diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-01-19 05:37:32 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-01-19 05:37:32 +0000 |
commit | b100ec95429daa986cb31834e462083adc22e8b6 (patch) | |
tree | 74ea3e32b28515b06a090880c7499113906a93aa /contrib/cygwin/ssh-host-config | |
parent | 22e22bf9bab94862c860ad4ed652f308dda63f81 (diff) |
- (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
Also removed some of the 'ISSUES' comments that have been verified by djm.
Diffstat (limited to 'contrib/cygwin/ssh-host-config')
-rw-r--r-- | contrib/cygwin/ssh-host-config | 384 |
1 files changed, 384 insertions, 0 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config new file mode 100644 index 000000000..6fe2c7795 --- /dev/null +++ b/contrib/cygwin/ssh-host-config | |||
@@ -0,0 +1,384 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # ssh-host-config, Copyright 2000, Red Hat Inc. | ||
4 | # | ||
5 | # This file is part of the Cygwin port of OpenSSH. | ||
6 | |||
7 | # Subdirectory where the new package is being installed | ||
8 | PREFIX=/usr | ||
9 | |||
10 | # Directory where the config files are stored | ||
11 | SYSCONFDIR=/etc | ||
12 | |||
13 | # Subdirectory where an old package might be installed | ||
14 | OLDPREFIX=/usr/local | ||
15 | OLDSYSCONFDIR=${OLDPREFIX}/etc | ||
16 | |||
17 | progname=$0 | ||
18 | auto_answer="" | ||
19 | |||
20 | request() | ||
21 | { | ||
22 | if [ "${auto_answer}" = "yes" ] | ||
23 | then | ||
24 | return 0 | ||
25 | elif [ "${auto_answer}" = "no" ] | ||
26 | then | ||
27 | return 1 | ||
28 | fi | ||
29 | |||
30 | answer="" | ||
31 | while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] | ||
32 | do | ||
33 | echo -n "$1 (yes/no) " | ||
34 | read answer | ||
35 | done | ||
36 | if [ "X${answer}" = "Xyes" ] | ||
37 | then | ||
38 | return 0 | ||
39 | else | ||
40 | return 1 | ||
41 | fi | ||
42 | } | ||
43 | |||
44 | # Check options | ||
45 | |||
46 | while : | ||
47 | do | ||
48 | case $# in | ||
49 | 0) | ||
50 | break | ||
51 | ;; | ||
52 | esac | ||
53 | |||
54 | option=$1 | ||
55 | shift | ||
56 | |||
57 | case "$option" in | ||
58 | -d | --debug ) | ||
59 | set -x | ||
60 | ;; | ||
61 | |||
62 | -y | --yes ) | ||
63 | auto_answer=yes | ||
64 | ;; | ||
65 | |||
66 | -n | --no ) | ||
67 | auto_answer=no | ||
68 | ;; | ||
69 | |||
70 | *) | ||
71 | echo "usage: ${progname} [OPTION]..." | ||
72 | echo | ||
73 | echo "This script creates an OpenSSH host configuration." | ||
74 | echo | ||
75 | echo "Options:" | ||
76 | echo " --debug -d Enable shell's debug output." | ||
77 | echo " --yes -y Answer all questions with \"yes\" automatically." | ||
78 | echo " --no -n Answer all questions with \"no\" automatically." | ||
79 | echo | ||
80 | exit 1 | ||
81 | ;; | ||
82 | |||
83 | esac | ||
84 | done | ||
85 | |||
86 | # Check for running ssh/sshd processes first. Refuse to do anything while | ||
87 | # some ssh processes are still running | ||
88 | |||
89 | if ps -ef | grep -v grep | grep -q ssh | ||
90 | then | ||
91 | echo | ||
92 | echo "There are still ssh processes running. Please shut them down first." | ||
93 | echo | ||
94 | exit 1 | ||
95 | fi | ||
96 | |||
97 | # Check for ${SYSCONFDIR} directory | ||
98 | |||
99 | if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] | ||
100 | then | ||
101 | echo | ||
102 | echo "${SYSCONFDIR} is existant but not a directory." | ||
103 | echo "Cannot create global configuration files." | ||
104 | echo | ||
105 | exit 1 | ||
106 | fi | ||
107 | |||
108 | # Create it if necessary | ||
109 | |||
110 | if [ ! -e "${SYSCONFDIR}" ] | ||
111 | then | ||
112 | mkdir "${SYSCONFDIR}" | ||
113 | if [ ! -e "${SYSCONFDIR}" ] | ||
114 | then | ||
115 | echo | ||
116 | echo "Creating ${SYSCONFDIR} directory failed" | ||
117 | echo | ||
118 | exit 1 | ||
119 | fi | ||
120 | fi | ||
121 | |||
122 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't | ||
123 | # the same as ${PREFIX} | ||
124 | |||
125 | old_install=0 | ||
126 | if [ "${OLDPREFIX}" != "${PREFIX}" ] | ||
127 | then | ||
128 | if [ -f "${OLDPREFIX}/sbin/sshd" ] | ||
129 | then | ||
130 | echo | ||
131 | echo "You seem to have an older installation in ${OLDPREFIX}." | ||
132 | echo | ||
133 | # Check if old global configuration files exist | ||
134 | if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] | ||
135 | then | ||
136 | if request "Do you want to copy your config files to your new installation?" | ||
137 | then | ||
138 | cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} | ||
139 | cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} | ||
140 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} | ||
141 | cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} | ||
142 | cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} | ||
143 | cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} | ||
144 | fi | ||
145 | fi | ||
146 | if request "Do you want to erase your old installation?" | ||
147 | then | ||
148 | rm -f ${OLDPREFIX}/bin/ssh.exe | ||
149 | rm -f ${OLDPREFIX}/bin/ssh-config | ||
150 | rm -f ${OLDPREFIX}/bin/scp.exe | ||
151 | rm -f ${OLDPREFIX}/bin/ssh-add.exe | ||
152 | rm -f ${OLDPREFIX}/bin/ssh-agent.exe | ||
153 | rm -f ${OLDPREFIX}/bin/ssh-keygen.exe | ||
154 | rm -f ${OLDPREFIX}/bin/slogin | ||
155 | rm -f ${OLDSYSCONFDIR}/ssh_host_key | ||
156 | rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub | ||
157 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key | ||
158 | rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub | ||
159 | rm -f ${OLDSYSCONFDIR}/ssh_config | ||
160 | rm -f ${OLDSYSCONFDIR}/sshd_config | ||
161 | rm -f ${OLDPREFIX}/man/man1/ssh.1 | ||
162 | rm -f ${OLDPREFIX}/man/man1/scp.1 | ||
163 | rm -f ${OLDPREFIX}/man/man1/ssh-add.1 | ||
164 | rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 | ||
165 | rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 | ||
166 | rm -f ${OLDPREFIX}/man/man1/slogin.1 | ||
167 | rm -f ${OLDPREFIX}/man/man8/sshd.8 | ||
168 | rm -f ${OLDPREFIX}/sbin/sshd.exe | ||
169 | rm -f ${OLDPREFIX}/sbin/sftp-server.exe | ||
170 | fi | ||
171 | old_install=1 | ||
172 | fi | ||
173 | fi | ||
174 | |||
175 | # First generate host keys if not already existing | ||
176 | |||
177 | if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] | ||
178 | then | ||
179 | echo "Generating ${SYSCONFDIR}/ssh_host_key" | ||
180 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null | ||
181 | fi | ||
182 | |||
183 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] | ||
184 | then | ||
185 | echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" | ||
186 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null | ||
187 | fi | ||
188 | |||
189 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] | ||
190 | then | ||
191 | echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" | ||
192 | ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null | ||
193 | fi | ||
194 | |||
195 | # Check if ssh_config exists. If yes, ask for overwriting | ||
196 | |||
197 | if [ -f "${SYSCONFDIR}/ssh_config" ] | ||
198 | then | ||
199 | if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" | ||
200 | then | ||
201 | rm -f "${SYSCONFDIR}/ssh_config" | ||
202 | if [ -f "${SYSCONFDIR}/ssh_config" ] | ||
203 | then | ||
204 | echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." | ||
205 | fi | ||
206 | fi | ||
207 | fi | ||
208 | |||
209 | # Create default ssh_config from here script | ||
210 | |||
211 | if [ ! -f "${SYSCONFDIR}/ssh_config" ] | ||
212 | then | ||
213 | echo "Generating ${SYSCONFDIR}/ssh_config file" | ||
214 | cat > ${SYSCONFDIR}/ssh_config << EOF | ||
215 | # This is ssh client systemwide configuration file. This file provides | ||
216 | # defaults for users, and the values can be changed in per-user configuration | ||
217 | # files or on the command line. | ||
218 | |||
219 | # Configuration data is parsed as follows: | ||
220 | # 1. command line options | ||
221 | # 2. user-specific file | ||
222 | # 3. system-wide file | ||
223 | # Any configuration value is only changed the first time it is set. | ||
224 | # Thus, host-specific definitions should be at the beginning of the | ||
225 | # configuration file, and defaults at the end. | ||
226 | |||
227 | # Site-wide defaults for various options | ||
228 | |||
229 | # Host * | ||
230 | # ForwardAgent yes | ||
231 | # ForwardX11 yes | ||
232 | # RhostsAuthentication yes | ||
233 | # RhostsRSAAuthentication yes | ||
234 | # RSAAuthentication yes | ||
235 | # PasswordAuthentication yes | ||
236 | # FallBackToRsh no | ||
237 | # UseRsh no | ||
238 | # BatchMode no | ||
239 | # CheckHostIP yes | ||
240 | # StrictHostKeyChecking no | ||
241 | # Port 22 | ||
242 | # Protocol 2,1 | ||
243 | # Cipher 3des | ||
244 | # EscapeChar ~ | ||
245 | |||
246 | # Be paranoid by default | ||
247 | Host * | ||
248 | ForwardAgent no | ||
249 | ForwardX11 no | ||
250 | FallBackToRsh no | ||
251 | |||
252 | # Try authentification with the following identities | ||
253 | IdentityFile ~/.ssh/identity | ||
254 | IdentityFile ~/.ssh/id_rsa | ||
255 | IdentityFile ~/.ssh/id_dsa | ||
256 | EOF | ||
257 | fi | ||
258 | |||
259 | # Check if sshd_config exists. If yes, ask for overwriting | ||
260 | |||
261 | if [ -f "${SYSCONFDIR}/sshd_config" ] | ||
262 | then | ||
263 | if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" | ||
264 | then | ||
265 | rm -f "${SYSCONFDIR}/sshd_config" | ||
266 | if [ -f "${SYSCONFDIR}/sshd_config" ] | ||
267 | then | ||
268 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." | ||
269 | fi | ||
270 | fi | ||
271 | fi | ||
272 | |||
273 | # Create default sshd_config from here script | ||
274 | |||
275 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] | ||
276 | then | ||
277 | echo "Generating ${SYSCONFDIR}/sshd_config file" | ||
278 | cat > ${SYSCONFDIR}/sshd_config << EOF | ||
279 | # This is ssh server systemwide configuration file. | ||
280 | |||
281 | Port 22 | ||
282 | # | ||
283 | Protocol 2,1 | ||
284 | ListenAddress 0.0.0.0 | ||
285 | #ListenAddress :: | ||
286 | # | ||
287 | # Uncomment the following lines according to the used authentication | ||
288 | HostKey /etc/ssh_host_key | ||
289 | HostKey /etc/ssh_host_rsa_key | ||
290 | HostKey /etc/ssh_host_dsa_key | ||
291 | ServerKeyBits 768 | ||
292 | LoginGraceTime 600 | ||
293 | KeyRegenerationInterval 3600 | ||
294 | PermitRootLogin yes | ||
295 | # | ||
296 | # Don't read ~/.rhosts and ~/.shosts files | ||
297 | IgnoreRhosts yes | ||
298 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | ||
299 | #IgnoreUserKnownHosts yes | ||
300 | StrictModes yes | ||
301 | X11Forwarding no | ||
302 | X11DisplayOffset 10 | ||
303 | PrintMotd yes | ||
304 | KeepAlive yes | ||
305 | |||
306 | # Logging | ||
307 | SyslogFacility AUTH | ||
308 | LogLevel INFO | ||
309 | #obsoletes QuietMode and FascistLogging | ||
310 | |||
311 | RhostsAuthentication no | ||
312 | # | ||
313 | # For this to work you will also need host keys in /etc/ssh_known_hosts | ||
314 | RhostsRSAAuthentication no | ||
315 | |||
316 | # To install for logon to different user accounts change to "no" here | ||
317 | RSAAuthentication yes | ||
318 | |||
319 | # To install for logon to different user accounts change to "yes" here | ||
320 | PasswordAuthentication no | ||
321 | |||
322 | PermitEmptyPasswords no | ||
323 | |||
324 | CheckMail no | ||
325 | UseLogin no | ||
326 | |||
327 | #Uncomment if you want to enable sftp | ||
328 | #Subsystem sftp /usr/sbin/sftp-server | ||
329 | #MaxStartups 10:30:60 | ||
330 | EOF | ||
331 | fi | ||
332 | |||
333 | # Add port 22/tcp to services | ||
334 | _sys="`uname -a`" | ||
335 | _nt=`expr "$_sys" : "CYGWIN_NT"` | ||
336 | if [ $_nt -gt 0 ] | ||
337 | then | ||
338 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" | ||
339 | _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" | ||
340 | else | ||
341 | _wservices="${WINDIR}\\SERVICES" | ||
342 | _wserv_tmp="${WINDIR}\\SERV.$$" | ||
343 | fi | ||
344 | _services=`cygpath -u "${_wservices}"` | ||
345 | _serv_tmp=`cygpath -u "${_wserv_tmp}"` | ||
346 | |||
347 | mount -b -f "${_wservices}" "${_services}" | ||
348 | mount -b -f "${_wserv_tmp}" "${_serv_tmp}" | ||
349 | |||
350 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] | ||
351 | then | ||
352 | awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}" | ||
353 | if [ -f "${_serv_tmp}" ] | ||
354 | then | ||
355 | if mv "${_serv_tmp}" "${_services}" | ||
356 | then | ||
357 | echo "Added sshd to ${_services}" | ||
358 | else | ||
359 | echo "Adding sshd to ${_services} failed\!" | ||
360 | fi | ||
361 | rm -f "${_serv_tmp}" | ||
362 | else | ||
363 | echo "Adding sshd to ${_services} failed\!" | ||
364 | fi | ||
365 | fi | ||
366 | |||
367 | umount "${_services}" | ||
368 | umount "${_serv_tmp}" | ||
369 | |||
370 | # Add sshd line to inetd.conf | ||
371 | if [ -f /etc/inetd.conf ] | ||
372 | then | ||
373 | grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf | ||
374 | fi | ||
375 | |||
376 | if [ "${old_install}" = "1" ] | ||
377 | then | ||
378 | echo | ||
379 | echo "Note: If you have used sshd as service or from inetd, don't forget to" | ||
380 | echo " change the path to sshd.exe in the service entry or in inetd.conf." | ||
381 | fi | ||
382 | |||
383 | echo | ||
384 | echo "Host configuration finished. Have fun!" | ||