3 # ssh-host-config, Copyright 2000, Red Hat Inc.
5 # This file is part of the Cygwin port of OpenSSH.
7 # Subdirectory where the new package is being installed
10 # Directory where the config files are stored
13 # Subdirectory where an old package might be installed
15 OLDSYSCONFDIR=${OLDPREFIX}/etc
23 if [ "${auto_answer}" = "yes" ]
26 elif [ "${auto_answer}" = "no" ]
32 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
34 echo -n "$1 (yes/no) "
37 if [ "X${answer}" = "Xyes" ]
77 echo "usage: ${progname} [OPTION]..."
79 echo "This script creates an OpenSSH host configuration."
82 echo " --debug -d Enable shell's debug output."
83 echo " --yes -y Answer all questions with \"yes\" automatically."
84 echo " --no -n Answer all questions with \"no\" automatically."
85 echo " --port -p <n> sshd listens on port n."
93 # Check for running ssh/sshd processes first. Refuse to do anything while
94 # some ssh processes are still running
96 if ps -ef | grep -v grep | grep -q ssh
99 echo "There are still ssh processes running. Please shut them down first."
104 # Check for ${SYSCONFDIR} directory
106 if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
109 echo "${SYSCONFDIR} is existant but not a directory."
110 echo "Cannot create global configuration files."
115 # Create it if necessary
117 if [ ! -e "${SYSCONFDIR}" ]
119 mkdir "${SYSCONFDIR}"
120 if [ ! -e "${SYSCONFDIR}" ]
123 echo "Creating ${SYSCONFDIR} directory failed"
129 # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
130 # the same as ${PREFIX}
133 if [ "${OLDPREFIX}" != "${PREFIX}" ]
135 if [ -f "${OLDPREFIX}/sbin/sshd" ]
138 echo "You seem to have an older installation in ${OLDPREFIX}."
140 # Check if old global configuration files exist
141 if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
143 if request "Do you want to copy your config files to your new installation?"
145 cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
146 cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
147 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
148 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
149 cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
150 cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
153 if request "Do you want to erase your old installation?"
155 rm -f ${OLDPREFIX}/bin/ssh.exe
156 rm -f ${OLDPREFIX}/bin/ssh-config
157 rm -f ${OLDPREFIX}/bin/scp.exe
158 rm -f ${OLDPREFIX}/bin/ssh-add.exe
159 rm -f ${OLDPREFIX}/bin/ssh-agent.exe
160 rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
161 rm -f ${OLDPREFIX}/bin/slogin
162 rm -f ${OLDSYSCONFDIR}/ssh_host_key
163 rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
164 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
165 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
166 rm -f ${OLDSYSCONFDIR}/ssh_config
167 rm -f ${OLDSYSCONFDIR}/sshd_config
168 rm -f ${OLDPREFIX}/man/man1/ssh.1
169 rm -f ${OLDPREFIX}/man/man1/scp.1
170 rm -f ${OLDPREFIX}/man/man1/ssh-add.1
171 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
172 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
173 rm -f ${OLDPREFIX}/man/man1/slogin.1
174 rm -f ${OLDPREFIX}/man/man8/sshd.8
175 rm -f ${OLDPREFIX}/sbin/sshd.exe
176 rm -f ${OLDPREFIX}/sbin/sftp-server.exe
182 # First generate host keys if not already existing
184 if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
186 echo "Generating ${SYSCONFDIR}/ssh_host_key"
187 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
190 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
192 echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
193 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
196 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
198 echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
199 ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
202 # Check if ssh_config exists. If yes, ask for overwriting
204 if [ -f "${SYSCONFDIR}/ssh_config" ]
206 if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
208 rm -f "${SYSCONFDIR}/ssh_config"
209 if [ -f "${SYSCONFDIR}/ssh_config" ]
211 echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
216 # Create default ssh_config from here script
218 if [ ! -f "${SYSCONFDIR}/ssh_config" ]
220 echo "Generating ${SYSCONFDIR}/ssh_config file"
221 cat > ${SYSCONFDIR}/ssh_config << EOF
222 # This is ssh client systemwide configuration file. This file provides
223 # defaults for users, and the values can be changed in per-user configuration
224 # files or on the command line.
226 # Configuration data is parsed as follows:
227 # 1. command line options
228 # 2. user-specific file
229 # 3. system-wide file
230 # Any configuration value is only changed the first time it is set.
231 # Thus, host-specific definitions should be at the beginning of the
232 # configuration file, and defaults at the end.
234 # Site-wide defaults for various options
239 # RhostsAuthentication no
240 # RhostsRSAAuthentication yes
241 # RSAAuthentication yes
242 # PasswordAuthentication yes
247 # StrictHostKeyChecking yes
248 # IdentityFile ~/.ssh/identity
249 # IdentityFile ~/.ssh/id_dsa
250 # IdentityFile ~/.ssh/id_rsa
256 if [ "$port_number" != "22" ]
258 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
259 echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
263 # Check if sshd_config exists. If yes, ask for overwriting
265 if [ -f "${SYSCONFDIR}/sshd_config" ]
267 if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
269 rm -f "${SYSCONFDIR}/sshd_config"
270 if [ -f "${SYSCONFDIR}/sshd_config" ]
272 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
277 # Create default sshd_config from here script
279 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
281 echo "Generating ${SYSCONFDIR}/sshd_config file"
282 cat > ${SYSCONFDIR}/sshd_config << EOF
283 # This is the sshd server system-wide configuration file. See sshd(8)
284 # for more information.
288 #ListenAddress 0.0.0.0
291 # HostKey for protocol version 1
292 HostKey /etc/ssh_host_key
293 # HostKeys for protocol version 2
294 HostKey /etc/ssh_host_rsa_key
295 HostKey /etc/ssh_host_dsa_key
297 # Lifetime and size of ephemeral version 1 server ke
298 KeyRegenerationInterval 3600
304 #obsoletes QuietMode and FascistLogging
310 # The following setting overrides permission checks on host key files
311 # and directories. For security reasons set this to "yes" when running
312 # NT/W2K, NTFS and CYGWIN=ntsec.
315 RSAAuthentication yes
316 PubkeyAuthentication yes
317 #AuthorizedKeysFile %h/.ssh/authorized_keys
319 # rhosts authentication should not be used
320 RhostsAuthentication no
321 # Don't read ~/.rhosts and ~/.shosts files
323 # For this to work you will also need host keys in /etc/ssh_known_hosts
324 RhostsRSAAuthentication no
325 # similar for protocol version 2
326 HostbasedAuthentication no
327 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
328 #IgnoreUserKnownHosts yes
330 # To disable tunneled clear text passwords, change to no here!
331 PasswordAuthentication yes
332 PermitEmptyPasswords no
341 #MaxStartups 10:30:60
342 #Banner /etc/issue.net
343 #ReverseMappingCheck yes
345 Subsystem sftp /usr/sbin/sftp-server
349 # Care for services file
351 _nt=`expr "$_sys" : "CYGWIN_NT"`
354 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
355 _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
357 _wservices="${WINDIR}\\SERVICES"
358 _wserv_tmp="${WINDIR}\\SERV.$$"
360 _services=`cygpath -u "${_wservices}"`
361 _serv_tmp=`cygpath -u "${_wserv_tmp}"`
363 mount -t -f "${_wservices}" "${_services}"
364 mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
366 # Remove sshd 22/port from services
367 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
369 grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
370 if [ -f "${_serv_tmp}" ]
372 if mv "${_serv_tmp}" "${_services}"
374 echo "Removing sshd from ${_services}"
376 echo "Removing sshd from ${_services} failed\!"
380 echo "Removing sshd from ${_services} failed\!"
384 # Add ssh 22/tcp and ssh 22/udp to services
385 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
387 awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
388 if [ -f "${_serv_tmp}" ]
390 if mv "${_serv_tmp}" "${_services}"
392 echo "Added ssh to ${_services}"
394 echo "Adding ssh to ${_services} failed\!"
398 echo "Adding ssh to ${_services} failed\!"
402 umount "${_services}"
403 umount "${_serv_tmp}"
405 # Care for inetd.conf file
406 _inetcnf="/etc/inetd.conf"
407 _inetcnf_tmp="/etc/inetd.conf.$$"
409 if [ -f "${_inetcnf}" ]
411 # Check if ssh service is already in use as sshd
413 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
414 # Remove sshd line from inetd.conf
415 if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
417 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
418 if [ -f "${_inetcnf_tmp}" ]
420 if mv "${_inetcnf_tmp}" "${_inetcnf}"
422 echo "Removed sshd from ${_inetcnf}"
424 echo "Removing sshd from ${_inetcnf} failed\!"
426 rm -f "${_inetcnf_tmp}"
428 echo "Removing sshd from ${_inetcnf} failed\!"
432 # Add ssh line to inetd.conf
433 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
435 if [ "${with_comment}" -eq 0 ]
437 echo 'ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
439 echo '# ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
441 echo "Added ssh to ${_inetcnf}"
445 # Create /var/log and /var/log/lastlog if not already existing
449 echo "Creating /var/log failed\!"
455 if [ -d /var/log/lastlog ]
457 echo "Creating /var/log/lastlog failed\!"
458 elif [ ! -f /var/log/lastlog ]
460 cat /dev/null > /var/log/lastlog
464 # On NT ask if sshd should be installed as service
468 echo "Do you want to install sshd as service?"
469 if request "(Say \"no\" if it's already installed as service)"
472 echo "Which value should the environment variable CYGWIN have when"
473 echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
474 echo "able to change user context without password."
475 echo -n "Default is \"binmode ntsec tty\". CYGWIN="
477 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
478 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
480 chown system /etc/ssh*
482 echo "The service has been installed under LocalSystem account."
487 if [ "${old_install}" = "1" ]
490 echo "Note: If you have used sshd as service or from inetd, don't forget to"
491 echo " change the path to sshd.exe in the service entry or in inetd.conf."
495 echo "Host configuration finished. Have fun!"