[openssh.git] / contrib / cygwin / ssh-user-config

#!/bin/sh
#
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

# Directory where the config files are stored
SYSCONFDIR=/etc

progname=$0
auto_answer=""
auto_passphrase="no"
passphrase=""

request()
{
  if [ "${auto_answer}" = "yes" ]
  then
    return 0
  elif [ "${auto_answer}" = "no" ]
  then
    return 1
  fi

  answer=""
  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
  do
    echo -n "$1 (yes/no) "
    read answer
  done
  if [ "X${answer}" = "Xyes" ]
  then
    return 0
  else
    return 1
  fi
}

# Check if running on NT
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
# If running on NT, check if running under 2003 Server or later
if [ $_nt -gt 0 ]
then
  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
fi

# Check options

while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    ;;

  -y | --yes )
    auto_answer=yes
    ;;

  -n | --no )
    auto_answer=no
    ;;

  -p | --passphrase )
    with_passphrase="yes"
    passphrase=$1
    shift
    ;;

  *)
    echo "usage: ${progname} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
    echo "Options:"
    echo "    --debug      -d        Enable shell's debug output."
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
    echo
    exit 1
    ;;

  esac
done

# Ask user if user identity should be generated

if [ ! -f ${SYSCONFDIR}/passwd ]
then
  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
  echo 'first using mkpasswd. Check if it contains an entry for you and'
  echo 'please care for the home directory in your entry as well.'
  exit 1
fi

uid=`id -u`
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`

if [ "X${pwdhome}" = "X" ]
then
  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
  echo 'Setting $HOME is not sufficient!'
  exit 1
fi

if [ ! -d "${pwdhome}" ]
then
  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
  echo 'but it is not a valid directory. Cannot create user identity files.'
  exit 1
fi

# If home is the root dir, set home to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${pwdhome}" = "X/" ]
then
  # But first raise a warning!
  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
  if request "Would you like to proceed anyway?"
  then
    pwdhome=''
  else
    exit 1
  fi
fi

if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
then
  echo
  echo 'WARNING: group and other have been revoked write permission to your home'
  echo "         directory ${pwdhome}."
  echo '         This is required by OpenSSH to allow public key authentication using'
  echo '         the key files stored in your .ssh subdirectory.'
  echo '         Revert this change ONLY if you know what you are doing!'
  echo
fi

if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
  exit 1
fi

if [ ! -e "${pwdhome}/.ssh" ]
then
  mkdir "${pwdhome}/.ssh"
  if [ ! -e "${pwdhome}/.ssh" ]
  then
    echo "Creating users ${pwdhome}/.ssh directory failed"
    exit 1
  fi
fi

if [ $_nt -gt 0 ]
then
  _user="system"
  if [ $_nt2003 -gt 0 ]
  then
    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
  fi
  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
  then
    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
    echo "Please try to solve this problem first."
    exit 1
  fi
fi

if [ ! -f "${pwdhome}/.ssh/identity" ]
then
  if request "Shall I create an SSH1 RSA identity file for you?"
  then
    echo "Generating ${pwdhome}/.ssh/identity"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
    else
      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
then
  if request "Shall I create an SSH2 RSA identity file for you?"
  then
    echo "Generating ${pwdhome}/.ssh/id_rsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    else
      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
then
  if request "Shall I create an SSH2 DSA identity file for you?"
  then
    echo "Generating ${pwdhome}/.ssh/id_dsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    else
      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
then
  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
  then
    echo
    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
    echo "failed.  Please care for the correct permissions.  The minimum requirement"
    echo "is, the owner and ${_user} both need read permissions."
    echo
  fi
fi

echo
echo "Configuration finished. Have fun!"
Commit	Line	Data
f4ebf0e8	1	#!/bin/sh
f4ebf0e8	2	#
9e936326	3	# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
f4ebf0e8	4	#
	5	# This file is part of the Cygwin port of OpenSSH.
	6
9e936326	7	# Directory where the config files are stored
	8	SYSCONFDIR=/etc
	9
f4ebf0e8	10	progname=$0
	11	auto_answer=""
	12	auto_passphrase="no"
	13	passphrase=""
	14
	15	request()
	16	{
	17	if [ "${auto_answer}" = "yes" ]
	18	then
	19	return 0
	20	elif [ "${auto_answer}" = "no" ]
	21	then
	22	return 1
	23	fi
	24
	25	answer=""
	26	while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
	27	do
	28	echo -n "$1 (yes/no) "
	29	read answer
	30	done
	31	if [ "X${answer}" = "Xyes" ]
	32	then
	33	return 0
	34	else
	35	return 1
	36	fi
	37	}
	38
9e936326	39	# Check if running on NT
	40	_sys="`uname -a`"
	41	_nt=`expr "$_sys" : "CYGWIN_NT"`
	42	# If running on NT, check if running under 2003 Server or later
	43	if [ $_nt -gt 0 ]
	44	then
	45	_nt2003=`uname \| awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
	46	fi
	47
f4ebf0e8	48	# Check options
	49
	50	while :
	51	do
	52	case $# in
	53	0)
	54	break
	55	;;
	56	esac
	57
	58	option=$1
	59	shift
	60
	61	case "$option" in
	62	-d \| --debug )
	63	set -x
	64	;;
	65
	66	-y \| --yes )
	67	auto_answer=yes
	68	;;
	69
	70	-n \| --no )
	71	auto_answer=no
	72	;;
	73
	74	-p \| --passphrase )
	75	with_passphrase="yes"
	76	passphrase=$1
	77	shift
	78	;;
	79
	80	*)
	81	echo "usage: ${progname} [OPTION]..."
	82	echo
	83	echo "This script creates an OpenSSH user configuration."
	84	echo
	85	echo "Options:"
	86	echo " --debug -d Enable shell's debug output."
	87	echo " --yes -y Answer all questions with \"yes\" automatically."
	88	echo " --no -n Answer all questions with \"no\" automatically."
	89	echo " --passphrase -p word Use \"word\" as passphrase automatically."
	90	echo
	91	exit 1
	92	;;
	93
	94	esac
	95	done
	96
	97	# Ask user if user identity should be generated
	98
9e936326	99	if [ ! -f ${SYSCONFDIR}/passwd ]
f4ebf0e8	100	then
9e936326	101	echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
f4ebf0e8	102	echo 'first using mkpasswd. Check if it contains an entry for you and'
	103	echo 'please care for the home directory in your entry as well.'
	104	exit 1
	105	fi
	106
	107	uid=`id -u`
9e936326	108	pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
f4ebf0e8	109
	110	if [ "X${pwdhome}" = "X" ]
	111	then
9e936326	112	echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
f4ebf0e8	113	echo 'Setting $HOME is not sufficient!'
	114	exit 1
	115	fi
	116
	117	if [ ! -d "${pwdhome}" ]
	118	then
9e936326	119	echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
f4ebf0e8	120	echo 'but it is not a valid directory. Cannot create user identity files.'
	121	exit 1
	122	fi
	123
	124	# If home is the root dir, set home to empty string to avoid error messages
	125	# in subsequent parts of that script.
	126	if [ "X${pwdhome}" = "X/" ]
	127	then
	128	# But first raise a warning!
9e936326	129	echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
f4ebf0e8	130	if request "Would you like to proceed anyway?"
	131	then
	132	pwdhome=''
	133	else
	134	exit 1
	135	fi
	136	fi
	137
9e936326	138	if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
	139	then
	140	echo
	141	echo 'WARNING: group and other have been revoked write permission to your home'
	142	echo " directory ${pwdhome}."
	143	echo ' This is required by OpenSSH to allow public key authentication using'
	144	echo ' the key files stored in your .ssh subdirectory.'
	145	echo ' Revert this change ONLY if you know what you are doing!'
	146	echo
	147	fi
	148
f4ebf0e8	149	if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
	150	then
	151	echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
	152	exit 1
	153	fi
	154
	155	if [ ! -e "${pwdhome}/.ssh" ]
	156	then
	157	mkdir "${pwdhome}/.ssh"
	158	if [ ! -e "${pwdhome}/.ssh" ]
	159	then
	160	echo "Creating users ${pwdhome}/.ssh directory failed"
	161	exit 1
	162	fi
	163	fi
	164
9e936326	165	if [ $_nt -gt 0 ]
	166	then
	167	_user="system"
	168	if [ $_nt2003 -gt 0 ]
	169	then
	170	grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
	171	fi
	172	if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
	173	then
	174	echo "${pwdhome}/.ssh couldn't be given the correct permissions."
	175	echo "Please try to solve this problem first."
	176	exit 1
	177	fi
	178	fi
	179
f4ebf0e8	180	if [ ! -f "${pwdhome}/.ssh/identity" ]
	181	then
	182	if request "Shall I create an SSH1 RSA identity file for you?"
	183	then
	184	echo "Generating ${pwdhome}/.ssh/identity"
	185	if [ "${with_passphrase}" = "yes" ]
	186	then
	187	ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
	188	else
	189	ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
	190	fi
	191	if request "Do you want to use this identity to login to this machine?"
	192	then
	193	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
	194	cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
	195	fi
	196	fi
	197	fi
	198
	199	if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
	200	then
b8bc9d84	201	if request "Shall I create an SSH2 RSA identity file for you?"
f4ebf0e8	202	then
	203	echo "Generating ${pwdhome}/.ssh/id_rsa"
	204	if [ "${with_passphrase}" = "yes" ]
	205	then
	206	ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
	207	else
	208	ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
	209	fi
	210	if request "Do you want to use this identity to login to this machine?"
	211	then
fcd7f067	212	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
fcd7f067	213	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
f4ebf0e8	214	fi
	215	fi
	216	fi
	217
	218	if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
	219	then
b8bc9d84	220	if request "Shall I create an SSH2 DSA identity file for you?"
f4ebf0e8	221	then
	222	echo "Generating ${pwdhome}/.ssh/id_dsa"
	223	if [ "${with_passphrase}" = "yes" ]
	224	then
	225	ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
	226	else
	227	ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
	228	fi
	229	if request "Do you want to use this identity to login to this machine?"
	230	then
fcd7f067	231	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
fcd7f067	232	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
f4ebf0e8	233	fi
	234	fi
	235	fi
	236
9e936326	237	if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
	238	then
	239	if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
	240	then
	241	echo
	242	echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
	243	echo "failed. Please care for the correct permissions. The minimum requirement"
	244	echo "is, the owner and ${_user} both need read permissions."
	245	echo
	246	fi
	247	fi
	248
f4ebf0e8	249	echo
f4ebf0e8	250	echo "Configuration finished. Have fun!"