]>
Commit | Line | Data |
---|---|---|
3c0ef626 | 1 | #!/bin/sh |
2 | # | |
3 | # ssh-host-config, Copyright 2000, Red Hat Inc. | |
4 | # | |
5 | # This file is part of the Cygwin port of OpenSSH. | |
6 | ||
7 | # Subdirectory where the new package is being installed | |
8 | PREFIX=/usr | |
9 | ||
10 | # Directory where the config files are stored | |
11 | SYSCONFDIR=/etc | |
12 | ||
13 | # Subdirectory where an old package might be installed | |
14 | OLDPREFIX=/usr/local | |
15 | OLDSYSCONFDIR=${OLDPREFIX}/etc | |
16 | ||
17 | progname=$0 | |
18 | auto_answer="" | |
19 | port_number=22 | |
20 | ||
41b2f314 | 21 | privsep_configured=no |
22 | privsep_used=yes | |
23 | sshd_in_passwd=no | |
24 | sshd_in_sam=no | |
25 | ||
3c0ef626 | 26 | request() |
27 | { | |
28 | if [ "${auto_answer}" = "yes" ] | |
29 | then | |
30 | return 0 | |
31 | elif [ "${auto_answer}" = "no" ] | |
32 | then | |
33 | return 1 | |
34 | fi | |
35 | ||
36 | answer="" | |
37 | while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] | |
38 | do | |
39 | echo -n "$1 (yes/no) " | |
40 | read answer | |
41 | done | |
42 | if [ "X${answer}" = "Xyes" ] | |
43 | then | |
44 | return 0 | |
45 | else | |
46 | return 1 | |
47 | fi | |
48 | } | |
49 | ||
50 | # Check options | |
51 | ||
52 | while : | |
53 | do | |
54 | case $# in | |
55 | 0) | |
56 | break | |
57 | ;; | |
58 | esac | |
59 | ||
60 | option=$1 | |
61 | shift | |
62 | ||
63 | case "$option" in | |
64 | -d | --debug ) | |
65 | set -x | |
66 | ;; | |
67 | ||
68 | -y | --yes ) | |
69 | auto_answer=yes | |
70 | ;; | |
71 | ||
72 | -n | --no ) | |
73 | auto_answer=no | |
74 | ;; | |
75 | ||
76 | -p | --port ) | |
77 | port_number=$1 | |
78 | shift | |
79 | ;; | |
80 | ||
81 | *) | |
82 | echo "usage: ${progname} [OPTION]..." | |
83 | echo | |
84 | echo "This script creates an OpenSSH host configuration." | |
85 | echo | |
86 | echo "Options:" | |
87 | echo " --debug -d Enable shell's debug output." | |
88 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
89 | echo " --no -n Answer all questions with \"no\" automatically." | |
90 | echo " --port -p <n> sshd listens on port n." | |
91 | echo | |
92 | exit 1 | |
93 | ;; | |
94 | ||
95 | esac | |
96 | done | |
97 | ||
41b2f314 | 98 | # Check if running on NT |
99 | _sys="`uname -a`" | |
100 | _nt=`expr "$_sys" : "CYGWIN_NT"` | |
101 | ||
3c0ef626 | 102 | # Check for running ssh/sshd processes first. Refuse to do anything while |
103 | # some ssh processes are still running | |
104 | ||
105 | if ps -ef | grep -v grep | grep -q ssh | |
106 | then | |
107 | echo | |
108 | echo "There are still ssh processes running. Please shut them down first." | |
109 | echo | |
41b2f314 | 110 | exit 1 |
3c0ef626 | 111 | fi |
112 | ||
113 | # Check for ${SYSCONFDIR} directory | |
114 | ||
115 | if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] | |
116 | then | |
117 | echo | |
118 | echo "${SYSCONFDIR} is existant but not a directory." | |
119 | echo "Cannot create global configuration files." | |
120 | echo | |
121 | exit 1 | |
122 | fi | |
123 | ||
124 | # Create it if necessary | |
125 | ||
126 | if [ ! -e "${SYSCONFDIR}" ] | |
127 | then | |
128 | mkdir "${SYSCONFDIR}" | |
129 | if [ ! -e "${SYSCONFDIR}" ] | |
130 | then | |
131 | echo | |
132 | echo "Creating ${SYSCONFDIR} directory failed" | |
133 | echo | |
134 | exit 1 | |
135 | fi | |
136 | fi | |
137 | ||
41b2f314 | 138 | # Create /var/log and /var/log/lastlog if not already existing |
139 | ||
140 | if [ -f /var/log ] | |
141 | then | |
142 | echo "Creating /var/log failed\!" | |
143 | else | |
144 | if [ ! -d /var/log ] | |
145 | then | |
146 | mkdir -p /var/log | |
147 | fi | |
148 | if [ -d /var/log/lastlog ] | |
149 | then | |
150 | echo "Creating /var/log/lastlog failed\!" | |
151 | elif [ ! -f /var/log/lastlog ] | |
152 | then | |
153 | cat /dev/null > /var/log/lastlog | |
154 | fi | |
155 | fi | |
156 | ||
157 | # Create /var/empty file used as chroot jail for privilege separation | |
158 | if [ -f /var/empty ] | |
159 | then | |
160 | echo "Creating /var/empty failed\!" | |
161 | else | |
162 | mkdir -p /var/empty | |
163 | # On NT change ownership of that dir to user "system" | |
164 | if [ $_nt -gt 0 ] | |
165 | then | |
166 | chmod 755 /var/empty | |
167 | chown system.system /var/empty | |
168 | fi | |
169 | fi | |
170 | ||
3c0ef626 | 171 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't |
172 | # the same as ${PREFIX} | |
173 | ||
174 | old_install=0 | |
175 | if [ "${OLDPREFIX}" != "${PREFIX}" ] | |
176 | then | |
177 | if [ -f "${OLDPREFIX}/sbin/sshd" ] | |
178 | then | |
179 | echo | |
180 | echo "You seem to have an older installation in ${OLDPREFIX}." | |
181 | echo | |
182 | # Check if old global configuration files exist | |
183 | if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] | |
184 | then | |
185 | if request "Do you want to copy your config files to your new installation?" | |
186 | then | |
187 | cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} | |
188 | cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} | |
189 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} | |
190 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} | |
191 | cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} | |
192 | cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} | |
193 | fi | |
194 | fi | |
195 | if request "Do you want to erase your old installation?" | |
196 | then | |
197 | rm -f ${OLDPREFIX}/bin/ssh.exe | |
198 | rm -f ${OLDPREFIX}/bin/ssh-config | |
199 | rm -f ${OLDPREFIX}/bin/scp.exe | |
200 | rm -f ${OLDPREFIX}/bin/ssh-add.exe | |
201 | rm -f ${OLDPREFIX}/bin/ssh-agent.exe | |
202 | rm -f ${OLDPREFIX}/bin/ssh-keygen.exe | |
203 | rm -f ${OLDPREFIX}/bin/slogin | |
204 | rm -f ${OLDSYSCONFDIR}/ssh_host_key | |
205 | rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub | |
206 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key | |
207 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub | |
208 | rm -f ${OLDSYSCONFDIR}/ssh_config | |
209 | rm -f ${OLDSYSCONFDIR}/sshd_config | |
210 | rm -f ${OLDPREFIX}/man/man1/ssh.1 | |
211 | rm -f ${OLDPREFIX}/man/man1/scp.1 | |
212 | rm -f ${OLDPREFIX}/man/man1/ssh-add.1 | |
213 | rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 | |
214 | rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 | |
215 | rm -f ${OLDPREFIX}/man/man1/slogin.1 | |
216 | rm -f ${OLDPREFIX}/man/man8/sshd.8 | |
217 | rm -f ${OLDPREFIX}/sbin/sshd.exe | |
218 | rm -f ${OLDPREFIX}/sbin/sftp-server.exe | |
219 | fi | |
220 | old_install=1 | |
221 | fi | |
222 | fi | |
223 | ||
224 | # First generate host keys if not already existing | |
225 | ||
226 | if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] | |
227 | then | |
228 | echo "Generating ${SYSCONFDIR}/ssh_host_key" | |
229 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null | |
230 | fi | |
231 | ||
232 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] | |
233 | then | |
234 | echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" | |
235 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null | |
236 | fi | |
237 | ||
238 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] | |
239 | then | |
240 | echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" | |
241 | ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null | |
242 | fi | |
243 | ||
244 | # Check if ssh_config exists. If yes, ask for overwriting | |
245 | ||
246 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
247 | then | |
248 | if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" | |
249 | then | |
250 | rm -f "${SYSCONFDIR}/ssh_config" | |
251 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
252 | then | |
253 | echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." | |
254 | fi | |
255 | fi | |
256 | fi | |
257 | ||
258 | # Create default ssh_config from here script | |
259 | ||
260 | if [ ! -f "${SYSCONFDIR}/ssh_config" ] | |
261 | then | |
262 | echo "Generating ${SYSCONFDIR}/ssh_config file" | |
263 | cat > ${SYSCONFDIR}/ssh_config << EOF | |
41b2f314 | 264 | # This is the ssh client system-wide configuration file. See |
265 | # ssh_config(5) for more information. This file provides defaults for | |
266 | # users, and the values can be changed in per-user configuration files | |
267 | # or on the command line. | |
3c0ef626 | 268 | |
269 | # Configuration data is parsed as follows: | |
270 | # 1. command line options | |
271 | # 2. user-specific file | |
272 | # 3. system-wide file | |
273 | # Any configuration value is only changed the first time it is set. | |
274 | # Thus, host-specific definitions should be at the beginning of the | |
275 | # configuration file, and defaults at the end. | |
276 | ||
277 | # Site-wide defaults for various options | |
278 | ||
279 | # Host * | |
280 | # ForwardAgent no | |
281 | # ForwardX11 no | |
41b2f314 | 282 | # RhostsRSAAuthentication no |
3c0ef626 | 283 | # RSAAuthentication yes |
284 | # PasswordAuthentication yes | |
acc3d05e | 285 | # HostbasedAuthentication no |
3c0ef626 | 286 | # BatchMode no |
287 | # CheckHostIP yes | |
acc3d05e | 288 | # AddressFamily any |
289 | # ConnectTimeout 0 | |
41b2f314 | 290 | # StrictHostKeyChecking ask |
3c0ef626 | 291 | # IdentityFile ~/.ssh/identity |
292 | # IdentityFile ~/.ssh/id_dsa | |
293 | # IdentityFile ~/.ssh/id_rsa | |
294 | # Port 22 | |
295 | # Protocol 2,1 | |
41b2f314 | 296 | # Cipher 3des |
297 | # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc | |
3c0ef626 | 298 | # EscapeChar ~ |
299 | EOF | |
300 | if [ "$port_number" != "22" ] | |
301 | then | |
302 | echo "Host localhost" >> ${SYSCONFDIR}/ssh_config | |
303 | echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config | |
304 | fi | |
305 | fi | |
306 | ||
307 | # Check if sshd_config exists. If yes, ask for overwriting | |
308 | ||
309 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
310 | then | |
311 | if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" | |
312 | then | |
313 | rm -f "${SYSCONFDIR}/sshd_config" | |
314 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
315 | then | |
316 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." | |
317 | fi | |
41b2f314 | 318 | else |
319 | grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes | |
3c0ef626 | 320 | fi |
321 | fi | |
322 | ||
41b2f314 | 323 | # Prior to creating or modifying sshd_config, care for privilege separation |
324 | ||
325 | if [ "$privsep_configured" != "yes" ] | |
326 | then | |
327 | if [ $_nt -gt 0 ] | |
328 | then | |
329 | echo "Privilege separation is set to yes by default since OpenSSH 3.3." | |
330 | echo "However, this requires a non-privileged account called 'sshd'." | |
331 | echo "For more info on privilege separation read /usr/doc/openssh/README.privsep." | |
332 | echo | |
333 | if request "Shall privilege separation be used?" | |
334 | then | |
335 | privsep_used=yes | |
336 | grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes | |
337 | net user sshd >/dev/null 2>&1 && sshd_in_sam=yes | |
338 | if [ "$sshd_in_passwd" != "yes" ] | |
339 | then | |
340 | if [ "$sshd_in_sam" != "yes" ] | |
341 | then | |
342 | echo "Warning: The following function requires administrator privileges!" | |
343 | if request "Shall this script create a local user 'sshd' on this machine?" | |
344 | then | |
345 | dos_var_empty=`cygpath -w /var/empty` | |
346 | net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes | |
347 | if [ "$sshd_in_sam" != "yes" ] | |
348 | then | |
349 | echo "Warning: Creating the user 'sshd' failed!" | |
350 | fi | |
351 | fi | |
352 | fi | |
353 | if [ "$sshd_in_sam" != "yes" ] | |
354 | then | |
355 | echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" | |
356 | echo " Privilege separation set to 'no' again!" | |
357 | echo " Check your ${SYSCONFDIR}/sshd_config file!" | |
358 | privsep_used=no | |
359 | else | |
360 | mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd | |
361 | fi | |
362 | fi | |
363 | else | |
364 | privsep_used=no | |
365 | fi | |
366 | else | |
367 | # On 9x don't use privilege separation. Since security isn't | |
368 | # available it just adds useless addtional processes. | |
369 | privsep_used=no | |
370 | fi | |
371 | fi | |
372 | ||
373 | # Create default sshd_config from here script or modify to add the | |
374 | # missing privsep configuration option | |
3c0ef626 | 375 | |
376 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] | |
377 | then | |
378 | echo "Generating ${SYSCONFDIR}/sshd_config file" | |
379 | cat > ${SYSCONFDIR}/sshd_config << EOF | |
41b2f314 | 380 | # This is the sshd server system-wide configuration file. See |
381 | # sshd_config(5) for more information. | |
382 | ||
6a9b3198 | 383 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
384 | ||
41b2f314 | 385 | # The strategy used for options in the default sshd_config shipped with |
386 | # OpenSSH is to specify options with their default value where | |
387 | # possible, but leave them commented. Uncommented options change a | |
388 | # default value. | |
3c0ef626 | 389 | |
390 | Port $port_number | |
391 | #Protocol 2,1 | |
392 | #ListenAddress 0.0.0.0 | |
393 | #ListenAddress :: | |
394 | ||
395 | # HostKey for protocol version 1 | |
41b2f314 | 396 | #HostKey ${SYSCONFDIR}/ssh_host_key |
3c0ef626 | 397 | # HostKeys for protocol version 2 |
41b2f314 | 398 | #HostKey ${SYSCONFDIR}/ssh_host_rsa_key |
399 | #HostKey ${SYSCONFDIR}/ssh_host_dsa_key | |
3c0ef626 | 400 | |
6a9b3198 | 401 | # Lifetime and size of ephemeral version 1 server key |
acc3d05e | 402 | #KeyRegenerationInterval 1h |
41b2f314 | 403 | #ServerKeyBits 768 |
3c0ef626 | 404 | |
405 | # Logging | |
3c0ef626 | 406 | #obsoletes QuietMode and FascistLogging |
41b2f314 | 407 | #SyslogFacility AUTH |
408 | #LogLevel INFO | |
3c0ef626 | 409 | |
410 | # Authentication: | |
411 | ||
acc3d05e | 412 | #LoginGraceTime 2m |
41b2f314 | 413 | #PermitRootLogin yes |
3c0ef626 | 414 | # The following setting overrides permission checks on host key files |
415 | # and directories. For security reasons set this to "yes" when running | |
416 | # NT/W2K, NTFS and CYGWIN=ntsec. | |
417 | StrictModes no | |
418 | ||
41b2f314 | 419 | #RSAAuthentication yes |
420 | #PubkeyAuthentication yes | |
6a9b3198 | 421 | #AuthorizedKeysFile .ssh/authorized_keys |
3c0ef626 | 422 | |
41b2f314 | 423 | # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts |
424 | #RhostsRSAAuthentication no | |
3c0ef626 | 425 | # similar for protocol version 2 |
41b2f314 | 426 | #HostbasedAuthentication no |
427 | # Change to yes if you don't trust ~/.ssh/known_hosts for | |
428 | # RhostsRSAAuthentication and HostbasedAuthentication | |
429 | #IgnoreUserKnownHosts no | |
acc3d05e | 430 | # Don't read the user's ~/.rhosts and ~/.shosts files |
431 | #IgnoreRhosts yes | |
3c0ef626 | 432 | |
433 | # To disable tunneled clear text passwords, change to no here! | |
41b2f314 | 434 | #PasswordAuthentication yes |
435 | #PermitEmptyPasswords no | |
436 | ||
437 | # Change to no to disable s/key passwords | |
438 | #ChallengeResponseAuthentication yes | |
439 | ||
acc3d05e | 440 | #AllowTcpForwarding yes |
441 | #GatewayPorts no | |
41b2f314 | 442 | #X11Forwarding no |
443 | #X11DisplayOffset 10 | |
444 | #X11UseLocalhost yes | |
445 | #PrintMotd yes | |
446 | #PrintLastLog yes | |
447 | #KeepAlive yes | |
3c0ef626 | 448 | #UseLogin no |
41b2f314 | 449 | UsePrivilegeSeparation $privsep_used |
6a9b3198 | 450 | #PermitUserEnvironment no |
41b2f314 | 451 | #Compression yes |
acc3d05e | 452 | #ClientAliveInterval 0 |
453 | #ClientAliveCountMax 3 | |
454 | #UseDNS yes | |
455 | #PidFile /var/run/sshd.pid | |
41b2f314 | 456 | #MaxStartups 10 |
acc3d05e | 457 | |
41b2f314 | 458 | # no default banner path |
459 | #Banner /some/path | |
3c0ef626 | 460 | |
41b2f314 | 461 | # override default of no subsystems |
3c0ef626 | 462 | Subsystem sftp /usr/sbin/sftp-server |
463 | EOF | |
41b2f314 | 464 | elif [ "$privsep_configured" != "yes" ] |
465 | then | |
466 | echo >> ${SYSCONFDIR}/sshd_config | |
467 | echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config | |
3c0ef626 | 468 | fi |
469 | ||
470 | # Care for services file | |
3c0ef626 | 471 | if [ $_nt -gt 0 ] |
472 | then | |
473 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" | |
474 | _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" | |
475 | else | |
476 | _wservices="${WINDIR}\\SERVICES" | |
477 | _wserv_tmp="${WINDIR}\\SERV.$$" | |
478 | fi | |
479 | _services=`cygpath -u "${_wservices}"` | |
480 | _serv_tmp=`cygpath -u "${_wserv_tmp}"` | |
481 | ||
482 | mount -t -f "${_wservices}" "${_services}" | |
483 | mount -t -f "${_wserv_tmp}" "${_serv_tmp}" | |
484 | ||
485 | # Remove sshd 22/port from services | |
486 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] | |
487 | then | |
488 | grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" | |
489 | if [ -f "${_serv_tmp}" ] | |
490 | then | |
491 | if mv "${_serv_tmp}" "${_services}" | |
492 | then | |
493 | echo "Removing sshd from ${_services}" | |
494 | else | |
495 | echo "Removing sshd from ${_services} failed\!" | |
496 | fi | |
497 | rm -f "${_serv_tmp}" | |
498 | else | |
499 | echo "Removing sshd from ${_services} failed\!" | |
500 | fi | |
501 | fi | |
502 | ||
503 | # Add ssh 22/tcp and ssh 22/udp to services | |
504 | if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] | |
505 | then | |
506 | awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" | |
507 | if [ -f "${_serv_tmp}" ] | |
508 | then | |
509 | if mv "${_serv_tmp}" "${_services}" | |
510 | then | |
511 | echo "Added ssh to ${_services}" | |
512 | else | |
513 | echo "Adding ssh to ${_services} failed\!" | |
514 | fi | |
515 | rm -f "${_serv_tmp}" | |
516 | else | |
517 | echo "Adding ssh to ${_services} failed\!" | |
518 | fi | |
519 | fi | |
520 | ||
521 | umount "${_services}" | |
522 | umount "${_serv_tmp}" | |
523 | ||
524 | # Care for inetd.conf file | |
41b2f314 | 525 | _inetcnf="${SYSCONFDIR}/inetd.conf" |
526 | _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" | |
3c0ef626 | 527 | |
528 | if [ -f "${_inetcnf}" ] | |
529 | then | |
530 | # Check if ssh service is already in use as sshd | |
531 | with_comment=1 | |
532 | grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0 | |
533 | # Remove sshd line from inetd.conf | |
534 | if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] | |
535 | then | |
536 | grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" | |
537 | if [ -f "${_inetcnf_tmp}" ] | |
538 | then | |
539 | if mv "${_inetcnf_tmp}" "${_inetcnf}" | |
540 | then | |
541 | echo "Removed sshd from ${_inetcnf}" | |
542 | else | |
543 | echo "Removing sshd from ${_inetcnf} failed\!" | |
544 | fi | |
545 | rm -f "${_inetcnf_tmp}" | |
546 | else | |
547 | echo "Removing sshd from ${_inetcnf} failed\!" | |
548 | fi | |
549 | fi | |
550 | ||
551 | # Add ssh line to inetd.conf | |
552 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] | |
553 | then | |
554 | if [ "${with_comment}" -eq 0 ] | |
555 | then | |
700318f3 | 556 | echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
3c0ef626 | 557 | else |
700318f3 | 558 | echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
3c0ef626 | 559 | fi |
560 | echo "Added ssh to ${_inetcnf}" | |
561 | fi | |
562 | fi | |
563 | ||
3c0ef626 | 564 | # On NT ask if sshd should be installed as service |
565 | if [ $_nt -gt 0 ] | |
566 | then | |
567 | echo | |
568 | echo "Do you want to install sshd as service?" | |
569 | if request "(Say \"no\" if it's already installed as service)" | |
570 | then | |
571 | echo | |
572 | echo "Which value should the environment variable CYGWIN have when" | |
573 | echo "sshd starts? It's recommended to set at least \"ntsec\" to be" | |
574 | echo "able to change user context without password." | |
575 | echo -n "Default is \"binmode ntsec tty\". CYGWIN=" | |
576 | read _cygwin | |
577 | [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" | |
578 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" | |
579 | then | |
41b2f314 | 580 | chown system ${SYSCONFDIR}/ssh* |
3c0ef626 | 581 | echo |
582 | echo "The service has been installed under LocalSystem account." | |
583 | fi | |
584 | fi | |
585 | fi | |
586 | ||
587 | if [ "${old_install}" = "1" ] | |
588 | then | |
589 | echo | |
590 | echo "Note: If you have used sshd as service or from inetd, don't forget to" | |
591 | echo " change the path to sshd.exe in the service entry or in inetd.conf." | |
592 | fi | |
593 | ||
594 | echo | |
595 | echo "Host configuration finished. Have fun!" |