]>
Commit | Line | Data |
---|---|---|
f4ebf0e8 | 1 | #!/bin/sh |
2 | # | |
9e936326 | 3 | # ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. |
f4ebf0e8 | 4 | # |
5 | # This file is part of the Cygwin port of OpenSSH. | |
6 | ||
9e936326 | 7 | # Directory where the config files are stored |
8 | SYSCONFDIR=/etc | |
9 | ||
f4ebf0e8 | 10 | progname=$0 |
11 | auto_answer="" | |
12 | auto_passphrase="no" | |
13 | passphrase="" | |
14 | ||
15 | request() | |
16 | { | |
17 | if [ "${auto_answer}" = "yes" ] | |
18 | then | |
19 | return 0 | |
20 | elif [ "${auto_answer}" = "no" ] | |
21 | then | |
22 | return 1 | |
23 | fi | |
24 | ||
25 | answer="" | |
26 | while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] | |
27 | do | |
28 | echo -n "$1 (yes/no) " | |
29 | read answer | |
30 | done | |
31 | if [ "X${answer}" = "Xyes" ] | |
32 | then | |
33 | return 0 | |
34 | else | |
35 | return 1 | |
36 | fi | |
37 | } | |
38 | ||
9e936326 | 39 | # Check if running on NT |
40 | _sys="`uname -a`" | |
41 | _nt=`expr "$_sys" : "CYGWIN_NT"` | |
42 | # If running on NT, check if running under 2003 Server or later | |
43 | if [ $_nt -gt 0 ] | |
44 | then | |
45 | _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` | |
46 | fi | |
47 | ||
f4ebf0e8 | 48 | # Check options |
49 | ||
50 | while : | |
51 | do | |
52 | case $# in | |
53 | 0) | |
54 | break | |
55 | ;; | |
56 | esac | |
57 | ||
58 | option=$1 | |
59 | shift | |
60 | ||
61 | case "$option" in | |
62 | -d | --debug ) | |
63 | set -x | |
64 | ;; | |
65 | ||
66 | -y | --yes ) | |
67 | auto_answer=yes | |
68 | ;; | |
69 | ||
70 | -n | --no ) | |
71 | auto_answer=no | |
72 | ;; | |
73 | ||
74 | -p | --passphrase ) | |
75 | with_passphrase="yes" | |
76 | passphrase=$1 | |
77 | shift | |
78 | ;; | |
79 | ||
80 | *) | |
81 | echo "usage: ${progname} [OPTION]..." | |
82 | echo | |
83 | echo "This script creates an OpenSSH user configuration." | |
84 | echo | |
85 | echo "Options:" | |
86 | echo " --debug -d Enable shell's debug output." | |
87 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
88 | echo " --no -n Answer all questions with \"no\" automatically." | |
89 | echo " --passphrase -p word Use \"word\" as passphrase automatically." | |
90 | echo | |
91 | exit 1 | |
92 | ;; | |
93 | ||
94 | esac | |
95 | done | |
96 | ||
97 | # Ask user if user identity should be generated | |
98 | ||
9e936326 | 99 | if [ ! -f ${SYSCONFDIR}/passwd ] |
f4ebf0e8 | 100 | then |
9e936326 | 101 | echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" |
f4ebf0e8 | 102 | echo 'first using mkpasswd. Check if it contains an entry for you and' |
103 | echo 'please care for the home directory in your entry as well.' | |
104 | exit 1 | |
105 | fi | |
106 | ||
107 | uid=`id -u` | |
9e936326 | 108 | pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd` |
f4ebf0e8 | 109 | |
110 | if [ "X${pwdhome}" = "X" ] | |
111 | then | |
9e936326 | 112 | echo "There is no home directory set for you in ${SYSCONFDIR}/passwd." |
f4ebf0e8 | 113 | echo 'Setting $HOME is not sufficient!' |
114 | exit 1 | |
115 | fi | |
116 | ||
117 | if [ ! -d "${pwdhome}" ] | |
118 | then | |
9e936326 | 119 | echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" |
f4ebf0e8 | 120 | echo 'but it is not a valid directory. Cannot create user identity files.' |
121 | exit 1 | |
122 | fi | |
123 | ||
124 | # If home is the root dir, set home to empty string to avoid error messages | |
125 | # in subsequent parts of that script. | |
126 | if [ "X${pwdhome}" = "X/" ] | |
127 | then | |
128 | # But first raise a warning! | |
9e936326 | 129 | echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" |
f4ebf0e8 | 130 | if request "Would you like to proceed anyway?" |
131 | then | |
132 | pwdhome='' | |
133 | else | |
134 | exit 1 | |
135 | fi | |
136 | fi | |
137 | ||
9e936326 | 138 | if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] |
139 | then | |
140 | echo | |
141 | echo 'WARNING: group and other have been revoked write permission to your home' | |
142 | echo " directory ${pwdhome}." | |
143 | echo ' This is required by OpenSSH to allow public key authentication using' | |
144 | echo ' the key files stored in your .ssh subdirectory.' | |
145 | echo ' Revert this change ONLY if you know what you are doing!' | |
146 | echo | |
147 | fi | |
148 | ||
f4ebf0e8 | 149 | if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] |
150 | then | |
151 | echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." | |
152 | exit 1 | |
153 | fi | |
154 | ||
155 | if [ ! -e "${pwdhome}/.ssh" ] | |
156 | then | |
157 | mkdir "${pwdhome}/.ssh" | |
158 | if [ ! -e "${pwdhome}/.ssh" ] | |
159 | then | |
160 | echo "Creating users ${pwdhome}/.ssh directory failed" | |
161 | exit 1 | |
162 | fi | |
163 | fi | |
164 | ||
9e936326 | 165 | if [ $_nt -gt 0 ] |
166 | then | |
167 | _user="system" | |
168 | if [ $_nt2003 -gt 0 ] | |
169 | then | |
170 | grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server" | |
171 | fi | |
172 | if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh" | |
173 | then | |
174 | echo "${pwdhome}/.ssh couldn't be given the correct permissions." | |
175 | echo "Please try to solve this problem first." | |
176 | exit 1 | |
177 | fi | |
178 | fi | |
179 | ||
f4ebf0e8 | 180 | if [ ! -f "${pwdhome}/.ssh/identity" ] |
181 | then | |
182 | if request "Shall I create an SSH1 RSA identity file for you?" | |
183 | then | |
184 | echo "Generating ${pwdhome}/.ssh/identity" | |
185 | if [ "${with_passphrase}" = "yes" ] | |
186 | then | |
187 | ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null | |
188 | else | |
189 | ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null | |
190 | fi | |
191 | if request "Do you want to use this identity to login to this machine?" | |
192 | then | |
193 | echo "Adding to ${pwdhome}/.ssh/authorized_keys" | |
194 | cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
195 | fi | |
196 | fi | |
197 | fi | |
198 | ||
199 | if [ ! -f "${pwdhome}/.ssh/id_rsa" ] | |
200 | then | |
b8bc9d84 | 201 | if request "Shall I create an SSH2 RSA identity file for you?" |
f4ebf0e8 | 202 | then |
203 | echo "Generating ${pwdhome}/.ssh/id_rsa" | |
204 | if [ "${with_passphrase}" = "yes" ] | |
205 | then | |
206 | ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
207 | else | |
208 | ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
209 | fi | |
210 | if request "Do you want to use this identity to login to this machine?" | |
211 | then | |
fcd7f067 | 212 | echo "Adding to ${pwdhome}/.ssh/authorized_keys" |
213 | cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
f4ebf0e8 | 214 | fi |
215 | fi | |
216 | fi | |
217 | ||
218 | if [ ! -f "${pwdhome}/.ssh/id_dsa" ] | |
219 | then | |
b8bc9d84 | 220 | if request "Shall I create an SSH2 DSA identity file for you?" |
f4ebf0e8 | 221 | then |
222 | echo "Generating ${pwdhome}/.ssh/id_dsa" | |
223 | if [ "${with_passphrase}" = "yes" ] | |
224 | then | |
225 | ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
226 | else | |
227 | ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
228 | fi | |
229 | if request "Do you want to use this identity to login to this machine?" | |
230 | then | |
fcd7f067 | 231 | echo "Adding to ${pwdhome}/.ssh/authorized_keys" |
232 | cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
f4ebf0e8 | 233 | fi |
234 | fi | |
235 | fi | |
236 | ||
9e936326 | 237 | if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ] |
238 | then | |
239 | if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" | |
240 | then | |
241 | echo | |
242 | echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" | |
243 | echo "failed. Please care for the correct permissions. The minimum requirement" | |
244 | echo "is, the owner and ${_user} both need read permissions." | |
245 | echo | |
246 | fi | |
247 | fi | |
248 | ||
f4ebf0e8 | 249 | echo |
250 | echo "Configuration finished. Have fun!" |