # === End of check_user_dot_ssh_dir() === # |
182 | readonly -f check_user_dot_ssh_dir | |
3c0ef626 | 183 | |
22616013 | 184 | # ====================================================================== |
185 | # Routine: fix_authorized_keys_perms | |
186 | # Corrects the permissions of ~/.ssh/authorized_keys | |
187 | # PREREQUISITE: | |
188 | # pwdhome -- check_user_homedir() | |
189 | # ====================================================================== | |
190 | fix_authorized_keys_perms() { | |
191 | if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] | |
3c0ef626 | 192 | then |
22616013 | 193 | if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" |
194 | then | |
195 | csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" | |
196 | csih_warning "failed. Please care for the correct permissions. The minimum requirement" | |
197 | csih_warning "is, the owner needs read permissions." | |
198 | echo | |
199 | fi | |
3c0ef626 | 200 | fi |
22616013 | 201 | } # === End of fix_authorized_keys_perms() === # |
202 | readonly -f fix_authorized_keys_perms | |
203 | ||
204 | ||
205 | # ====================================================================== | |
206 | # Main Entry Point | |
207 | # ====================================================================== | |
3c0ef626 | 208 | |
22616013 | 209 | # Check how the script has been started. If |
210 | # (1) it has been started by giving the full path and | |
211 | # that path is /etc/postinstall, OR | |
212 | # (2) Otherwise, if the environment variable | |
213 | # SSH_USER_CONFIG_AUTO_ANSWER_NO is set | |
214 | # then set auto_answer to "no". This allows automatic | |
215 | # creation of the config files in /etc w/o overwriting | |
216 | # them if they already exist. In both cases, color | |
217 | # escape sequences are suppressed, so as to prevent | |
218 | # cluttering setup's logfiles. | |
219 | if [ "$PROGDIR" = "/etc/postinstall" ] | |
cdd66111 | 220 | then |
22616013 | 221 | csih_auto_answer="no" |
222 | csih_disable_color | |
223 | fi | |
224 | if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] | |
225 | then | |
226 | csih_auto_answer="no" | |
227 | csih_disable_color | |
cdd66111 | 228 | fi |
229 | ||
22616013 | 230 | # ====================================================================== |
231 | # Parse options | |
232 | # ====================================================================== | |
3c0ef626 | 233 | while : |
234 | do | |
235 | case $# in | |
236 | 0) | |
237 | break | |
238 | ;; | |
239 | esac | |
240 | ||
241 | option=$1 | |
242 | shift | |
243 | ||
244 | case "$option" in | |
245 | -d | --debug ) | |
246 | set -x | |
22616013 | 247 | csih_trace_on |
3c0ef626 | 248 | ;; |
249 | ||
250 | -y | --yes ) | |
22616013 | 251 | csih_auto_answer=yes |
3c0ef626 | 252 | ;; |
253 | ||
254 | -n | --no ) | |
22616013 | 255 | csih_auto_answer=no |
3c0ef626 | 256 | ;; |
257 | ||
258 | -p | --passphrase ) | |
259 | with_passphrase="yes" | |
260 | passphrase=$1 | |
261 | shift | |
262 | ;; | |
263 | ||
22616013 | 264 | --privileged ) |
265 | csih_FORCE_PRIVILEGED_USER=yes | |
266 | ;; | |
267 | ||
3c0ef626 | 268 | *) |
22616013 | 269 | echo "usage: ${PROGNAME} [OPTION]..." |
3c0ef626 | 270 | echo |
271 | echo "This script creates an OpenSSH user configuration." | |
272 | echo | |
273 | echo "Options:" | |
274 | echo " --debug -d Enable shell's debug output." | |
275 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
276 | echo " --no -n Answer all questions with \"no\" automatically." | |
277 | echo " --passphrase -p word Use \"word\" as passphrase automatically." | |
22616013 | 278 | echo " --privileged On Windows NT/2k/XP, assume privileged user" |
279 | echo " instead of LocalSystem for sshd service." | |
3c0ef626 | 280 | echo |
281 | exit 1 | |
282 | ;; | |
283 | ||
284 | esac | |
285 | done | |
286 | ||
22616013 | 287 | # ====================================================================== |
288 | # Action! | |
289 | # ====================================================================== | |
3c0ef626 | 290 | |
22616013 | 291 | # Check passwd file |
cdd66111 | 292 | if [ ! -f ${SYSCONFDIR}/passwd ] |
3c0ef626 | 293 | then |
22616013 | 294 | csih_error_multiline \ |
295 | "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ | |
296 | 'first using mkpasswd. Check if it contains an entry for you and' \ | |
297 | 'please care for the home directory in your entry as well.' | |
3c0ef626 | 298 | fi |
299 | ||
22616013 | 300 | check_user_homedir |
301 | check_user_dot_ssh_dir | |
302 | create_ssh1_identity | |
303 | create_ssh2_rsa_identity | |
304 | create_ssh2_dsa_identity | |
305 | fix_authorized_keys_perms | |
3c0ef626 | 306 | |
22616013 | 307 | echo |
308 | csih_inform "Configuration finished. Have fun!" | |
3c0ef626 | 309 | |
cdd66111 | 310 |