diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-01 23:53:30 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-01 23:53:30 +0000 |
commit | df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch) | |
tree | 1aab079441dff9615274769b19f2d734ddf508dd /contrib/cygwin | |
parent | 6ad6994c288662fca6949f42bf91fec2aff00bca (diff) | |
parent | 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff) |
* New upstream release (closes: #536182). Yes, I know 5.3p1 has been out
for a while, but there's no GSSAPI patch available for it yet.
- Change the default cipher order to prefer the AES CTR modes and the
revised "arcfour256" mode to CBC mode ciphers that are susceptible to
CPNI-957037 "Plaintext Recovery Attack Against SSH".
- Add countermeasures to mitigate CPNI-957037-style attacks against the
SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid
packet length or Message Authentication Code, ssh/sshd will continue
reading up to the maximum supported packet length rather than
immediately terminating the connection. This eliminates most of the
known differences in behaviour that leaked information about the
plaintext of injected data which formed the basis of this attack
(closes: #506115, LP: #379329).
- ForceCommand directive now accepts commandline arguments for the
internal-sftp server (closes: #524423, LP: #362511).
- Add AllowAgentForwarding to available Match keywords list (closes:
#540623).
- Make ssh(1) send the correct channel number for
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
avoid triggering 'Non-public channel' error messages on sshd(8) in
openssh-5.1.
- Avoid printing 'Non-public channel' warnings in sshd(8), since the
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a
behaviour introduced in openssh-5.1; closes: #496017).
* Update to GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch,
including cascading credentials support (LP: #416958).
Diffstat (limited to 'contrib/cygwin')
-rw-r--r-- | contrib/cygwin/Makefile | 4 | ||||
-rw-r--r-- | contrib/cygwin/ssh-host-config | 241 |
2 files changed, 125 insertions, 120 deletions
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile index 3e2d26404..2ebd143dc 100644 --- a/contrib/cygwin/Makefile +++ b/contrib/cygwin/Makefile | |||
@@ -38,11 +38,13 @@ install-sshdoc: | |||
38 | $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog | 38 | $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog |
39 | $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE | 39 | $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE |
40 | $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW | 40 | $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW |
41 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL | ||
42 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent | ||
41 | $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README | 43 | $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README |
42 | $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns | 44 | $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns |
45 | $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform | ||
43 | $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep | 46 | $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep |
44 | $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard | 47 | $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard |
45 | $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff | ||
46 | $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO | 48 | $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO |
47 | $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG | 49 | $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG |
48 | 50 | ||
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index bbb6da4c4..57e728fbc 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -25,7 +25,7 @@ source ${CSIH_SCRIPT} | |||
25 | port_number=22 | 25 | port_number=22 |
26 | privsep_configured=no | 26 | privsep_configured=no |
27 | privsep_used=yes | 27 | privsep_used=yes |
28 | cygwin_value="ntsec" | 28 | cygwin_value="" |
29 | password_value= | 29 | password_value= |
30 | 30 | ||
31 | # ====================================================================== | 31 | # ====================================================================== |
@@ -37,13 +37,13 @@ create_host_keys() { | |||
37 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" | 37 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" |
38 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null | 38 | ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null |
39 | fi | 39 | fi |
40 | 40 | ||
41 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] | 41 | if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] |
42 | then | 42 | then |
43 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" | 43 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" |
44 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null | 44 | ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null |
45 | fi | 45 | fi |
46 | 46 | ||
47 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] | 47 | if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] |
48 | then | 48 | then |
49 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" | 49 | csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" |
@@ -75,12 +75,12 @@ update_services_file() { | |||
75 | _spaces=" # " | 75 | _spaces=" # " |
76 | fi | 76 | fi |
77 | _serv_tmp="${_my_etcdir}/srv.out.$$" | 77 | _serv_tmp="${_my_etcdir}/srv.out.$$" |
78 | 78 | ||
79 | mount -t -f "${_win_etcdir}" "${_my_etcdir}" | 79 | mount -o text -f "${_win_etcdir}" "${_my_etcdir}" |
80 | 80 | ||
81 | # Depends on the above mount | 81 | # Depends on the above mount |
82 | _wservices=`cygpath -w "${_services}"` | 82 | _wservices=`cygpath -w "${_services}"` |
83 | 83 | ||
84 | # Remove sshd 22/port from services | 84 | # Remove sshd 22/port from services |
85 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] | 85 | if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] |
86 | then | 86 | then |
@@ -89,16 +89,16 @@ update_services_file() { | |||
89 | then | 89 | then |
90 | if mv "${_serv_tmp}" "${_services}" | 90 | if mv "${_serv_tmp}" "${_services}" |
91 | then | 91 | then |
92 | csih_inform "Removing sshd from ${_wservices}" | 92 | csih_inform "Removing sshd from ${_wservices}" |
93 | else | 93 | else |
94 | csih_warning "Removing sshd from ${_wservices} failed!" | 94 | csih_warning "Removing sshd from ${_wservices} failed!" |
95 | fi | 95 | fi |
96 | rm -f "${_serv_tmp}" | 96 | rm -f "${_serv_tmp}" |
97 | else | 97 | else |
98 | csih_warning "Removing sshd from ${_wservices} failed!" | 98 | csih_warning "Removing sshd from ${_wservices} failed!" |
99 | fi | 99 | fi |
100 | fi | 100 | fi |
101 | 101 | ||
102 | # Add ssh 22/tcp and ssh 22/udp to services | 102 | # Add ssh 22/tcp and ssh 22/udp to services |
103 | if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] | 103 | if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] |
104 | then | 104 | then |
@@ -106,9 +106,9 @@ update_services_file() { | |||
106 | then | 106 | then |
107 | if mv "${_serv_tmp}" "${_services}" | 107 | if mv "${_serv_tmp}" "${_services}" |
108 | then | 108 | then |
109 | csih_inform "Added ssh to ${_wservices}" | 109 | csih_inform "Added ssh to ${_wservices}" |
110 | else | 110 | else |
111 | csih_warning "Adding ssh to ${_wservices} failed!" | 111 | csih_warning "Adding ssh to ${_wservices} failed!" |
112 | fi | 112 | fi |
113 | rm -f "${_serv_tmp}" | 113 | rm -f "${_serv_tmp}" |
114 | else | 114 | else |
@@ -134,16 +134,16 @@ sshd_privsep() { | |||
134 | csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." | 134 | csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." |
135 | if csih_request "Should privilege separation be used?" | 135 | if csih_request "Should privilege separation be used?" |
136 | then | 136 | then |
137 | privsep_used=yes | 137 | privsep_used=yes |
138 | if ! csih_create_unprivileged_user sshd | 138 | if ! csih_create_unprivileged_user sshd |
139 | then | 139 | then |
140 | csih_warning "Couldn't create user 'sshd'!" | 140 | csih_warning "Couldn't create user 'sshd'!" |
141 | csih_warning "Privilege separation set to 'no' again!" | 141 | csih_warning "Privilege separation set to 'no' again!" |
142 | csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" | 142 | csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" |
143 | privsep_used=no | 143 | privsep_used=no |
144 | fi | 144 | fi |
145 | else | 145 | else |
146 | privsep_used=no | 146 | privsep_used=no |
147 | fi | 147 | fi |
148 | else | 148 | else |
149 | # On 9x don't use privilege separation. Since security isn't | 149 | # On 9x don't use privilege separation. Since security isn't |
@@ -151,7 +151,7 @@ sshd_privsep() { | |||
151 | privsep_used=no | 151 | privsep_used=no |
152 | fi | 152 | fi |
153 | fi | 153 | fi |
154 | 154 | ||
155 | # Create default sshd_config from skeleton files in /etc/defaults/etc or | 155 | # Create default sshd_config from skeleton files in /etc/defaults/etc or |
156 | # modify to add the missing privsep configuration option | 156 | # modify to add the missing privsep configuration option |
157 | if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 | 157 | if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 |
@@ -161,8 +161,8 @@ sshd_privsep() { | |||
161 | sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ | 161 | sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ |
162 | s/^#Port 22/Port ${port_number}/ | 162 | s/^#Port 22/Port ${port_number}/ |
163 | s/^#StrictModes yes/StrictModes no/" \ | 163 | s/^#StrictModes yes/StrictModes no/" \ |
164 | < ${SYSCONFDIR}/sshd_config \ | 164 | < ${SYSCONFDIR}/sshd_config \ |
165 | > "${sshdconfig_tmp}" | 165 | > "${sshdconfig_tmp}" |
166 | mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config | 166 | mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config |
167 | elif [ "${privsep_configured}" != "yes" ] | 167 | elif [ "${privsep_configured}" != "yes" ] |
168 | then | 168 | then |
@@ -193,19 +193,19 @@ update_inetd_conf() { | |||
193 | # will be replaced by a file in inetd.d/ | 193 | # will be replaced by a file in inetd.d/ |
194 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] | 194 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] |
195 | then | 195 | then |
196 | grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" | 196 | grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" |
197 | if [ -f "${_inetcnf_tmp}" ] | 197 | if [ -f "${_inetcnf_tmp}" ] |
198 | then | 198 | then |
199 | if mv "${_inetcnf_tmp}" "${_inetcnf}" | 199 | if mv "${_inetcnf_tmp}" "${_inetcnf}" |
200 | then | 200 | then |
201 | csih_inform "Removed ssh[d] from ${_inetcnf}" | 201 | csih_inform "Removed ssh[d] from ${_inetcnf}" |
202 | else | 202 | else |
203 | csih_warning "Removing ssh[d] from ${_inetcnf} failed!" | 203 | csih_warning "Removing ssh[d] from ${_inetcnf} failed!" |
204 | fi | 204 | fi |
205 | rm -f "${_inetcnf_tmp}" | 205 | rm -f "${_inetcnf_tmp}" |
206 | else | 206 | else |
207 | csih_warning "Removing ssh[d] from ${_inetcnf} failed!" | 207 | csih_warning "Removing ssh[d] from ${_inetcnf} failed!" |
208 | fi | 208 | fi |
209 | fi | 209 | fi |
210 | fi | 210 | fi |
211 | 211 | ||
@@ -214,13 +214,13 @@ update_inetd_conf() { | |||
214 | then | 214 | then |
215 | if [ "${_with_comment}" -eq 0 ] | 215 | if [ "${_with_comment}" -eq 0 ] |
216 | then | 216 | then |
217 | sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" | 217 | sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" |
218 | else | 218 | else |
219 | sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" | 219 | sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" |
220 | fi | 220 | fi |
221 | mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" | 221 | mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" |
222 | csih_inform "Updated ${_sshd_inetd_conf}" | 222 | csih_inform "Updated ${_sshd_inetd_conf}" |
223 | fi | 223 | fi |
224 | 224 | ||
225 | elif [ -f "${_inetcnf}" ] | 225 | elif [ -f "${_inetcnf}" ] |
226 | then | 226 | then |
@@ -233,26 +233,26 @@ update_inetd_conf() { | |||
233 | grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" | 233 | grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" |
234 | if [ -f "${_inetcnf_tmp}" ] | 234 | if [ -f "${_inetcnf_tmp}" ] |
235 | then | 235 | then |
236 | if mv "${_inetcnf_tmp}" "${_inetcnf}" | 236 | if mv "${_inetcnf_tmp}" "${_inetcnf}" |
237 | then | 237 | then |
238 | csih_inform "Removed sshd from ${_inetcnf}" | 238 | csih_inform "Removed sshd from ${_inetcnf}" |
239 | else | 239 | else |
240 | csih_warning "Removing sshd from ${_inetcnf} failed!" | 240 | csih_warning "Removing sshd from ${_inetcnf} failed!" |
241 | fi | 241 | fi |
242 | rm -f "${_inetcnf_tmp}" | 242 | rm -f "${_inetcnf_tmp}" |
243 | else | 243 | else |
244 | csih_warning "Removing sshd from ${_inetcnf} failed!" | 244 | csih_warning "Removing sshd from ${_inetcnf} failed!" |
245 | fi | 245 | fi |
246 | fi | 246 | fi |
247 | 247 | ||
248 | # Add ssh line to inetd.conf | 248 | # Add ssh line to inetd.conf |
249 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] | 249 | if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] |
250 | then | 250 | then |
251 | if [ "${_with_comment}" -eq 0 ] | 251 | if [ "${_with_comment}" -eq 0 ] |
252 | then | 252 | then |
253 | echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" | 253 | echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
254 | else | 254 | else |
255 | echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" | 255 | echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" |
256 | fi | 256 | fi |
257 | csih_inform "Added ssh to ${_inetcnf}" | 257 | csih_inform "Added ssh to ${_inetcnf}" |
258 | fi | 258 | fi |
@@ -278,80 +278,83 @@ install_service() { | |||
278 | echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" | 278 | echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" |
279 | if csih_request "(Say \"no\" if it is already installed as a service)" | 279 | if csih_request "(Say \"no\" if it is already installed as a service)" |
280 | then | 280 | then |
281 | csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\"" | 281 | csih_get_cygenv "${cygwin_value}" |
282 | csih_inform "for sshd to be able to change user context without password." | 282 | |
283 | csih_get_cygenv "${cygwin_value}" | 283 | if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) |
284 | 284 | then | |
285 | if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) | 285 | csih_inform "On Windows Server 2003, Windows Vista, and above, the" |
286 | then | 286 | csih_inform "SYSTEM account cannot setuid to other users -- a capability" |
287 | csih_inform "On Windows Server 2003, Windows Vista, and above, the" | 287 | csih_inform "sshd requires. You need to have or to create a privileged" |
288 | csih_inform "SYSTEM account cannot setuid to other users -- a capability" | 288 | csih_inform "account. This script will help you do so." |
289 | csih_inform "sshd requires. You need to have or to create a privileged" | 289 | echo |
290 | csih_inform "account. This script will help you do so." | 290 | if ! csih_create_privileged_user "${password_value}" |
291 | echo | 291 | then |
292 | if ! csih_create_privileged_user "${password_value}" | 292 | csih_error_recoverable "There was a serious problem creating a privileged user." |
293 | then | 293 | csih_request "Do you want to proceed anyway?" || exit 1 |
294 | csih_error_recoverable "There was a serious problem creating a privileged user." | 294 | fi |
295 | csih_request "Do you want to proceed anyway?" || exit 1 | 295 | fi |
296 | fi | 296 | |
297 | fi | 297 | # never returns empty if NT or above |
298 | 298 | run_service_as=$(csih_service_should_run_as) | |
299 | # never returns empty if NT or above | 299 | |
300 | run_service_as=$(csih_service_should_run_as) | 300 | if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] |
301 | 301 | then | |
302 | if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] | 302 | password="${csih_PRIVILEGED_PASSWORD}" |
303 | then | 303 | if [ -z "${password}" ] |
304 | password="${csih_PRIVILEGED_PASSWORD}" | 304 | then |
305 | if [ -z "${password}" ] | 305 | csih_get_value "Please enter the password for user '${run_service_as}':" "-s" |
306 | then | 306 | password="${csih_value}" |
307 | csih_get_value "Please enter the password for user '${run_service_as}':" "-s" | 307 | fi |
308 | password="${csih_value}" | 308 | fi |
309 | fi | 309 | |
310 | fi | 310 | # at this point, we either have $run_service_as = "system" and $password is empty, |
311 | 311 | # or $run_service_as is some privileged user and (hopefully) $password contains | |
312 | # at this point, we either have $run_service_as = "system" and $password is empty, | 312 | # the correct password. So, from here out, we use '-z "${password}"' to discriminate |
313 | # or $run_service_as is some privileged user and (hopefully) $password contains | 313 | # the two cases. |
314 | # the correct password. So, from here out, we use '-z "${password}"' to discriminate | 314 | |
315 | # the two cases. | 315 | csih_check_user "${run_service_as}" |
316 | 316 | ||
317 | csih_check_user "${run_service_as}" | 317 | if [ -n "${csih_cygenv}" ] |
318 | 318 | then | |
319 | if [ -z "${password}" ] | 319 | cygwin_env="-e CYGWIN=\"${csih_cygenv}\"" |
320 | then | 320 | fi |
321 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ | 321 | if [ -z "${password}" ] |
322 | -e CYGWIN="${csih_cygenv}" | 322 | then |
323 | then | 323 | if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \ |
324 | echo | 324 | -a "-D" -y tcpip ${cygwin_env} |
325 | csih_inform "The sshd service has been installed under the LocalSystem" | 325 | then |
326 | csih_inform "account (also known as SYSTEM). To start the service now, call" | 326 | echo |
327 | csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" | 327 | csih_inform "The sshd service has been installed under the LocalSystem" |
328 | csih_inform "will start automatically after the next reboot." | 328 | csih_inform "account (also known as SYSTEM). To start the service now, call" |
329 | fi | 329 | csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" |
330 | else | 330 | csih_inform "will start automatically after the next reboot." |
331 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ | 331 | fi |
332 | -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}" | 332 | else |
333 | then | 333 | if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \ |
334 | -a "-D" -y tcpip ${cygwin_env} \ | ||
335 | -u "${run_service_as}" -w "${password}" | ||
336 | then | ||
334 | echo | 337 | echo |
335 | csih_inform "The sshd service has been installed under the '${run_service_as}'" | 338 | csih_inform "The sshd service has been installed under the '${run_service_as}'" |
336 | csih_inform "account. To start the service now, call \`net start sshd' or" | 339 | csih_inform "account. To start the service now, call \`net start sshd' or" |
337 | csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" | 340 | csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" |
338 | csih_inform "after the next reboot." | 341 | csih_inform "after the next reboot." |
339 | fi | 342 | fi |
340 | fi | 343 | fi |
341 | 344 | ||
342 | # now, if successfully installed, set ownership of the affected files | 345 | # now, if successfully installed, set ownership of the affected files |
343 | if cygrunsrv -Q sshd >/dev/null 2>&1 | 346 | if cygrunsrv -Q sshd >/dev/null 2>&1 |
344 | then | 347 | then |
345 | chown "${run_service_as}" ${SYSCONFDIR}/ssh* | 348 | chown "${run_service_as}" ${SYSCONFDIR}/ssh* |
346 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty | 349 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty |
347 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog | 350 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog |
348 | if [ -f ${LOCALSTATEDIR}/log/sshd.log ] | 351 | if [ -f ${LOCALSTATEDIR}/log/sshd.log ] |
349 | then | 352 | then |
350 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log | 353 | chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log |
351 | fi | 354 | fi |
352 | else | 355 | else |
353 | csih_warning "Something went wrong installing the sshd service." | 356 | csih_warning "Something went wrong installing the sshd service." |
354 | fi | 357 | fi |
355 | fi # user allowed us to install as service | 358 | fi # user allowed us to install as service |
356 | fi # service not yet installed | 359 | fi # service not yet installed |
357 | fi # csih_is_nt | 360 | fi # csih_is_nt |
@@ -456,7 +459,7 @@ done | |||
456 | 459 | ||
457 | # Check for running ssh/sshd processes first. Refuse to do anything while | 460 | # Check for running ssh/sshd processes first. Refuse to do anything while |
458 | # some ssh processes are still running | 461 | # some ssh processes are still running |
459 | if ps -ef | grep -v grep | grep -q ssh | 462 | if ps -ef | grep -q '/sshd\?$' |
460 | then | 463 | then |
461 | echo | 464 | echo |
462 | csih_error "There are still ssh processes running. Please shut them down first." | 465 | csih_error "There are still ssh processes running. Please shut them down first." |
@@ -475,9 +478,9 @@ setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" | |||
475 | # Create /var/log/lastlog if not already exists | 478 | # Create /var/log/lastlog if not already exists |
476 | if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] | 479 | if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] |
477 | then | 480 | then |
478 | echo | 481 | echo |
479 | csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \ | 482 | csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \ |
480 | "Cannot create ssh host configuration." | 483 | "Cannot create ssh host configuration." |
481 | fi | 484 | fi |
482 | if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] | 485 | if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] |
483 | then | 486 | then |
@@ -520,7 +523,7 @@ sshd_privsep | |||
520 | 523 | ||
521 | 524 | ||
522 | 525 | ||
523 | update_services_file | 526 | update_services_file |
524 | update_inetd_conf | 527 | update_inetd_conf |
525 | install_service | 528 | install_service |
526 | 529 | ||