summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--contrib/cygwin/ssh-host-config218
2 files changed, 111 insertions, 110 deletions
diff --git a/ChangeLog b/ChangeLog
index affb5e501..abb2f7bf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
3 If the CYGWIN environment variable is empty, the installer script 3 If the CYGWIN environment variable is empty, the installer script
4 should not install the service with an empty CYGWIN variable, but 4 should not install the service with an empty CYGWIN variable, but
5 rather without setting CYGWNI entirely. 5 rather without setting CYGWNI entirely.
6 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.
6 7
720090128 820090128
8 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. 9 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
@@ -5108,5 +5109,5 @@
5108 OpenServer 6 and add osr5bigcrypt support so when someone migrates 5109 OpenServer 6 and add osr5bigcrypt support so when someone migrates
5109 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 5110 passwords between UnixWare and OpenServer they will still work. OK dtucker@
5110 5111
5111$Id: ChangeLog,v 1.5181 2009/01/29 20:30:01 tim Exp $ 5112$Id: ChangeLog,v 1.5182 2009/01/29 20:40:30 tim Exp $
5112 5113
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index ec03f163d..57e728fbc 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -37,13 +37,13 @@ create_host_keys() {
37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" 37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null 38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
39 fi 39 fi
40 40
41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] 41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
42 then 42 then
43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" 43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null 44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
45 fi 45 fi
46 46
47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] 47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
48 then 48 then
49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" 49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
@@ -75,12 +75,12 @@ update_services_file() {
75 _spaces=" # " 75 _spaces=" # "
76 fi 76 fi
77 _serv_tmp="${_my_etcdir}/srv.out.$$" 77 _serv_tmp="${_my_etcdir}/srv.out.$$"
78 78
79 mount -o text -f "${_win_etcdir}" "${_my_etcdir}" 79 mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
80 80
81 # Depends on the above mount 81 # Depends on the above mount
82 _wservices=`cygpath -w "${_services}"` 82 _wservices=`cygpath -w "${_services}"`
83 83
84 # Remove sshd 22/port from services 84 # Remove sshd 22/port from services
85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] 85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
86 then 86 then
@@ -89,16 +89,16 @@ update_services_file() {
89 then 89 then
90 if mv "${_serv_tmp}" "${_services}" 90 if mv "${_serv_tmp}" "${_services}"
91 then 91 then
92 csih_inform "Removing sshd from ${_wservices}" 92 csih_inform "Removing sshd from ${_wservices}"
93 else 93 else
94 csih_warning "Removing sshd from ${_wservices} failed!" 94 csih_warning "Removing sshd from ${_wservices} failed!"
95 fi 95 fi
96 rm -f "${_serv_tmp}" 96 rm -f "${_serv_tmp}"
97 else 97 else
98 csih_warning "Removing sshd from ${_wservices} failed!" 98 csih_warning "Removing sshd from ${_wservices} failed!"
99 fi 99 fi
100 fi 100 fi
101 101
102 # Add ssh 22/tcp and ssh 22/udp to services 102 # Add ssh 22/tcp and ssh 22/udp to services
103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] 103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
104 then 104 then
@@ -106,9 +106,9 @@ update_services_file() {
106 then 106 then
107 if mv "${_serv_tmp}" "${_services}" 107 if mv "${_serv_tmp}" "${_services}"
108 then 108 then
109 csih_inform "Added ssh to ${_wservices}" 109 csih_inform "Added ssh to ${_wservices}"
110 else 110 else
111 csih_warning "Adding ssh to ${_wservices} failed!" 111 csih_warning "Adding ssh to ${_wservices} failed!"
112 fi 112 fi
113 rm -f "${_serv_tmp}" 113 rm -f "${_serv_tmp}"
114 else 114 else
@@ -134,16 +134,16 @@ sshd_privsep() {
134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." 134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
135 if csih_request "Should privilege separation be used?" 135 if csih_request "Should privilege separation be used?"
136 then 136 then
137 privsep_used=yes 137 privsep_used=yes
138 if ! csih_create_unprivileged_user sshd 138 if ! csih_create_unprivileged_user sshd
139 then 139 then
140 csih_warning "Couldn't create user 'sshd'!" 140 csih_warning "Couldn't create user 'sshd'!"
141 csih_warning "Privilege separation set to 'no' again!" 141 csih_warning "Privilege separation set to 'no' again!"
142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" 142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
143 privsep_used=no 143 privsep_used=no
144 fi 144 fi
145 else 145 else
146 privsep_used=no 146 privsep_used=no
147 fi 147 fi
148 else 148 else
149 # On 9x don't use privilege separation. Since security isn't 149 # On 9x don't use privilege separation. Since security isn't
@@ -151,7 +151,7 @@ sshd_privsep() {
151 privsep_used=no 151 privsep_used=no
152 fi 152 fi
153 fi 153 fi
154 154
155 # Create default sshd_config from skeleton files in /etc/defaults/etc or 155 # Create default sshd_config from skeleton files in /etc/defaults/etc or
156 # modify to add the missing privsep configuration option 156 # modify to add the missing privsep configuration option
157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
@@ -161,8 +161,8 @@ sshd_privsep() {
161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ 161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
162 s/^#Port 22/Port ${port_number}/ 162 s/^#Port 22/Port ${port_number}/
163 s/^#StrictModes yes/StrictModes no/" \ 163 s/^#StrictModes yes/StrictModes no/" \
164 < ${SYSCONFDIR}/sshd_config \ 164 < ${SYSCONFDIR}/sshd_config \
165 > "${sshdconfig_tmp}" 165 > "${sshdconfig_tmp}"
166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config 166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
167 elif [ "${privsep_configured}" != "yes" ] 167 elif [ "${privsep_configured}" != "yes" ]
168 then 168 then
@@ -193,19 +193,19 @@ update_inetd_conf() {
193 # will be replaced by a file in inetd.d/ 193 # will be replaced by a file in inetd.d/
194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] 194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
195 then 195 then
196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" 196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
197 if [ -f "${_inetcnf_tmp}" ] 197 if [ -f "${_inetcnf_tmp}" ]
198 then 198 then
199 if mv "${_inetcnf_tmp}" "${_inetcnf}" 199 if mv "${_inetcnf_tmp}" "${_inetcnf}"
200 then 200 then
201 csih_inform "Removed ssh[d] from ${_inetcnf}" 201 csih_inform "Removed ssh[d] from ${_inetcnf}"
202 else 202 else
203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
204 fi 204 fi
205 rm -f "${_inetcnf_tmp}" 205 rm -f "${_inetcnf_tmp}"
206 else 206 else
207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
208 fi 208 fi
209 fi 209 fi
210 fi 210 fi
211 211
@@ -214,13 +214,13 @@ update_inetd_conf() {
214 then 214 then
215 if [ "${_with_comment}" -eq 0 ] 215 if [ "${_with_comment}" -eq 0 ]
216 then 216 then
217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
218 else 218 else
219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
220 fi 220 fi
221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" 221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
222 csih_inform "Updated ${_sshd_inetd_conf}" 222 csih_inform "Updated ${_sshd_inetd_conf}"
223 fi 223 fi
224 224
225 elif [ -f "${_inetcnf}" ] 225 elif [ -f "${_inetcnf}" ]
226 then 226 then
@@ -233,26 +233,26 @@ update_inetd_conf() {
233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" 233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
234 if [ -f "${_inetcnf_tmp}" ] 234 if [ -f "${_inetcnf_tmp}" ]
235 then 235 then
236 if mv "${_inetcnf_tmp}" "${_inetcnf}" 236 if mv "${_inetcnf_tmp}" "${_inetcnf}"
237 then 237 then
238 csih_inform "Removed sshd from ${_inetcnf}" 238 csih_inform "Removed sshd from ${_inetcnf}"
239 else 239 else
240 csih_warning "Removing sshd from ${_inetcnf} failed!" 240 csih_warning "Removing sshd from ${_inetcnf} failed!"
241 fi 241 fi
242 rm -f "${_inetcnf_tmp}" 242 rm -f "${_inetcnf_tmp}"
243 else 243 else
244 csih_warning "Removing sshd from ${_inetcnf} failed!" 244 csih_warning "Removing sshd from ${_inetcnf} failed!"
245 fi 245 fi
246 fi 246 fi
247 247
248 # Add ssh line to inetd.conf 248 # Add ssh line to inetd.conf
249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] 249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
250 then 250 then
251 if [ "${_with_comment}" -eq 0 ] 251 if [ "${_with_comment}" -eq 0 ]
252 then 252 then
253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
254 else 254 else
255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
256 fi 256 fi
257 csih_inform "Added ssh to ${_inetcnf}" 257 csih_inform "Added ssh to ${_inetcnf}"
258 fi 258 fi
@@ -278,83 +278,83 @@ install_service() {
278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" 278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
279 if csih_request "(Say \"no\" if it is already installed as a service)" 279 if csih_request "(Say \"no\" if it is already installed as a service)"
280 then 280 then
281 csih_get_cygenv "${cygwin_value}" 281 csih_get_cygenv "${cygwin_value}"
282 282
283 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) 283 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
284 then 284 then
285 csih_inform "On Windows Server 2003, Windows Vista, and above, the" 285 csih_inform "On Windows Server 2003, Windows Vista, and above, the"
286 csih_inform "SYSTEM account cannot setuid to other users -- a capability" 286 csih_inform "SYSTEM account cannot setuid to other users -- a capability"
287 csih_inform "sshd requires. You need to have or to create a privileged" 287 csih_inform "sshd requires. You need to have or to create a privileged"
288 csih_inform "account. This script will help you do so." 288 csih_inform "account. This script will help you do so."
289 echo 289 echo
290 if ! csih_create_privileged_user "${password_value}" 290 if ! csih_create_privileged_user "${password_value}"
291 then 291 then
292 csih_error_recoverable "There was a serious problem creating a privileged user." 292 csih_error_recoverable "There was a serious problem creating a privileged user."
293 csih_request "Do you want to proceed anyway?" || exit 1 293 csih_request "Do you want to proceed anyway?" || exit 1
294 fi 294 fi
295 fi 295 fi
296 296
297 # never returns empty if NT or above 297 # never returns empty if NT or above
298 run_service_as=$(csih_service_should_run_as) 298 run_service_as=$(csih_service_should_run_as)
299 299
300 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] 300 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
301 then 301 then
302 password="${csih_PRIVILEGED_PASSWORD}" 302 password="${csih_PRIVILEGED_PASSWORD}"
303 if [ -z "${password}" ] 303 if [ -z "${password}" ]
304 then 304 then
305 csih_get_value "Please enter the password for user '${run_service_as}':" "-s" 305 csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
306 password="${csih_value}" 306 password="${csih_value}"
307 fi 307 fi
308 fi 308 fi
309 309
310 # at this point, we either have $run_service_as = "system" and $password is empty, 310 # at this point, we either have $run_service_as = "system" and $password is empty,
311 # or $run_service_as is some privileged user and (hopefully) $password contains 311 # or $run_service_as is some privileged user and (hopefully) $password contains
312 # the correct password. So, from here out, we use '-z "${password}"' to discriminate 312 # the correct password. So, from here out, we use '-z "${password}"' to discriminate
313 # the two cases. 313 # the two cases.
314 314
315 csih_check_user "${run_service_as}" 315 csih_check_user "${run_service_as}"
316 316
317 if [ -n "${csih_cygenv}" ] 317 if [ -n "${csih_cygenv}" ]
318 then 318 then
319 cygwin_env="-e CYGWIN=\"${csih_cygenv}\"" 319 cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
320 fi 320 fi
321 if [ -z "${password}" ] 321 if [ -z "${password}" ]
322 then 322 then
323 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \ 323 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
324 -a "-D" -y tcpip ${cygwin_env} 324 -a "-D" -y tcpip ${cygwin_env}
325 then 325 then
326 echo 326 echo
327 csih_inform "The sshd service has been installed under the LocalSystem" 327 csih_inform "The sshd service has been installed under the LocalSystem"
328 csih_inform "account (also known as SYSTEM). To start the service now, call" 328 csih_inform "account (also known as SYSTEM). To start the service now, call"
329 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" 329 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
330 csih_inform "will start automatically after the next reboot." 330 csih_inform "will start automatically after the next reboot."
331 fi 331 fi
332 else 332 else
333 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \ 333 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
334 -a "-D" -y tcpip ${cygwin_env} \ 334 -a "-D" -y tcpip ${cygwin_env} \
335 -u "${run_service_as}" -w "${password}" 335 -u "${run_service_as}" -w "${password}"
336 then 336 then
337 echo 337 echo
338 csih_inform "The sshd service has been installed under the '${run_service_as}'" 338 csih_inform "The sshd service has been installed under the '${run_service_as}'"
339 csih_inform "account. To start the service now, call \`net start sshd' or" 339 csih_inform "account. To start the service now, call \`net start sshd' or"
340 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" 340 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
341 csih_inform "after the next reboot." 341 csih_inform "after the next reboot."
342 fi 342 fi
343 fi 343 fi
344 344
345 # now, if successfully installed, set ownership of the affected files 345 # now, if successfully installed, set ownership of the affected files
346 if cygrunsrv -Q sshd >/dev/null 2>&1 346 if cygrunsrv -Q sshd >/dev/null 2>&1
347 then 347 then
348 chown "${run_service_as}" ${SYSCONFDIR}/ssh* 348 chown "${run_service_as}" ${SYSCONFDIR}/ssh*
349 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty 349 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog 350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
351 if [ -f ${LOCALSTATEDIR}/log/sshd.log ] 351 if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
352 then 352 then
353 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log 353 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log
354 fi 354 fi
355 else 355 else
356 csih_warning "Something went wrong installing the sshd service." 356 csih_warning "Something went wrong installing the sshd service."
357 fi 357 fi
358 fi # user allowed us to install as service 358 fi # user allowed us to install as service
359 fi # service not yet installed 359 fi # service not yet installed
360 fi # csih_is_nt 360 fi # csih_is_nt
@@ -478,9 +478,9 @@ setfacl -m u:system:rwx "${LOCALSTATEDIR}/log"
478# Create /var/log/lastlog if not already exists 478# Create /var/log/lastlog if not already exists
479if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] 479if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
480then 480then
481 echo 481 echo
482 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \ 482 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
483 "Cannot create ssh host configuration." 483 "Cannot create ssh host configuration."
484fi 484fi
485if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] 485if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
486then 486then
@@ -523,7 +523,7 @@ sshd_privsep
523 523
524 524
525 525
526update_services_file 526update_services_file
527update_inetd_conf 527update_inetd_conf
528install_service 528install_service
529 529