3 # ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
5 # This file is part of the Cygwin port of OpenSSH.
7 # ======================================================================
9 # ======================================================================
10 PROGNAME=$(basename -- $0)
11 _tdir=$(dirname -- $0)
12 PROGDIR=$(cd $_tdir && pwd)
14 CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
16 # Subdirectory where the new package is being installed
19 # Directory where the config files are stored
29 # ======================================================================
30 # Routine: create_ssh1_identity
31 # optionally create ~/.ssh/identity[.pub]
32 # optionally add result to ~/.ssh/authorized_keys
33 # ======================================================================
34 create_ssh1_identity() {
35 if [ ! -f "${pwdhome}/.ssh/identity" ]
37 if csih_request "Shall I create an SSH1 RSA identity file for you?"
39 csih_inform "Generating ${pwdhome}/.ssh/identity"
40 if [ "${with_passphrase}" = "yes" ]
42 ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
44 ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
46 if csih_request "Do you want to use this identity to login to this machine?"
48 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
49 cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
53 } # === End of create_ssh1_identity() === #
54 readonly -f create_ssh1_identity
56 # ======================================================================
57 # Routine: create_ssh2_rsa_identity
58 # optionally create ~/.ssh/id_rsa[.pub]
59 # optionally add result to ~/.ssh/authorized_keys
60 # ======================================================================
61 create_ssh2_rsa_identity() {
62 if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
64 if csih_request "Shall I create an SSH2 RSA identity file for you?"
66 csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
67 if [ "${with_passphrase}" = "yes" ]
69 ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
71 ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
73 if csih_request "Do you want to use this identity to login to this machine?"
75 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
76 cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
80 } # === End of create_ssh2_rsa_identity() === #
81 readonly -f create_ssh2_rsa_identity
83 # ======================================================================
84 # Routine: create_ssh2_dsa_identity
85 # optionally create ~/.ssh/id_dsa[.pub]
86 # optionally add result to ~/.ssh/authorized_keys
87 # ======================================================================
88 create_ssh2_dsa_identity() {
89 if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
91 if csih_request "Shall I create an SSH2 DSA identity file for you?"
93 csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
94 if [ "${with_passphrase}" = "yes" ]
96 ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
98 ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
100 if csih_request "Do you want to use this identity to login to this machine?"
102 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
103 cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
107 } # === End of create_ssh2_dsa_identity() === #
108 readonly -f create_ssh2_dsa_identity
110 # ======================================================================
111 # Routine: check_user_homedir
112 # Perform various checks on the user's home directory
113 # SETS GLOBAL VARIABLE:
115 # ======================================================================
116 check_user_homedir() {
118 pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
119 if [ "X${pwdhome}" = "X" ]
121 csih_error_multiline \
122 "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
123 'Setting $HOME is not sufficient!'
126 if [ ! -d "${pwdhome}" ]
128 csih_error_multiline \
129 "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
130 'but it is not a valid directory. Cannot create user identity files.'
133 # If home is the root dir, set home to empty string to avoid error messages
134 # in subsequent parts of that script.
135 if [ "X${pwdhome}" = "X/" ]
137 # But first raise a warning!
138 csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
139 if csih_request "Would you like to proceed anyway?"
143 csih_warning "Exiting. Configuration is not complete"
148 if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
151 csih_warning 'group and other have been revoked write permission to your home'
152 csih_warning "directory ${pwdhome}."
153 csih_warning 'This is required by OpenSSH to allow public key authentication using'
154 csih_warning 'the key files stored in your .ssh subdirectory.'
155 csih_warning 'Revert this change ONLY if you know what you are doing!'
158 } # === End of check_user_homedir() === #
159 readonly -f check_user_homedir
161 # ======================================================================
162 # Routine: check_user_dot_ssh_dir
163 # Perform various checks on the ~/.ssh directory
165 # pwdhome -- check_user_homedir()
166 # ======================================================================
167 check_user_dot_ssh_dir() {
168 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
170 csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
173 if [ ! -e "${pwdhome}/.ssh" ]
175 mkdir "${pwdhome}/.ssh"
176 if [ ! -e "${pwdhome}/.ssh" ]
178 csih_error "Creating users ${pwdhome}/.ssh directory failed"
181 } # === End of check_user_dot_ssh_dir() === #
182 readonly -f check_user_dot_ssh_dir
184 # ======================================================================
185 # Routine: fix_authorized_keys_perms
186 # Corrects the permissions of ~/.ssh/authorized_keys
188 # pwdhome -- check_user_homedir()
189 # ======================================================================
190 fix_authorized_keys_perms() {
191 if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
193 if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
195 csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
196 csih_warning "failed. Please care for the correct permissions. The minimum requirement"
197 csih_warning "is, the owner needs read permissions."
201 } # === End of fix_authorized_keys_perms() === #
202 readonly -f fix_authorized_keys_perms
205 # ======================================================================
207 # ======================================================================
209 # Check how the script has been started. If
210 # (1) it has been started by giving the full path and
211 # that path is /etc/postinstall, OR
212 # (2) Otherwise, if the environment variable
213 # SSH_USER_CONFIG_AUTO_ANSWER_NO is set
214 # then set auto_answer to "no". This allows automatic
215 # creation of the config files in /etc w/o overwriting
216 # them if they already exist. In both cases, color
217 # escape sequences are suppressed, so as to prevent
218 # cluttering setup's logfiles.
219 if [ "$PROGDIR" = "/etc/postinstall" ]
221 csih_auto_answer="no"
224 if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
226 csih_auto_answer="no"
230 # ======================================================================
232 # ======================================================================
259 with_passphrase="yes"
265 csih_FORCE_PRIVILEGED_USER=yes
269 echo "usage: ${PROGNAME} [OPTION]..."
271 echo "This script creates an OpenSSH user configuration."
274 echo " --debug -d Enable shell's debug output."
275 echo " --yes -y Answer all questions with \"yes\" automatically."
276 echo " --no -n Answer all questions with \"no\" automatically."
277 echo " --passphrase -p word Use \"word\" as passphrase automatically."
278 echo " --privileged On Windows NT/2k/XP, assume privileged user"
279 echo " instead of LocalSystem for sshd service."
287 # ======================================================================
289 # ======================================================================
292 if [ ! -f ${SYSCONFDIR}/passwd ]
294 csih_error_multiline \
295 "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
296 'first using mkpasswd. Check if it contains an entry for you and' \
297 'please care for the home directory in your entry as well.'
301 check_user_dot_ssh_dir
303 create_ssh2_rsa_identity
304 create_ssh2_dsa_identity
305 fix_authorized_keys_perms
308 csih_inform "Configuration finished. Have fun!"