]>
Commit | Line | Data |
---|---|---|
95273555 | 1 | #!/bin/sh |
2 | # | |
f4ebf0e8 | 3 | # ssh-host-config, Copyright 2000, Red Hat Inc. |
95273555 | 4 | # |
5 | # This file is part of the Cygwin port of OpenSSH. | |
6 | ||
95273555 | 7 | # Subdirectory where the new package is being installed |
8 | PREFIX=/usr | |
9 | ||
10 | # Directory where the config files are stored | |
11 | SYSCONFDIR=/etc | |
12 | ||
13 | # Subdirectory where an old package might be installed | |
14 | OLDPREFIX=/usr/local | |
15 | OLDSYSCONFDIR=${OLDPREFIX}/etc | |
16 | ||
f4ebf0e8 | 17 | progname=$0 |
18 | auto_answer="" | |
19 | ||
95273555 | 20 | request() |
21 | { | |
f4ebf0e8 | 22 | if [ "${auto_answer}" = "yes" ] |
23 | then | |
24 | return 0 | |
25 | elif [ "${auto_answer}" = "no" ] | |
26 | then | |
27 | return 1 | |
28 | fi | |
29 | ||
95273555 | 30 | answer="" |
31 | while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] | |
32 | do | |
33 | echo -n "$1 (yes/no) " | |
34 | read answer | |
35 | done | |
36 | if [ "X${answer}" = "Xyes" ] | |
37 | then | |
38 | return 0 | |
39 | else | |
40 | return 1 | |
41 | fi | |
42 | } | |
43 | ||
f4ebf0e8 | 44 | # Check options |
45 | ||
46 | while : | |
47 | do | |
48 | case $# in | |
49 | 0) | |
50 | break | |
51 | ;; | |
52 | esac | |
53 | ||
54 | option=$1 | |
55 | shift | |
56 | ||
57 | case "$option" in | |
58 | -d | --debug ) | |
59 | set -x | |
60 | ;; | |
61 | ||
62 | -y | --yes ) | |
63 | auto_answer=yes | |
64 | ;; | |
65 | ||
66 | -n | --no ) | |
67 | auto_answer=no | |
68 | ;; | |
69 | ||
70 | *) | |
71 | echo "usage: ${progname} [OPTION]..." | |
72 | echo | |
73 | echo "This script creates an OpenSSH host configuration." | |
74 | echo | |
75 | echo "Options:" | |
76 | echo " --debug -d Enable shell's debug output." | |
77 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
78 | echo " --no -n Answer all questions with \"no\" automatically." | |
79 | echo | |
80 | exit 1 | |
81 | ;; | |
82 | ||
83 | esac | |
84 | done | |
85 | ||
95273555 | 86 | # Check for running ssh/sshd processes first. Refuse to do anything while |
87 | # some ssh processes are still running | |
88 | ||
89 | if ps -ef | grep -v grep | grep -q ssh | |
90 | then | |
91 | echo | |
92 | echo "There are still ssh processes running. Please shut them down first." | |
93 | echo | |
94 | exit 1 | |
95 | fi | |
96 | ||
97 | # Check for ${SYSCONFDIR} directory | |
98 | ||
99 | if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] | |
100 | then | |
101 | echo | |
102 | echo "${SYSCONFDIR} is existant but not a directory." | |
103 | echo "Cannot create global configuration files." | |
104 | echo | |
105 | exit 1 | |
106 | fi | |
107 | ||
108 | # Create it if necessary | |
109 | ||
110 | if [ ! -e "${SYSCONFDIR}" ] | |
111 | then | |
112 | mkdir "${SYSCONFDIR}" | |
113 | if [ ! -e "${SYSCONFDIR}" ] | |
114 | then | |
115 | echo | |
116 | echo "Creating ${SYSCONFDIR} directory failed" | |
117 | echo | |
118 | exit 1 | |
119 | fi | |
120 | fi | |
121 | ||
122 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't | |
123 | # the same as ${PREFIX} | |
124 | ||
f4ebf0e8 | 125 | old_install=0 |
95273555 | 126 | if [ "${OLDPREFIX}" != "${PREFIX}" ] |
127 | then | |
128 | if [ -f "${OLDPREFIX}/sbin/sshd" ] | |
129 | then | |
130 | echo | |
131 | echo "You seem to have an older installation in ${OLDPREFIX}." | |
132 | echo | |
133 | # Check if old global configuration files exist | |
134 | if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] | |
135 | then | |
136 | if request "Do you want to copy your config files to your new installation?" | |
137 | then | |
138 | cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} | |
139 | cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} | |
140 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} | |
141 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} | |
142 | cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} | |
143 | cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} | |
144 | fi | |
145 | fi | |
146 | if request "Do you want to erase your old installation?" | |
147 | then | |
148 | rm -f ${OLDPREFIX}/bin/ssh.exe | |
149 | rm -f ${OLDPREFIX}/bin/ssh-config | |
150 | rm -f ${OLDPREFIX}/bin/scp.exe | |
151 | rm -f ${OLDPREFIX}/bin/ssh-add.exe | |
152 | rm -f ${OLDPREFIX}/bin/ssh-agent.exe | |
153 | rm -f ${OLDPREFIX}/bin/ssh-keygen.exe | |
154 | rm -f ${OLDPREFIX}/bin/slogin | |
155 | rm -f ${OLDSYSCONFDIR}/ssh_host_key | |
156 | rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub | |
157 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key | |
158 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub | |
159 | rm -f ${OLDSYSCONFDIR}/ssh_config | |
160 | rm -f ${OLDSYSCONFDIR}/sshd_config | |
161 | rm -f ${OLDPREFIX}/man/man1/ssh.1 | |
162 | rm -f ${OLDPREFIX}/man/man1/scp.1 | |
163 | rm -f ${OLDPREFIX}/man/man1/ssh-add.1 | |
164 | rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 | |
165 | rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 | |
166 | rm -f ${OLDPREFIX}/man/man1/slogin.1 | |
167 | rm -f ${OLDPREFIX}/man/man8/sshd.8 | |
168 | rm -f ${OLDPREFIX}/sbin/sshd.exe | |
169 | rm -f ${OLDPREFIX}/sbin/sftp-server.exe | |
170 | fi | |
f4ebf0e8 | 171 | old_install=1 |
95273555 | 172 | fi |
173 | fi | |
174 | ||
175 | # First generate host keys if not already existing | |
176 | ||
177 | if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] | |
178 | then | |
179 | echo "Generating ${SYSCONFDIR}/ssh_host_key" | |
f4ebf0e8 | 180 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null |
181 | fi | |
182 | ||
183 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] | |
184 | then | |
185 | echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" | |
186 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null | |
95273555 | 187 | fi |
188 | ||
189 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] | |
190 | then | |
191 | echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" | |
f4ebf0e8 | 192 | ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null |
95273555 | 193 | fi |
194 | ||
195 | # Check if ssh_config exists. If yes, ask for overwriting | |
196 | ||
197 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
198 | then | |
199 | if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" | |
200 | then | |
201 | rm -f "${SYSCONFDIR}/ssh_config" | |
202 | if [ -f "${SYSCONFDIR}/ssh_config" ] | |
203 | then | |
204 | echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." | |
205 | fi | |
206 | fi | |
207 | fi | |
208 | ||
209 | # Create default ssh_config from here script | |
210 | ||
211 | if [ ! -f "${SYSCONFDIR}/ssh_config" ] | |
212 | then | |
f4ebf0e8 | 213 | echo "Generating ${SYSCONFDIR}/ssh_config file" |
95273555 | 214 | cat > ${SYSCONFDIR}/ssh_config << EOF |
215 | # This is ssh client systemwide configuration file. This file provides | |
216 | # defaults for users, and the values can be changed in per-user configuration | |
217 | # files or on the command line. | |
218 | ||
219 | # Configuration data is parsed as follows: | |
220 | # 1. command line options | |
221 | # 2. user-specific file | |
222 | # 3. system-wide file | |
223 | # Any configuration value is only changed the first time it is set. | |
224 | # Thus, host-specific definitions should be at the beginning of the | |
225 | # configuration file, and defaults at the end. | |
226 | ||
227 | # Site-wide defaults for various options | |
228 | ||
229 | # Host * | |
230 | # ForwardAgent yes | |
231 | # ForwardX11 yes | |
232 | # RhostsAuthentication yes | |
233 | # RhostsRSAAuthentication yes | |
234 | # RSAAuthentication yes | |
235 | # PasswordAuthentication yes | |
236 | # FallBackToRsh no | |
237 | # UseRsh no | |
238 | # BatchMode no | |
239 | # CheckHostIP yes | |
240 | # StrictHostKeyChecking no | |
95273555 | 241 | # Port 22 |
242 | # Protocol 2,1 | |
243 | # Cipher 3des | |
244 | # EscapeChar ~ | |
245 | ||
246 | # Be paranoid by default | |
247 | Host * | |
248 | ForwardAgent no | |
249 | ForwardX11 no | |
250 | FallBackToRsh no | |
f4ebf0e8 | 251 | |
252 | # Try authentification with the following identities | |
253 | IdentityFile ~/.ssh/identity | |
254 | IdentityFile ~/.ssh/id_rsa | |
255 | IdentityFile ~/.ssh/id_dsa | |
95273555 | 256 | EOF |
257 | fi | |
258 | ||
259 | # Check if sshd_config exists. If yes, ask for overwriting | |
260 | ||
261 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
262 | then | |
263 | if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" | |
264 | then | |
265 | rm -f "${SYSCONFDIR}/sshd_config" | |
266 | if [ -f "${SYSCONFDIR}/sshd_config" ] | |
267 | then | |
268 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." | |
269 | fi | |
270 | fi | |
271 | fi | |
272 | ||
273 | # Create default sshd_config from here script | |
274 | ||
275 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] | |
276 | then | |
f4ebf0e8 | 277 | echo "Generating ${SYSCONFDIR}/sshd_config file" |
95273555 | 278 | cat > ${SYSCONFDIR}/sshd_config << EOF |
279 | # This is ssh server systemwide configuration file. | |
280 | ||
281 | Port 22 | |
f4ebf0e8 | 282 | # |
283 | Protocol 2,1 | |
95273555 | 284 | ListenAddress 0.0.0.0 |
285 | #ListenAddress :: | |
f4ebf0e8 | 286 | # |
287 | # Uncomment the following lines according to the used authentication | |
288 | HostKey /etc/ssh_host_key | |
289 | HostKey /etc/ssh_host_rsa_key | |
290 | HostKey /etc/ssh_host_dsa_key | |
95273555 | 291 | ServerKeyBits 768 |
292 | LoginGraceTime 600 | |
293 | KeyRegenerationInterval 3600 | |
294 | PermitRootLogin yes | |
295 | # | |
296 | # Don't read ~/.rhosts and ~/.shosts files | |
297 | IgnoreRhosts yes | |
298 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | |
299 | #IgnoreUserKnownHosts yes | |
300 | StrictModes yes | |
301 | X11Forwarding no | |
302 | X11DisplayOffset 10 | |
303 | PrintMotd yes | |
304 | KeepAlive yes | |
305 | ||
306 | # Logging | |
307 | SyslogFacility AUTH | |
308 | LogLevel INFO | |
309 | #obsoletes QuietMode and FascistLogging | |
310 | ||
311 | RhostsAuthentication no | |
312 | # | |
313 | # For this to work you will also need host keys in /etc/ssh_known_hosts | |
314 | RhostsRSAAuthentication no | |
315 | ||
316 | # To install for logon to different user accounts change to "no" here | |
317 | RSAAuthentication yes | |
318 | ||
319 | # To install for logon to different user accounts change to "yes" here | |
320 | PasswordAuthentication no | |
321 | ||
322 | PermitEmptyPasswords no | |
323 | ||
324 | CheckMail no | |
325 | UseLogin no | |
326 | ||
327 | #Uncomment if you want to enable sftp | |
328 | #Subsystem sftp /usr/sbin/sftp-server | |
329 | #MaxStartups 10:30:60 | |
330 | EOF | |
331 | fi | |
332 | ||
f4ebf0e8 | 333 | # Add port 22/tcp to services |
334 | _sys="`uname -a`" | |
335 | _nt=`expr "$_sys" : "CYGWIN_NT"` | |
336 | if [ $_nt -gt 0 ] | |
95273555 | 337 | then |
f4ebf0e8 | 338 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" |
339 | _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" | |
340 | else | |
341 | _wservices="${WINDIR}\\SERVICES" | |
342 | _wserv_tmp="${WINDIR}\\SERV.$$" | |
95273555 | 343 | fi |
f4ebf0e8 | 344 | _services=`cygpath -u "${_wservices}"` |
345 | _serv_tmp=`cygpath -u "${_wserv_tmp}"` | |
95273555 | 346 | |
f4ebf0e8 | 347 | mount -b -f "${_wservices}" "${_services}" |
348 | mount -b -f "${_wserv_tmp}" "${_serv_tmp}" | |
95273555 | 349 | |
f4ebf0e8 | 350 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] |
95273555 | 351 | then |
f4ebf0e8 | 352 | awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}" |
353 | if [ -f "${_serv_tmp}" ] | |
95273555 | 354 | then |
f4ebf0e8 | 355 | if mv "${_serv_tmp}" "${_services}" |
356 | then | |
357 | echo "Added sshd to ${_services}" | |
358 | else | |
359 | echo "Adding sshd to ${_services} failed\!" | |
360 | fi | |
361 | rm -f "${_serv_tmp}" | |
362 | else | |
363 | echo "Adding sshd to ${_services} failed\!" | |
95273555 | 364 | fi |
365 | fi | |
366 | ||
f4ebf0e8 | 367 | umount "${_services}" |
368 | umount "${_serv_tmp}" | |
369 | ||
370 | # Add sshd line to inetd.conf | |
371 | if [ -f /etc/inetd.conf ] | |
95273555 | 372 | then |
f4ebf0e8 | 373 | grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf |
95273555 | 374 | fi |
375 | ||
f4ebf0e8 | 376 | if [ "${old_install}" = "1" ] |
95273555 | 377 | then |
f4ebf0e8 | 378 | echo |
379 | echo "Note: If you have used sshd as service or from inetd, don't forget to" | |
380 | echo " change the path to sshd.exe in the service entry or in inetd.conf." | |
95273555 | 381 | fi |
382 | ||
383 | echo | |
f4ebf0e8 | 384 | echo "Host configuration finished. Have fun!" |