summaryrefslogtreecommitdiff
path: root/contrib/cygwin/ssh-user-config
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
commit87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch)
tree9f4b96055e6ccaa915e8d59d9f2805e9e119371d /contrib/cygwin/ssh-user-config
parenta25ec0b132c44c9e341e08464ff830de06b81126 (diff)
parentef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff)
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'contrib/cygwin/ssh-user-config')
-rw-r--r--contrib/cygwin/ssh-user-config414
1 files changed, 237 insertions, 177 deletions
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 9482efe9e..f210bd556 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,52 +1,235 @@
1#!/bin/sh 1#!/bin/bash
2# 2#
3# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. 3# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
4# 4#
5# This file is part of the Cygwin port of OpenSSH. 5# This file is part of the Cygwin port of OpenSSH.
6 6
7# ======================================================================
8# Initialization
9# ======================================================================
10PROGNAME=$(basename -- $0)
11_tdir=$(dirname -- $0)
12PROGDIR=$(cd $_tdir && pwd)
13
14CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
15
16# Subdirectory where the new package is being installed
17PREFIX=/usr
18
7# Directory where the config files are stored 19# Directory where the config files are stored
8SYSCONFDIR=/etc 20SYSCONFDIR=/etc
9 21
10progname=$0 22source ${CSIH_SCRIPT}
11auto_answer="" 23
12auto_passphrase="no" 24auto_passphrase="no"
13passphrase="" 25passphrase=""
26pwdhome=
27with_passphrase=
28
29# ======================================================================
30# Routine: create_ssh1_identity
31# optionally create ~/.ssh/identity[.pub]
32# optionally add result to ~/.ssh/authorized_keys
33# ======================================================================
34create_ssh1_identity() {
35 if [ ! -f "${pwdhome}/.ssh/identity" ]
36 then
37 if csih_request "Shall I create an SSH1 RSA identity file for you?"
38 then
39 csih_inform "Generating ${pwdhome}/.ssh/identity"
40 if [ "${with_passphrase}" = "yes" ]
41 then
42 ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
43 else
44 ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
45 fi
46 if csih_request "Do you want to use this identity to login to this machine?"
47 then
48 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
49 cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
50 fi
51 fi
52 fi
53} # === End of create_ssh1_identity() === #
54readonly -f create_ssh1_identity
55
56# ======================================================================
57# Routine: create_ssh2_rsa_identity
58# optionally create ~/.ssh/id_rsa[.pub]
59# optionally add result to ~/.ssh/authorized_keys
60# ======================================================================
61create_ssh2_rsa_identity() {
62 if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
63 then
64 if csih_request "Shall I create an SSH2 RSA identity file for you?"
65 then
66 csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
67 if [ "${with_passphrase}" = "yes" ]
68 then
69 ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
70 else
71 ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
72 fi
73 if csih_request "Do you want to use this identity to login to this machine?"
74 then
75 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
76 cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
77 fi
78 fi
79 fi
80} # === End of create_ssh2_rsa_identity() === #
81readonly -f create_ssh2_rsa_identity
82
83# ======================================================================
84# Routine: create_ssh2_dsa_identity
85# optionally create ~/.ssh/id_dsa[.pub]
86# optionally add result to ~/.ssh/authorized_keys
87# ======================================================================
88create_ssh2_dsa_identity() {
89 if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
90 then
91 if csih_request "Shall I create an SSH2 DSA identity file for you?"
92 then
93 csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
94 if [ "${with_passphrase}" = "yes" ]
95 then
96 ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
97 else
98 ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
99 fi
100 if csih_request "Do you want to use this identity to login to this machine?"
101 then
102 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
103 cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
104 fi
105 fi
106 fi
107} # === End of create_ssh2_dsa_identity() === #
108readonly -f create_ssh2_dsa_identity
109
110# ======================================================================
111# Routine: check_user_homedir
112# Perform various checks on the user's home directory
113# SETS GLOBAL VARIABLE:
114# pwdhome
115# ======================================================================
116check_user_homedir() {
117 local uid=$(id -u)
118 pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
119 if [ "X${pwdhome}" = "X" ]
120 then
121 csih_error_multiline \
122 "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
123 'Setting $HOME is not sufficient!'
124 fi
125
126 if [ ! -d "${pwdhome}" ]
127 then
128 csih_error_multiline \
129 "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
130 'but it is not a valid directory. Cannot create user identity files.'
131 fi
132
133 # If home is the root dir, set home to empty string to avoid error messages
134 # in subsequent parts of that script.
135 if [ "X${pwdhome}" = "X/" ]
136 then
137 # But first raise a warning!
138 csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
139 if csih_request "Would you like to proceed anyway?"
140 then
141 pwdhome=''
142 else
143 csih_warning "Exiting. Configuration is not complete"
144 exit 1
145 fi
146 fi
147
148 if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
149 then
150 echo
151 csih_warning 'group and other have been revoked write permission to your home'
152 csih_warning "directory ${pwdhome}."
153 csih_warning 'This is required by OpenSSH to allow public key authentication using'
154 csih_warning 'the key files stored in your .ssh subdirectory.'
155 csih_warning 'Revert this change ONLY if you know what you are doing!'
156 echo
157 fi
158} # === End of check_user_homedir() === #
159readonly -f check_user_homedir
14 160
15request() 161# ======================================================================
16{ 162# Routine: check_user_dot_ssh_dir
17 if [ "${auto_answer}" = "yes" ] 163# Perform various checks on the ~/.ssh directory
164# PREREQUISITE:
165# pwdhome -- check_user_homedir()
166# ======================================================================
167check_user_dot_ssh_dir() {
168 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
18 then 169 then
19 return 0 170 csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
20 elif [ "${auto_answer}" = "no" ] 171 fi
172
173 if [ ! -e "${pwdhome}/.ssh" ]
21 then 174 then
22 return 1 175 mkdir "${pwdhome}/.ssh"
176 if [ ! -e "${pwdhome}/.ssh" ]
177 then
178 csih_error "Creating users ${pwdhome}/.ssh directory failed"
179 fi
23 fi 180 fi
181} # === End of check_user_dot_ssh_dir() === #
182readonly -f check_user_dot_ssh_dir
24 183
25 answer="" 184# ======================================================================
26 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] 185# Routine: fix_authorized_keys_perms
27 do 186# Corrects the permissions of ~/.ssh/authorized_keys
28 echo -n "$1 (yes/no) " 187# PREREQUISITE:
29 read answer 188# pwdhome -- check_user_homedir()
30 done 189# ======================================================================
31 if [ "X${answer}" = "Xyes" ] 190fix_authorized_keys_perms() {
191 if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
32 then 192 then
33 return 0 193 if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
34 else 194 then
35 return 1 195 csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
196 csih_warning "failed. Please care for the correct permissions. The minimum requirement"
197 csih_warning "is, the owner needs read permissions."
198 echo
199 fi
36 fi 200 fi
37} 201} # === End of fix_authorized_keys_perms() === #
202readonly -f fix_authorized_keys_perms
203
204
205# ======================================================================
206# Main Entry Point
207# ======================================================================
38 208
39# Check if running on NT 209# Check how the script has been started. If
40_sys="`uname -a`" 210# (1) it has been started by giving the full path and
41_nt=`expr "$_sys" : "CYGWIN_NT"` 211# that path is /etc/postinstall, OR
42# If running on NT, check if running under 2003 Server or later 212# (2) Otherwise, if the environment variable
43if [ $_nt -gt 0 ] 213# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
214# then set auto_answer to "no". This allows automatic
215# creation of the config files in /etc w/o overwriting
216# them if they already exist. In both cases, color
217# escape sequences are suppressed, so as to prevent
218# cluttering setup's logfiles.
219if [ "$PROGDIR" = "/etc/postinstall" ]
44then 220then
45 _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` 221 csih_auto_answer="no"
222 csih_disable_color
223fi
224if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
225then
226 csih_auto_answer="no"
227 csih_disable_color
46fi 228fi
47 229
48# Check options 230# ======================================================================
49 231# Parse options
232# ======================================================================
50while : 233while :
51do 234do
52 case $# in 235 case $# in
@@ -61,14 +244,15 @@ do
61 case "$option" in 244 case "$option" in
62 -d | --debug ) 245 -d | --debug )
63 set -x 246 set -x
247 csih_trace_on
64 ;; 248 ;;
65 249
66 -y | --yes ) 250 -y | --yes )
67 auto_answer=yes 251 csih_auto_answer=yes
68 ;; 252 ;;
69 253
70 -n | --no ) 254 -n | --no )
71 auto_answer=no 255 csih_auto_answer=no
72 ;; 256 ;;
73 257
74 -p | --passphrase ) 258 -p | --passphrase )
@@ -77,8 +261,12 @@ do
77 shift 261 shift
78 ;; 262 ;;
79 263
264 --privileged )
265 csih_FORCE_PRIVILEGED_USER=yes
266 ;;
267
80 *) 268 *)
81 echo "usage: ${progname} [OPTION]..." 269 echo "usage: ${PROGNAME} [OPTION]..."
82 echo 270 echo
83 echo "This script creates an OpenSSH user configuration." 271 echo "This script creates an OpenSSH user configuration."
84 echo 272 echo
@@ -87,6 +275,8 @@ do
87 echo " --yes -y Answer all questions with \"yes\" automatically." 275 echo " --yes -y Answer all questions with \"yes\" automatically."
88 echo " --no -n Answer all questions with \"no\" automatically." 276 echo " --no -n Answer all questions with \"no\" automatically."
89 echo " --passphrase -p word Use \"word\" as passphrase automatically." 277 echo " --passphrase -p word Use \"word\" as passphrase automatically."
278 echo " --privileged On Windows NT/2k/XP, assume privileged user"
279 echo " instead of LocalSystem for sshd service."
90 echo 280 echo
91 exit 1 281 exit 1
92 ;; 282 ;;
@@ -94,157 +284,27 @@ do
94 esac 284 esac
95done 285done
96 286
97# Ask user if user identity should be generated 287# ======================================================================
288# Action!
289# ======================================================================
98 290
291# Check passwd file
99if [ ! -f ${SYSCONFDIR}/passwd ] 292if [ ! -f ${SYSCONFDIR}/passwd ]
100then 293then
101 echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" 294 csih_error_multiline \
102 echo 'first using mkpasswd. Check if it contains an entry for you and' 295 "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
103 echo 'please care for the home directory in your entry as well.' 296 'first using mkpasswd. Check if it contains an entry for you and' \
104 exit 1 297 'please care for the home directory in your entry as well.'
105fi
106
107uid=`id -u`
108pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
109
110if [ "X${pwdhome}" = "X" ]
111then
112 echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
113 echo 'Setting $HOME is not sufficient!'
114 exit 1
115fi
116
117if [ ! -d "${pwdhome}" ]
118then
119 echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
120 echo 'but it is not a valid directory. Cannot create user identity files.'
121 exit 1
122fi
123
124# If home is the root dir, set home to empty string to avoid error messages
125# in subsequent parts of that script.
126if [ "X${pwdhome}" = "X/" ]
127then
128 # But first raise a warning!
129 echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
130 if request "Would you like to proceed anyway?"
131 then
132 pwdhome=''
133 else
134 exit 1
135 fi
136fi
137
138if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
139then
140 echo
141 echo 'WARNING: group and other have been revoked write permission to your home'
142 echo " directory ${pwdhome}."
143 echo ' This is required by OpenSSH to allow public key authentication using'
144 echo ' the key files stored in your .ssh subdirectory.'
145 echo ' Revert this change ONLY if you know what you are doing!'
146 echo
147fi
148
149if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
150then
151 echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
152 exit 1
153fi
154
155if [ ! -e "${pwdhome}/.ssh" ]
156then
157 mkdir "${pwdhome}/.ssh"
158 if [ ! -e "${pwdhome}/.ssh" ]
159 then
160 echo "Creating users ${pwdhome}/.ssh directory failed"
161 exit 1
162 fi
163fi
164
165if [ $_nt -gt 0 ]
166then
167 _user="system"
168 if [ $_nt2003 -gt 0 ]
169 then
170 grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
171 fi
172 if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
173 then
174 echo "${pwdhome}/.ssh couldn't be given the correct permissions."
175 echo "Please try to solve this problem first."
176 exit 1
177 fi
178fi
179
180if [ ! -f "${pwdhome}/.ssh/identity" ]
181then
182 if request "Shall I create an SSH1 RSA identity file for you?"
183 then
184 echo "Generating ${pwdhome}/.ssh/identity"
185 if [ "${with_passphrase}" = "yes" ]
186 then
187 ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
188 else
189 ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
190 fi
191 if request "Do you want to use this identity to login to this machine?"
192 then
193 echo "Adding to ${pwdhome}/.ssh/authorized_keys"
194 cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
195 fi
196 fi
197fi 298fi
198 299
199if [ ! -f "${pwdhome}/.ssh/id_rsa" ] 300check_user_homedir
200then 301check_user_dot_ssh_dir
201 if request "Shall I create an SSH2 RSA identity file for you?" 302create_ssh1_identity
202 then 303create_ssh2_rsa_identity
203 echo "Generating ${pwdhome}/.ssh/id_rsa" 304create_ssh2_dsa_identity
204 if [ "${with_passphrase}" = "yes" ] 305fix_authorized_keys_perms
205 then
206 ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
207 else
208 ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
209 fi
210 if request "Do you want to use this identity to login to this machine?"
211 then
212 echo "Adding to ${pwdhome}/.ssh/authorized_keys"
213 cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
214 fi
215 fi
216fi
217 306
218if [ ! -f "${pwdhome}/.ssh/id_dsa" ] 307echo
219then 308csih_inform "Configuration finished. Have fun!"
220 if request "Shall I create an SSH2 DSA identity file for you?"
221 then
222 echo "Generating ${pwdhome}/.ssh/id_dsa"
223 if [ "${with_passphrase}" = "yes" ]
224 then
225 ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
226 else
227 ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
228 fi
229 if request "Do you want to use this identity to login to this machine?"
230 then
231 echo "Adding to ${pwdhome}/.ssh/authorized_keys"
232 cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
233 fi
234 fi
235fi
236 309
237if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
238then
239 if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
240 then
241 echo
242 echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
243 echo "failed. Please care for the correct permissions. The minimum requirement"
244 echo "is, the owner and ${_user} both need read permissions."
245 echo
246 fi
247fi
248 310
249echo
250echo "Configuration finished. Have fun!"