[gssapi-openssh.git] / openssh / contrib / cygwin / ssh-host-config

#!/bin/sh
#
# ssh-host-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

# Subdirectory where the new package is being installed
PREFIX=/usr

# Directory where the config files are stored
SYSCONFDIR=/etc

# Subdirectory where an old package might be installed
OLDPREFIX=/usr/local
OLDSYSCONFDIR=${OLDPREFIX}/etc

progname=$0
auto_answer=""
port_number=22

request()
{
  if [ "${auto_answer}" = "yes" ]
  then
    return 0
  elif [ "${auto_answer}" = "no" ]
  then
    return 1
  fi

  answer=""
  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
  do
    echo -n "$1 (yes/no) "
    read answer
  done
  if [ "X${answer}" = "Xyes" ]
  then
    return 0
  else
    return 1
  fi
}

# Check options

while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    ;;

  -y | --yes )
    auto_answer=yes
    ;;

  -n | --no )
    auto_answer=no
    ;;

  -p | --port )
    port_number=$1
    shift
    ;;

  *)
    echo "usage: ${progname} [OPTION]..."
    echo
    echo "This script creates an OpenSSH host configuration."
    echo
    echo "Options:"
    echo "    --debug  -d     Enable shell's debug output."
    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
    echo "    --no     -n     Answer all questions with \"no\" automatically."
    echo "    --port   -p <n> sshd listens on port n."
    echo
    exit 1
    ;;

  esac
done

# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running

if ps -ef | grep -v grep | grep -q ssh
then
  echo
  echo "There are still ssh processes running. Please shut them down first."
  echo
  #exit 1
fi

# Check for ${SYSCONFDIR} directory

if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
then
  echo
  echo "${SYSCONFDIR} is existant but not a directory."
  echo "Cannot create global configuration files."
  echo
  exit 1
fi

# Create it if necessary

if [ ! -e "${SYSCONFDIR}" ]
then
  mkdir "${SYSCONFDIR}"
  if [ ! -e "${SYSCONFDIR}" ]
  then
    echo
    echo "Creating ${SYSCONFDIR} directory failed"
    echo
    exit 1
  fi
fi

# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}

old_install=0
if [ "${OLDPREFIX}" != "${PREFIX}" ]
then
  if [ -f "${OLDPREFIX}/sbin/sshd" ]
  then
    echo
    echo "You seem to have an older installation in ${OLDPREFIX}."
    echo
    # Check if old global configuration files exist
    if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
    then
      if request "Do you want to copy your config files to your new installation?"
      then
        cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
      fi
    fi
    if request "Do you want to erase your old installation?"
    then
      rm -f ${OLDPREFIX}/bin/ssh.exe
      rm -f ${OLDPREFIX}/bin/ssh-config
      rm -f ${OLDPREFIX}/bin/scp.exe
      rm -f ${OLDPREFIX}/bin/ssh-add.exe
      rm -f ${OLDPREFIX}/bin/ssh-agent.exe
      rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
      rm -f ${OLDPREFIX}/bin/slogin
      rm -f ${OLDSYSCONFDIR}/ssh_host_key
      rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
      rm -f ${OLDSYSCONFDIR}/ssh_config
      rm -f ${OLDSYSCONFDIR}/sshd_config
      rm -f ${OLDPREFIX}/man/man1/ssh.1
      rm -f ${OLDPREFIX}/man/man1/scp.1
      rm -f ${OLDPREFIX}/man/man1/ssh-add.1
      rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
      rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
      rm -f ${OLDPREFIX}/man/man1/slogin.1
      rm -f ${OLDPREFIX}/man/man8/sshd.8
      rm -f ${OLDPREFIX}/sbin/sshd.exe
      rm -f ${OLDPREFIX}/sbin/sftp-server.exe
    fi
    old_install=1
  fi
fi

# First generate host keys if not already existing

if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_key"
  ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi

if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
  ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi

if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
  ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi

# Check if ssh_config exists. If yes, ask for overwriting

if [ -f "${SYSCONFDIR}/ssh_config" ]
then
  if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
  then
    rm -f "${SYSCONFDIR}/ssh_config"
    if [ -f "${SYSCONFDIR}/ssh_config" ]
    then
      echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
    fi
  fi
fi

# Create default ssh_config from here script

if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_config file"
  cat > ${SYSCONFDIR}/ssh_config << EOF
# This is ssh client systemwide configuration file.  This file provides 
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking yes
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_rsa
#   Port 22
#   Protocol 2,1
#   Cipher blowfish
#   EscapeChar ~
EOF
  if [ "$port_number" != "22" ]
  then
    echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
    echo "    Port $port_number" >> ${SYSCONFDIR}/ssh_config
  fi
fi

# Check if sshd_config exists. If yes, ask for overwriting

if [ -f "${SYSCONFDIR}/sshd_config" ]
then
  if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
  then
    rm -f "${SYSCONFDIR}/sshd_config"
    if [ -f "${SYSCONFDIR}/sshd_config" ]
    then
      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
    fi
  fi
fi

# Create default sshd_config from here script

if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
  echo "Generating ${SYSCONFDIR}/sshd_config file"
  cat > ${SYSCONFDIR}/sshd_config << EOF
# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port $port_number
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server ke
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600
PermitRootLogin yes
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
# NT/W2K, NTFS and CYGWIN=ntsec.
StrictModes no

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem      sftp    /usr/sbin/sftp-server
EOF
fi

# Care for services file
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
  _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
else
  _wservices="${WINDIR}\\SERVICES"
  _wserv_tmp="${WINDIR}\\SERV.$$"
fi
_services=`cygpath -u "${_wservices}"`
_serv_tmp=`cygpath -u "${_wserv_tmp}"`

mount -t -f "${_wservices}" "${_services}"
mount -t -f "${_wserv_tmp}" "${_serv_tmp}"

# Remove sshd 22/port from services
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
then
  grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
  if [ -f "${_serv_tmp}" ]
  then 
    if mv "${_serv_tmp}" "${_services}"
    then
      echo "Removing sshd from ${_services}"
    else
      echo "Removing sshd from ${_services} failed\!"
    fi 
    rm -f "${_serv_tmp}"
  else
    echo "Removing sshd from ${_services} failed\!"
  fi
fi

# Add ssh 22/tcp  and ssh 22/udp to services
if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
  awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp                           #SSH Remote Login Protocol\nssh                22/udp                           #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
  if [ -f "${_serv_tmp}" ]
  then
    if mv "${_serv_tmp}" "${_services}"
    then
      echo "Added ssh to ${_services}"
    else
      echo "Adding ssh to ${_services} failed\!"
    fi
    rm -f "${_serv_tmp}"
  else
    echo "Adding ssh to ${_services} failed\!"
  fi
fi

umount "${_services}"
umount "${_serv_tmp}"

# Care for inetd.conf file
_inetcnf="/etc/inetd.conf"
_inetcnf_tmp="/etc/inetd.conf.$$"

if [ -f "${_inetcnf}" ]
then
  # Check if ssh service is already in use as sshd
  with_comment=1
  grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
  # Remove sshd line from inetd.conf
  if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
  then
    grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
    if [ -f "${_inetcnf_tmp}" ]
    then
      if mv "${_inetcnf_tmp}" "${_inetcnf}"
      then
        echo "Removed sshd from ${_inetcnf}"
      else
        echo "Removing sshd from ${_inetcnf} failed\!"
      fi
      rm -f "${_inetcnf_tmp}"
    else
      echo "Removing sshd from ${_inetcnf} failed\!"
    fi
  fi

  # Add ssh line to inetd.conf
  if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
  then
    if [ "${with_comment}" -eq 0 ]
    then
      echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
    else
      echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
    fi
    echo "Added ssh to ${_inetcnf}"
  fi
fi

# Create /var/log and /var/log/lastlog if not already existing

if [ -f /var/log ]
then
  echo "Creating /var/log failed\!"
else
  if [ ! -d /var/log ]
  then
    mkdir /var/log
  fi
  if [ -d /var/log/lastlog ]
  then
    echo "Creating /var/log/lastlog failed\!"
  elif [ ! -f /var/log/lastlog ]
  then
    cat /dev/null > /var/log/lastlog
  fi
fi

# On NT ask if sshd should be installed as service
if [ $_nt -gt 0 ]
then
  echo
  echo "Do you want to install sshd as service?"
  if request "(Say \"no\" if it's already installed as service)"
  then
    echo
    echo "Which value should the environment variable CYGWIN have when"
    echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
    echo "able to change user context without password."
    echo -n "Default is \"binmode ntsec tty\".  CYGWIN="
    read _cygwin
    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
    then
      chown system /etc/ssh*
      echo
      echo "The service has been installed under LocalSystem account."
    fi
  fi
fi

if [ "${old_install}" = "1" ]
then
  echo
  echo "Note: If you have used sshd as service or from inetd, don't forget to"
  echo "      change the path to sshd.exe in the service entry or in inetd.conf."
fi

echo
echo "Host configuration finished. Have fun!"
Commit	Line	Data
3c0ef626	1	#!/bin/sh
	2	#
	3	# ssh-host-config, Copyright 2000, Red Hat Inc.
	4	#
	5	# This file is part of the Cygwin port of OpenSSH.
	6
	7	# Subdirectory where the new package is being installed
	8	PREFIX=/usr
	9
	10	# Directory where the config files are stored
	11	SYSCONFDIR=/etc
	12
	13	# Subdirectory where an old package might be installed
	14	OLDPREFIX=/usr/local
	15	OLDSYSCONFDIR=${OLDPREFIX}/etc
	16
	17	progname=$0
	18	auto_answer=""
	19	port_number=22
	20
	21	request()
	22	{
	23	if [ "${auto_answer}" = "yes" ]
	24	then
	25	return 0
	26	elif [ "${auto_answer}" = "no" ]
	27	then
	28	return 1
	29	fi
	30
	31	answer=""
	32	while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
	33	do
	34	echo -n "$1 (yes/no) "
	35	read answer
	36	done
	37	if [ "X${answer}" = "Xyes" ]
	38	then
	39	return 0
	40	else
	41	return 1
	42	fi
	43	}
	44
	45	# Check options
	46
	47	while :
	48	do
	49	case $# in
	50	0)
	51	break
	52	;;
	53	esac
	54
	55	option=$1
	56	shift
	57
	58	case "$option" in
	59	-d \| --debug )
	60	set -x
	61	;;
	62
	63	-y \| --yes )
	64	auto_answer=yes
65	;;
66
67	-n \| --no )
68	auto_answer=no
69	;;
70
71	-p \| --port )
72	port_number=$1
73	shift
74	;;
75
76	*)
77	echo "usage: ${progname} [OPTION]..."
78	echo
79	echo "This script creates an OpenSSH host configuration."
80	echo
81	echo "Options:"
82	echo " --debug -d Enable shell's debug output."
83	echo " --yes -y Answer all questions with \"yes\" automatically."
84	echo " --no -n Answer all questions with \"no\" automatically."
85	echo " --port -p <n> sshd listens on port n."
86	echo
87	exit 1
88	;;
89
90	esac
91	done
92
93	# Check for running ssh/sshd processes first. Refuse to do anything while
94	# some ssh processes are still running
95
96	if ps -ef \| grep -v grep \| grep -q ssh
97	then
98	echo
99	echo "There are still ssh processes running. Please shut them down first."
100	echo
101	#exit 1
102	fi
103
104	# Check for ${SYSCONFDIR} directory
105
106	if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
107	then
108	echo
109	echo "${SYSCONFDIR} is existant but not a directory."
110	echo "Cannot create global configuration files."
111	echo
112	exit 1
113	fi
114
115	# Create it if necessary
116
117	if [ ! -e "${SYSCONFDIR}" ]
118	then
119	mkdir "${SYSCONFDIR}"
120	if [ ! -e "${SYSCONFDIR}" ]
121	then
122	echo
123	echo "Creating ${SYSCONFDIR} directory failed"
124	echo
125	exit 1
126	fi
127	fi
128
129	# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
130	# the same as ${PREFIX}
131
132	old_install=0
133	if [ "${OLDPREFIX}" != "${PREFIX}" ]
134	then
135	if [ -f "${OLDPREFIX}/sbin/sshd" ]
136	then
137	echo
138	echo "You seem to have an older installation in ${OLDPREFIX}."
139	echo
140	# Check if old global configuration files exist
141	if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
142	then
143	if request "Do you want to copy your config files to your new installation?"
144	then
145	cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
146	cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
147	cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
148	cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
149	cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
150	cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
151	fi
152	fi
153	if request "Do you want to erase your old installation?"
154	then
155	rm -f ${OLDPREFIX}/bin/ssh.exe
156	rm -f ${OLDPREFIX}/bin/ssh-config
157	rm -f ${OLDPREFIX}/bin/scp.exe
158	rm -f ${OLDPREFIX}/bin/ssh-add.exe
159	rm -f ${OLDPREFIX}/bin/ssh-agent.exe
160	rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
161	rm -f ${OLDPREFIX}/bin/slogin
162	rm -f ${OLDSYSCONFDIR}/ssh_host_key
163	rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
164	rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
165	rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
166	rm -f ${OLDSYSCONFDIR}/ssh_config
167	rm -f ${OLDSYSCONFDIR}/sshd_config
168	rm -f ${OLDPREFIX}/man/man1/ssh.1
169	rm -f ${OLDPREFIX}/man/man1/scp.1
170	rm -f ${OLDPREFIX}/man/man1/ssh-add.1
171	rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
172	rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
173	rm -f ${OLDPREFIX}/man/man1/slogin.1
174	rm -f ${OLDPREFIX}/man/man8/sshd.8
175	rm -f ${OLDPREFIX}/sbin/sshd.exe
176	rm -f ${OLDPREFIX}/sbin/sftp-server.exe
177	fi
178	old_install=1
179	fi
180	fi
181
182	# First generate host keys if not already existing
183
184	if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
185	then
186	echo "Generating ${SYSCONFDIR}/ssh_host_key"
187	ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
188	fi
189
190	if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
191	then
192	echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
193	ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
194	fi
195
196	if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
197	then
198	echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
199	ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
200	fi
201
202	# Check if ssh_config exists. If yes, ask for overwriting
203
204	if [ -f "${SYSCONFDIR}/ssh_config" ]
205	then
206	if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
207	then
208	rm -f "${SYSCONFDIR}/ssh_config"
209	if [ -f "${SYSCONFDIR}/ssh_config" ]
210	then
211	echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
212	fi
213	fi
214	fi
215
216	# Create default ssh_config from here script
217
218	if [ ! -f "${SYSCONFDIR}/ssh_config" ]
219	then
220	echo "Generating ${SYSCONFDIR}/ssh_config file"
221	cat > ${SYSCONFDIR}/ssh_config << EOF
222	# This is ssh client systemwide configuration file. This file provides
223	# defaults for users, and the values can be changed in per-user configuration
224	# files or on the command line.
225
226	# Configuration data is parsed as follows:
227	# 1. command line options
228	# 2. user-specific file
229	# 3. system-wide file
230	# Any configuration value is only changed the first time it is set.
231	# Thus, host-specific definitions should be at the beginning of the
232	# configuration file, and defaults at the end.
233
234	# Site-wide defaults for various options
235
236	# Host *
237	# ForwardAgent no
238	# ForwardX11 no
239	# RhostsAuthentication no
240	# RhostsRSAAuthentication yes
241	# RSAAuthentication yes
242	# PasswordAuthentication yes
243	# FallBackToRsh no
244	# UseRsh no
245	# BatchMode no
246	# CheckHostIP yes
247	# StrictHostKeyChecking yes
248	# IdentityFile ~/.ssh/identity
249	# IdentityFile ~/.ssh/id_dsa
250	# IdentityFile ~/.ssh/id_rsa
251	# Port 22
252	# Protocol 2,1
253	# Cipher blowfish
254	# EscapeChar ~
255	EOF
256	if [ "$port_number" != "22" ]
257	then
258	echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
259	echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
260	fi
261	fi
262
263	# Check if sshd_config exists. If yes, ask for overwriting
264
265	if [ -f "${SYSCONFDIR}/sshd_config" ]
266	then
267	if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
268	then
269	rm -f "${SYSCONFDIR}/sshd_config"
270	if [ -f "${SYSCONFDIR}/sshd_config" ]
271	then
272	echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
273	fi
274	fi
275	fi
276
277	# Create default sshd_config from here script
278
279	if [ ! -f "${SYSCONFDIR}/sshd_config" ]
280	then
281	echo "Generating ${SYSCONFDIR}/sshd_config file"
282	cat > ${SYSCONFDIR}/sshd_config << EOF
283	# This is the sshd server system-wide configuration file. See sshd(8)
284	# for more information.
285
286	Port $port_number
287	#Protocol 2,1
288	#ListenAddress 0.0.0.0
289	#ListenAddress ::
290
291	# HostKey for protocol version 1
292	HostKey /etc/ssh_host_key
293	# HostKeys for protocol version 2
294	HostKey /etc/ssh_host_rsa_key
295	HostKey /etc/ssh_host_dsa_key
296
297	# Lifetime and size of ephemeral version 1 server ke
298	KeyRegenerationInterval 3600
299	ServerKeyBits 768
300
301	# Logging
302	SyslogFacility AUTH
303	LogLevel INFO
304	#obsoletes QuietMode and FascistLogging
305
306	# Authentication:
307
308	LoginGraceTime 600
309	PermitRootLogin yes
310	# The following setting overrides permission checks on host key files
311	# and directories. For security reasons set this to "yes" when running
312	# NT/W2K, NTFS and CYGWIN=ntsec.
313	StrictModes no
314
315	RSAAuthentication yes
316	PubkeyAuthentication yes
317	#AuthorizedKeysFile %h/.ssh/authorized_keys
318
319	# rhosts authentication should not be used
320	RhostsAuthentication no
321	# Don't read ~/.rhosts and ~/.shosts files
322	IgnoreRhosts yes
323	# For this to work you will also need host keys in /etc/ssh_known_hosts
324	RhostsRSAAuthentication no
325	# similar for protocol version 2
326	HostbasedAuthentication no
327	# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
328	#IgnoreUserKnownHosts yes
329
330	# To disable tunneled clear text passwords, change to no here!
331	PasswordAuthentication yes
332	PermitEmptyPasswords no
333
334	X11Forwarding no
335	X11DisplayOffset 10
336	PrintMotd yes
337	#PrintLastLog no
338	KeepAlive yes
339	#UseLogin no
340
341	#MaxStartups 10:30:60
342	#Banner /etc/issue.net
343	#ReverseMappingCheck yes
344
345	Subsystem sftp /usr/sbin/sftp-server
346	EOF
347	fi
348
349	# Care for services file
350	_sys="`uname -a`"
351	_nt=`expr "$_sys" : "CYGWIN_NT"`
352	if [ $_nt -gt 0 ]
353	then
354	_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
355	_wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
356	else
357	_wservices="${WINDIR}\\SERVICES"
358	_wserv_tmp="${WINDIR}\\SERV.$$"
359	fi
360	_services=`cygpath -u "${_wservices}"`
361	_serv_tmp=`cygpath -u "${_wserv_tmp}"`
362
363	mount -t -f "${_wservices}" "${_services}"
364	mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
365
366	# Remove sshd 22/port from services
367	if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
368	then
369	grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
370	if [ -f "${_serv_tmp}" ]
371	then
372	if mv "${_serv_tmp}" "${_services}"
373	then
374	echo "Removing sshd from ${_services}"
375	else
376	echo "Removing sshd from ${_services} failed\!"
377	fi
378	rm -f "${_serv_tmp}"
379	else
380	echo "Removing sshd from ${_services} failed\!"
381	fi
382	fi
383
384	# Add ssh 22/tcp and ssh 22/udp to services
385	if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
386	then
387	awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
388	if [ -f "${_serv_tmp}" ]
389	then
390	if mv "${_serv_tmp}" "${_services}"
391	then
392	echo "Added ssh to ${_services}"
393	else
394	echo "Adding ssh to ${_services} failed\!"
395	fi
396	rm -f "${_serv_tmp}"
397	else
398	echo "Adding ssh to ${_services} failed\!"
399	fi
400	fi
401
402	umount "${_services}"
403	umount "${_serv_tmp}"
404
405	# Care for inetd.conf file
406	_inetcnf="/etc/inetd.conf"
407	_inetcnf_tmp="/etc/inetd.conf.$$"
408
409	if [ -f "${_inetcnf}" ]
410	then
411	# Check if ssh service is already in use as sshd
412	with_comment=1
413	grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
414	# Remove sshd line from inetd.conf
415	if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
416	then
417	grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
418	if [ -f "${_inetcnf_tmp}" ]
419	then
420	if mv "${_inetcnf_tmp}" "${_inetcnf}"
421	then
422	echo "Removed sshd from ${_inetcnf}"
423	else
424	echo "Removing sshd from ${_inetcnf} failed\!"
425	fi
426	rm -f "${_inetcnf_tmp}"
427	else
428	echo "Removing sshd from ${_inetcnf} failed\!"
429	fi
430	fi
431
432	# Add ssh line to inetd.conf
433	if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
434	then
435	if [ "${with_comment}" -eq 0 ]
436	then
700318f3	437	echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
3c0ef626	438	else
700318f3	439	echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
3c0ef626	440	fi
	441	echo "Added ssh to ${_inetcnf}"
	442	fi
	443	fi
	444
	445	# Create /var/log and /var/log/lastlog if not already existing
	446
	447	if [ -f /var/log ]
	448	then
	449	echo "Creating /var/log failed\!"
	450	else
	451	if [ ! -d /var/log ]
	452	then
	453	mkdir /var/log
	454	fi
	455	if [ -d /var/log/lastlog ]
	456	then
	457	echo "Creating /var/log/lastlog failed\!"
	458	elif [ ! -f /var/log/lastlog ]
	459	then
	460	cat /dev/null > /var/log/lastlog
	461	fi
	462	fi
	463
	464	# On NT ask if sshd should be installed as service
	465	if [ $_nt -gt 0 ]
	466	then
	467	echo
	468	echo "Do you want to install sshd as service?"
	469	if request "(Say \"no\" if it's already installed as service)"
	470	then
	471	echo
	472	echo "Which value should the environment variable CYGWIN have when"
	473	echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
	474	echo "able to change user context without password."
	475	echo -n "Default is \"binmode ntsec tty\". CYGWIN="
	476	read _cygwin
	477	[ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
	478	if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
	479	then
	480	chown system /etc/ssh*
	481	echo
	482	echo "The service has been installed under LocalSystem account."
	483	fi
	484	fi
	485	fi
	486
	487	if [ "${old_install}" = "1" ]
	488	then
	489	echo
	490	echo "Note: If you have used sshd as service or from inetd, don't forget to"
	491	echo " change the path to sshd.exe in the service entry or in inetd.conf."
	492	fi
	493
	494	echo
	495	echo "Host configuration finished. Have fun!"