]>
Commit | Line | Data |
---|---|---|
9cb1827b | 1 | #!/bin/sh |
3c0ef626 | 2 | # |
9cb1827b | 3 | # ssh-host-config, Copyright 2000, Red Hat Inc. |
3c0ef626 | 4 | # |
5 | # This file is part of the Cygwin port of OpenSSH. | |
6 | ||
7 | # Subdirectory where the new package is being installed | |
8 | PREFIX=/usr | |
9 | ||
10 | # Directory where the config files are stored | |
11 | SYSCONFDIR=/etc | |
9cb1827b | 12 | |
13 | # Subdirectory where an old package might be installed | |
14 | OLDPREFIX=/usr/local | |
15 | OLDSYSCONFDIR=${OLDPREFIX}/etc | |
3c0ef626 | 16 | |
17 | progname=$0 | |
18 | auto_answer="" | |
19 | port_number=22 | |
20 | ||
41b2f314 | 21 | privsep_configured=no |
22 | privsep_used=yes | |
23 | sshd_in_passwd=no | |
24 | sshd_in_sam=no | |
25 | ||
3c0ef626 | 26 | request() |
27 | { | |
28 | if [ "${auto_answer}" = "yes" ] | |
29 | then | |
30 | return 0 | |
31 | elif [ "${auto_answer}" = "no" ] | |
32 | then | |
33 | return 1 | |
34 | fi | |
35 | ||
36 | answer="" | |
37 | while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] | |
38 | do | |
39 | echo -n "$1 (yes/no) " | |
9cb1827b | 40 | read answer |
3c0ef626 | 41 | done |
42 | if [ "X${answer}" = "Xyes" ] | |
43 | then | |
44 | return 0 | |
45 | else | |
46 | return 1 | |
47 | fi | |
48 | } | |
49 | ||
50 | # Check options | |
51 | ||
52 | while : | |
53 | do | |
54 | case $# in | |
55 | 0) | |
56 | break | |
57 | ;; | |
58 | esac | |
59 | ||
60 | option=$1 | |
61 | shift | |
62 | ||
9cb1827b | 63 | case "$option" in |
3c0ef626 | 64 | -d | --debug ) |
65 | set -x | |
66 | ;; | |
67 | ||
68 | -y | --yes ) | |
69 | auto_answer=yes | |
70 | ;; | |
71 | ||
72 | -n | --no ) | |
73 | auto_answer=no | |
74 | ;; | |
75 | ||
76 | -p | --port ) | |
77 | port_number=$1 | |
78 | shift | |
79 | ;; | |
80 | ||
81 | *) | |
82 | echo "usage: ${progname} [OPTION]..." | |
83 | echo | |
84 | echo "This script creates an OpenSSH host configuration." | |
85 | echo | |
86 | echo "Options:" | |
9cb1827b | 87 | echo " --debug -d Enable shell's debug output." |
88 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
89 | echo " --no -n Answer all questions with \"no\" automatically." | |
90 | echo " --port -p <n> sshd listens on port n." | |
3c0ef626 | 91 | echo |
92 | exit 1 | |
93 | ;; | |
94 | ||
95 | esac | |
96 | done | |
97 | ||
41b2f314 | 98 | # Check if running on NT |
9cb1827b | 99 | _sys="`uname -a`" |
100 | _nt=`expr "$_sys" : "CYGWIN_NT"` | |
41b2f314 | 101 | |
3c0ef626 | 102 | # Check for running ssh/sshd processes first. Refuse to do anything while |
103 | # some ssh processes are still running | |
104 | ||
105 | if ps -ef | grep -v grep | grep -q ssh | |
106 | then | |
107 | echo | |
108 | echo "There are still ssh processes running. Please shut them down first." | |
109 | echo | |
41b2f314 | 110 | exit 1 |
3c0ef626 | 111 | fi |
112 | ||
113 | # Check for ${SYSCONFDIR} directory | |
114 | ||
115 | if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] | |
116 | then | |
117 | echo | |
118 | echo "${SYSCONFDIR} is existant but not a directory." | |
119 | echo "Cannot create global configuration files." | |
120 | echo | |
121 | exit 1 | |
122 | fi | |
123 | ||
124 | # Create it if necessary | |
125 | ||
126 | if [ ! -e "${SYSCONFDIR}" ] | |
127 | then | |
128 | mkdir "${SYSCONFDIR}" | |
129 | if [ ! -e "${SYSCONFDIR}" ] | |
130 | then | |
131 | echo | |
132 | echo "Creating ${SYSCONFDIR} directory failed" | |
133 | echo | |
134 | exit 1 | |
135 | fi | |
136 | fi | |
137 | ||
41b2f314 | 138 | # Create /var/log and /var/log/lastlog if not already existing |
139 | ||
9cb1827b | 140 | if [ -f /var/log ] |
41b2f314 | 141 | then |
9cb1827b | 142 | echo "Creating /var/log failed\!" |
41b2f314 | 143 | else |
9cb1827b | 144 | if [ ! -d /var/log ] |
41b2f314 | 145 | then |
9cb1827b | 146 | mkdir -p /var/log |
41b2f314 | 147 | fi |
9cb1827b | 148 | if [ -d /var/log/lastlog ] |
41b2f314 | 149 | then |
9cb1827b | 150 | echo "Creating /var/log/lastlog failed\!" |
151 | elif [ ! -f /var/log/lastlog ] | |
41b2f314 | 152 | then |
9cb1827b | 153 | cat /dev/null > /var/log/lastlog |
41b2f314 | 154 | fi |
155 | fi | |
156 | ||
157 | # Create /var/empty file used as chroot jail for privilege separation | |
9cb1827b | 158 | if [ -f /var/empty ] |
41b2f314 | 159 | then |
9cb1827b | 160 | echo "Creating /var/empty failed\!" |
41b2f314 | 161 | else |
9cb1827b | 162 | mkdir -p /var/empty |
163 | # On NT change ownership of that dir to user "system" | |
164 | if [ $_nt -gt 0 ] | |
41b2f314 | 165 | then |
9cb1827b | 166 | chmod 755 /var/empty |
167 | chown system.system /var/empty | |
168 | fi | |
169 | fi | |
170 | ||
171 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't | |
172 | # the same as ${PREFIX} | |
173 | ||
174 | old_install=0 | |
175 | if [ "${OLDPREFIX}" != "${PREFIX}" ] | |
176 | then | |
177 | if [ -f "${OLDPREFIX}/sbin/sshd" ] | |
178 | then | |
179 | echo | |
180 | echo "You seem to have an older installation in ${OLDPREFIX}." | |
181 | echo | |
182 | # Check if old global configuration files exist | |
183 | if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] | |
184 | then | |
185 | if request "Do you want to copy your config files to your new installation?" | |
186 | then | |
187 | cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} | |
188 | cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} | |
189 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} | |
190 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} | |
191 | cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} | |
192 | cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} | |
193 | fi | |
194 | fi | |
195 | if request "Do you want to erase your old installation?" | |
196 | then | |
197 | rm -f ${OLDPREFIX}/bin/ssh.exe | |
198 | rm -f ${OLDPREFIX}/bin/ssh-config | |
199 | rm -f ${OLDPREFIX}/bin/scp.exe | |
200 | rm -f ${OLDPREFIX}/bin/ssh-add.exe | |
201 | rm -f ${OLDPREFIX}/bin/ssh-agent.exe | |
202 | rm -f ${OLDPREFIX}/bin/ssh-keygen.exe | |
203 | rm -f ${OLDPREFIX}/bin/slogin | |
204 | rm -f ${OLDSYSCONFDIR}/ssh_host_key | |
205 | rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub | |
206 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key | |
207 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub | |
208 | rm -f ${OLDSYSCONFDIR}/ssh_config | |
209 | rm -f ${OLDSYSCONFDIR}/sshd_config | |
210 | rm -f ${OLDPREFIX}/man/man1/ssh.1 | |
211 | rm -f ${OLDPREFIX}/man/man1/scp.1 | |
212 | rm -f ${OLDPREFIX}/man/man1/ssh-add.1 | |
213 | rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 | |
214 | rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 | |
215 | rm -f ${OLDPREFIX}/man/man1/slogin.1 | |
216 | rm -f ${OLDPREFIX}/man/man8/sshd.8 | |
217 | rm -f ${OLDPREFIX}/sbin/sshd.exe | |
218 | rm -f ${OLDPREFIX}/sbin/sftp-server.exe | |
219 | fi | |
220 | old_install=1 | |
3c0ef626 | 221 | fi |
222 | fi | |
223 | ||
224 | # First generate host keys if not already existing | |
225 | ||
226 | if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] | |
227 | then | |
228 | echo "Generating ${SYSCONFDIR}/ssh_host_key" | |
229 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null | |
230 | fi | |
231 | ||
232 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] | |
233 | then | |
234 | echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" | |
235 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null | |
236 | fi | |
237 | ||
238 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] | |
239 | then | |
240 | echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" | |
241 | ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null | |
242 | fi | |
243 | ||
244 | # Check if ssh_config exists. If yes, ask for overwriting | |
245 | ||
246 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
247 | then | |
248 | if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" | |
249 | then | |
250 | rm -f "${SYSCONFDIR}/ssh_config" | |
251 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
252 | then | |
253 | echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." | |
254 | fi | |
255 | fi | |
256 | fi | |
257 | ||
9cb1827b | 258 | # Create default ssh_config from here script |
3c0ef626 | 259 | |
260 | if [ ! -f "${SYSCONFDIR}/ssh_config" ] | |
261 | then | |
262 | echo "Generating ${SYSCONFDIR}/ssh_config file" | |
9cb1827b | 263 | cat > ${SYSCONFDIR}/ssh_config << EOF |
264 | # This is the ssh client system-wide configuration file. See | |
265 | # ssh_config(5) for more information. This file provides defaults for | |
266 | # users, and the values can be changed in per-user configuration files | |
267 | # or on the command line. | |
268 | ||
269 | # Configuration data is parsed as follows: | |
270 | # 1. command line options | |
271 | # 2. user-specific file | |
272 | # 3. system-wide file | |
273 | # Any configuration value is only changed the first time it is set. | |
274 | # Thus, host-specific definitions should be at the beginning of the | |
275 | # configuration file, and defaults at the end. | |
276 | ||
277 | # Site-wide defaults for various options | |
278 | ||
279 | # Host * | |
280 | # ForwardAgent no | |
281 | # ForwardX11 no | |
282 | # RhostsRSAAuthentication no | |
283 | # RSAAuthentication yes | |
284 | # PasswordAuthentication yes | |
285 | # HostbasedAuthentication no | |
286 | # BatchMode no | |
287 | # CheckHostIP yes | |
288 | # AddressFamily any | |
289 | # ConnectTimeout 0 | |
290 | # StrictHostKeyChecking ask | |
291 | # IdentityFile ~/.ssh/identity | |
292 | # IdentityFile ~/.ssh/id_dsa | |
293 | # IdentityFile ~/.ssh/id_rsa | |
294 | # Port 22 | |
295 | # Protocol 2,1 | |
296 | # Cipher 3des | |
297 | # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc | |
298 | # EscapeChar ~ | |
299 | EOF | |
300 | if [ "$port_number" != "22" ] | |
3c0ef626 | 301 | then |
302 | echo "Host localhost" >> ${SYSCONFDIR}/ssh_config | |
9cb1827b | 303 | echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config |
3c0ef626 | 304 | fi |
305 | fi | |
306 | ||
307 | # Check if sshd_config exists. If yes, ask for overwriting | |
308 | ||
309 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
310 | then | |
311 | if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" | |
312 | then | |
313 | rm -f "${SYSCONFDIR}/sshd_config" | |
314 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
315 | then | |
316 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." | |
317 | fi | |
41b2f314 | 318 | else |
319 | grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes | |
3c0ef626 | 320 | fi |
321 | fi | |
322 | ||
41b2f314 | 323 | # Prior to creating or modifying sshd_config, care for privilege separation |
324 | ||
9cb1827b | 325 | if [ "$privsep_configured" != "yes" ] |
41b2f314 | 326 | then |
9cb1827b | 327 | if [ $_nt -gt 0 ] |
41b2f314 | 328 | then |
329 | echo "Privilege separation is set to yes by default since OpenSSH 3.3." | |
330 | echo "However, this requires a non-privileged account called 'sshd'." | |
9cb1827b | 331 | echo "For more info on privilege separation read /usr/doc/openssh/README.privsep." |
41b2f314 | 332 | echo |
9cb1827b | 333 | if request "Shall privilege separation be used?" |
41b2f314 | 334 | then |
335 | privsep_used=yes | |
336 | grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes | |
337 | net user sshd >/dev/null 2>&1 && sshd_in_sam=yes | |
9cb1827b | 338 | if [ "$sshd_in_passwd" != "yes" ] |
41b2f314 | 339 | then |
9cb1827b | 340 | if [ "$sshd_in_sam" != "yes" ] |
41b2f314 | 341 | then |
342 | echo "Warning: The following function requires administrator privileges!" | |
9cb1827b | 343 | if request "Shall this script create a local user 'sshd' on this machine?" |
41b2f314 | 344 | then |
9cb1827b | 345 | dos_var_empty=`cygpath -w /var/empty` |
346 | net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes | |
347 | if [ "$sshd_in_sam" != "yes" ] | |
41b2f314 | 348 | then |
349 | echo "Warning: Creating the user 'sshd' failed!" | |
350 | fi | |
351 | fi | |
352 | fi | |
9cb1827b | 353 | if [ "$sshd_in_sam" != "yes" ] |
41b2f314 | 354 | then |
355 | echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" | |
356 | echo " Privilege separation set to 'no' again!" | |
357 | echo " Check your ${SYSCONFDIR}/sshd_config file!" | |
358 | privsep_used=no | |
359 | else | |
360 | mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd | |
361 | fi | |
362 | fi | |
363 | else | |
364 | privsep_used=no | |
365 | fi | |
366 | else | |
367 | # On 9x don't use privilege separation. Since security isn't | |
9cb1827b | 368 | # available it just adds useless addtional processes. |
41b2f314 | 369 | privsep_used=no |
370 | fi | |
371 | fi | |
372 | ||
9cb1827b | 373 | # Create default sshd_config from here script or modify to add the |
374 | # missing privsep configuration option | |
3c0ef626 | 375 | |
376 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] | |
377 | then | |
378 | echo "Generating ${SYSCONFDIR}/sshd_config file" | |
9cb1827b | 379 | cat > ${SYSCONFDIR}/sshd_config << EOF |
380 | # This is the sshd server system-wide configuration file. See | |
381 | # sshd_config(5) for more information. | |
382 | ||
383 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | |
384 | ||
385 | # The strategy used for options in the default sshd_config shipped with | |
386 | # OpenSSH is to specify options with their default value where | |
387 | # possible, but leave them commented. Uncommented options change a | |
388 | # default value. | |
389 | ||
390 | Port $port_number | |
391 | #Protocol 2,1 | |
392 | #ListenAddress 0.0.0.0 | |
393 | #ListenAddress :: | |
394 | ||
395 | # HostKey for protocol version 1 | |
396 | #HostKey ${SYSCONFDIR}/ssh_host_key | |
397 | # HostKeys for protocol version 2 | |
398 | #HostKey ${SYSCONFDIR}/ssh_host_rsa_key | |
399 | #HostKey ${SYSCONFDIR}/ssh_host_dsa_key | |
400 | ||
401 | # Lifetime and size of ephemeral version 1 server key | |
402 | #KeyRegenerationInterval 1h | |
403 | #ServerKeyBits 768 | |
404 | ||
405 | # Logging | |
406 | #obsoletes QuietMode and FascistLogging | |
407 | #SyslogFacility AUTH | |
408 | #LogLevel INFO | |
409 | ||
410 | # Authentication: | |
411 | ||
412 | #LoginGraceTime 2m | |
413 | #PermitRootLogin yes | |
414 | # The following setting overrides permission checks on host key files | |
415 | # and directories. For security reasons set this to "yes" when running | |
416 | # NT/W2K, NTFS and CYGWIN=ntsec. | |
417 | StrictModes no | |
418 | ||
419 | #RSAAuthentication yes | |
420 | #PubkeyAuthentication yes | |
421 | #AuthorizedKeysFile .ssh/authorized_keys | |
422 | ||
423 | # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts | |
424 | #RhostsRSAAuthentication no | |
425 | # similar for protocol version 2 | |
426 | #HostbasedAuthentication no | |
427 | # Change to yes if you don't trust ~/.ssh/known_hosts for | |
428 | # RhostsRSAAuthentication and HostbasedAuthentication | |
429 | #IgnoreUserKnownHosts no | |
430 | # Don't read the user's ~/.rhosts and ~/.shosts files | |
431 | #IgnoreRhosts yes | |
432 | ||
433 | # To disable tunneled clear text passwords, change to no here! | |
434 | #PasswordAuthentication yes | |
435 | #PermitEmptyPasswords no | |
436 | ||
437 | # Change to no to disable s/key passwords | |
438 | #ChallengeResponseAuthentication yes | |
439 | ||
440 | #AllowTcpForwarding yes | |
441 | #GatewayPorts no | |
442 | #X11Forwarding no | |
443 | #X11DisplayOffset 10 | |
444 | #X11UseLocalhost yes | |
445 | #PrintMotd yes | |
446 | #PrintLastLog yes | |
447 | #KeepAlive yes | |
448 | #UseLogin no | |
449 | UsePrivilegeSeparation $privsep_used | |
450 | #PermitUserEnvironment no | |
451 | #Compression yes | |
452 | #ClientAliveInterval 0 | |
453 | #ClientAliveCountMax 3 | |
454 | #UseDNS yes | |
455 | #PidFile /var/run/sshd.pid | |
456 | #MaxStartups 10 | |
457 | ||
458 | # no default banner path | |
459 | #Banner /some/path | |
460 | ||
461 | # override default of no subsystems | |
462 | Subsystem sftp /usr/sbin/sftp-server | |
463 | EOF | |
464 | elif [ "$privsep_configured" != "yes" ] | |
41b2f314 | 465 | then |
466 | echo >> ${SYSCONFDIR}/sshd_config | |
9cb1827b | 467 | echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config |
3c0ef626 | 468 | fi |
469 | ||
470 | # Care for services file | |
9cb1827b | 471 | if [ $_nt -gt 0 ] |
3c0ef626 | 472 | then |
9cb1827b | 473 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" |
474 | _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" | |
3c0ef626 | 475 | else |
9cb1827b | 476 | _wservices="${WINDIR}\\SERVICES" |
477 | _wserv_tmp="${WINDIR}\\SERV.$$" | |
3c0ef626 | 478 | fi |
9cb1827b | 479 | _services=`cygpath -u "${_wservices}"` |
480 | _serv_tmp=`cygpath -u "${_wserv_tmp}"` | |
3c0ef626 | 481 | |
9cb1827b | 482 | mount -t -f "${_wservices}" "${_services}" |
483 | mount -t -f "${_wserv_tmp}" "${_serv_tmp}" | |
3c0ef626 | 484 | |
485 | # Remove sshd 22/port from services | |
486 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] | |
487 | then | |
488 | grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" | |
489 | if [ -f "${_serv_tmp}" ] | |
9cb1827b | 490 | then |
3c0ef626 | 491 | if mv "${_serv_tmp}" "${_services}" |
492 | then | |
9cb1827b | 493 | echo "Removing sshd from ${_services}" |
3c0ef626 | 494 | else |
9cb1827b | 495 | echo "Removing sshd from ${_services} failed\!" |
496 | fi | |
3c0ef626 | 497 | rm -f "${_serv_tmp}" |
498 | else | |
9cb1827b | 499 | echo "Removing sshd from ${_services} failed\!" |
3c0ef626 | 500 | fi |
501 | fi | |
502 | ||
503 | # Add ssh 22/tcp and ssh 22/udp to services | |
504 | if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] | |
505 | then | |
9cb1827b | 506 | awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" |
507 | if [ -f "${_serv_tmp}" ] | |
3c0ef626 | 508 | then |
509 | if mv "${_serv_tmp}" "${_services}" | |
510 | then | |
9cb1827b | 511 | echo "Added ssh to ${_services}" |
3c0ef626 | 512 | else |
9cb1827b | 513 | echo "Adding ssh to ${_services} failed\!" |
3c0ef626 | 514 | fi |
515 | rm -f "${_serv_tmp}" | |
516 | else | |
9cb1827b | 517 | echo "Adding ssh to ${_services} failed\!" |
3c0ef626 | 518 | fi |
519 | fi | |
520 | ||
9cb1827b | 521 | umount "${_services}" |
522 | umount "${_serv_tmp}" | |
3c0ef626 | 523 | |
524 | # Care for inetd.conf file | |
41b2f314 | 525 | _inetcnf="${SYSCONFDIR}/inetd.conf" |
526 | _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" | |
3c0ef626 | 527 | |
528 | if [ -f "${_inetcnf}" ] | |
529 | then | |
530 | # Check if ssh service is already in use as sshd | |
531 | with_comment=1 | |
532 | grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0 | |
533 | # Remove sshd line from inetd.conf | |
534 | if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] | |
535 | then | |
536 | grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" | |
537 | if [ -f "${_inetcnf_tmp}" ] | |
538 | then | |
539 | if mv "${_inetcnf_tmp}" "${_inetcnf}" | |
540 | then | |
9cb1827b | 541 | echo "Removed sshd from ${_inetcnf}" |
3c0ef626 | 542 | else |
9cb1827b | 543 | echo "Removing sshd from ${_inetcnf} failed\!" |
3c0ef626 | 544 | fi |
545 | rm -f "${_inetcnf_tmp}" | |
546 | else | |
9cb1827b | 547 | echo "Removing sshd from ${_inetcnf} failed\!" |
3c0ef626 | 548 | fi |
549 | fi | |
550 | ||
551 | # Add ssh line to inetd.conf | |
552 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] | |
553 | then | |
554 | if [ "${with_comment}" -eq 0 ] | |
555 | then | |
700318f3 | 556 | echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
3c0ef626 | 557 | else |
700318f3 | 558 | echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
3c0ef626 | 559 | fi |
560 | echo "Added ssh to ${_inetcnf}" | |
561 | fi | |
562 | fi | |
563 | ||
3c0ef626 | 564 | # On NT ask if sshd should be installed as service |
9cb1827b | 565 | if [ $_nt -gt 0 ] |
3c0ef626 | 566 | then |
9cb1827b | 567 | echo |
568 | echo "Do you want to install sshd as service?" | |
569 | if request "(Say \"no\" if it's already installed as service)" | |
3c0ef626 | 570 | then |
571 | echo | |
9cb1827b | 572 | echo "Which value should the environment variable CYGWIN have when" |
573 | echo "sshd starts? It's recommended to set at least \"ntsec\" to be" | |
574 | echo "able to change user context without password." | |
575 | echo -n "Default is \"binmode ntsec tty\". CYGWIN=" | |
576 | read _cygwin | |
577 | [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" | |
578 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" | |
3c0ef626 | 579 | then |
9cb1827b | 580 | chown system ${SYSCONFDIR}/ssh* |
581 | echo | |
582 | echo "The service has been installed under LocalSystem account." | |
3c0ef626 | 583 | fi |
584 | fi | |
585 | fi | |
586 | ||
9cb1827b | 587 | if [ "${old_install}" = "1" ] |
588 | then | |
589 | echo | |
590 | echo "Note: If you have used sshd as service or from inetd, don't forget to" | |
591 | echo " change the path to sshd.exe in the service entry or in inetd.conf." | |
592 | fi | |
593 | ||
3c0ef626 | 594 | echo |
595 | echo "Host configuration finished. Have fun!" |