From b100ec95429daa986cb31834e462083adc22e8b6 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 19 Jan 2001 05:37:32 +0000 Subject: - (bal) Updated contrib/cygwin/ by Corinna Vinschen Also removed some of the 'ISSUES' comments that have been verified by djm. --- ChangeLog | 1 + auth1.c | 2 +- auth2-pam.c | 6 +- contrib/cygwin/README | 35 +++- contrib/cygwin/ssh-config | 324 ---------------------------------- contrib/cygwin/ssh-host-config | 384 +++++++++++++++++++++++++++++++++++++++++ contrib/cygwin/ssh-user-config | 200 +++++++++++++++++++++ session.c | 1 - 8 files changed, 616 insertions(+), 337 deletions(-) delete mode 100755 contrib/cygwin/ssh-config create mode 100644 contrib/cygwin/ssh-host-config create mode 100644 contrib/cygwin/ssh-user-config diff --git a/ChangeLog b/ChangeLog index 261ca19ba..a87714da7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ rename *-skey.c *-chall.c since the files are not skey specific - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai ) to fix NULL pointer deref and fake authloop breakage in PAM code. + - (bal) Updated contrib/cygwin/ by Corinna Vinschen 20010118 - (bal) Super Sized OpenBSD Resync diff --git a/auth1.c b/auth1.c index ee165a442..e990ff57e 100644 --- a/auth1.c +++ b/auth1.c @@ -95,7 +95,7 @@ do_authloop(Authctxt *authctxt) #ifdef KRB4 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif -#ifdef USE_PAM /* ISSUE: Right?? */ +#ifdef USE_PAM auth_pam_password(pw, password)) { #else auth_password(pw, "")) { diff --git a/auth2-pam.c b/auth2-pam.c index d1d840972..adb36163e 100644 --- a/auth2-pam.c +++ b/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $"); +RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $"); #ifdef USE_PAM #include "ssh.h" @@ -44,10 +44,6 @@ auth2_pam(Authctxt *authctxt) retval = (do_pam_authenticate(0) == PAM_SUCCESS); dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); -#if 0 /* ISSUE: No longer valid, but should this still be - handled?? */ - userauth_log(authctxt, retval, method); -#endif return retval; } diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 8c9d0bb73..ac0955836 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -20,18 +20,41 @@ of the files has changed from /usr/local to /usr. The global configuration files are in /etc now. If you are installing OpenSSH the first time, you can generate -global config files, server keys and your own user keys by running +global config files and server keys by running - /usr/bin/ssh-config + /usr/bin/ssh-host-config -If you are updating your installation you may run the above ssh-config +Note that this binary archive doesn't contain default config files in /etc. +That files are only created if ssh-host-config is started. + +If you are updating your installation you may run the above ssh-host-config as well to move your configuration files to the new location and to erase the files at the old location. -Be sure to start the new ssh-config when updating! +To support testing and unattended installation ssh-host-config got +some options: -Note that this binary archive doesn't contain default config files in /etc. -That files are only created if ssh-config is started. +usage: ssh-host-config [OPTION]... +Options: + --debug -d Enable shell's debug output. + --yes -y Answer all questions with "yes" automatically. + --no -n Answer all questions with "no" automatically. + +You can create the private and public keys for a user now by running + + /usr/bin/ssh-user-config + +under the users account. + +To support testing and unattended installation ssh-user-config got +some options as well: + +usage: ssh-user-config [OPTION]... +Options: + --debug -d Enable shell's debug output. + --yes -y Answer all questions with "yes" automatically. + --no -n Answer all questions with "no" automatically. + --passphrase -p word Use "word" as passphrase automatically. Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd (results in very slow deamon startup!) or from the command line (recommended diff --git a/contrib/cygwin/ssh-config b/contrib/cygwin/ssh-config deleted file mode 100755 index 20c8cceb0..000000000 --- a/contrib/cygwin/ssh-config +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/sh -# -# ssh-config, Copyright 2000, Red Hat Inc. -# -# This file is part of the Cygwin port of OpenSSH. - -# set -x - -# Subdirectory where the new package is being installed -PREFIX=/usr - -# Directory where the config files are stored -SYSCONFDIR=/etc - -# Subdirectory where an old package might be installed -OLDPREFIX=/usr/local -OLDSYSCONFDIR=${OLDPREFIX}/etc - -request() -{ - answer="" - while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] - do - echo -n "$1 (yes/no) " - read answer - done - if [ "X${answer}" = "Xyes" ] - then - return 0 - else - return 1 - fi -} - -# Check for running ssh/sshd processes first. Refuse to do anything while -# some ssh processes are still running - -if ps -ef | grep -v grep | grep -q ssh -then - echo - echo "There are still ssh processes running. Please shut them down first." - echo - exit 1 -fi - -# Check for ${SYSCONFDIR} directory - -if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] -then - echo - echo "${SYSCONFDIR} is existant but not a directory." - echo "Cannot create global configuration files." - echo - exit 1 -fi - -# Create it if necessary - -if [ ! -e "${SYSCONFDIR}" ] -then - mkdir "${SYSCONFDIR}" - if [ ! -e "${SYSCONFDIR}" ] - then - echo - echo "Creating ${SYSCONFDIR} directory failed" - echo - exit 1 - fi -fi - -# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't -# the same as ${PREFIX} - -if [ "${OLDPREFIX}" != "${PREFIX}" ] -then - if [ -f "${OLDPREFIX}/sbin/sshd" ] - then - echo - echo "You seem to have an older installation in ${OLDPREFIX}." - echo - # Check if old global configuration files exist - if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] - then - if request "Do you want to copy your config files to your new installation?" - then - cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} - fi - fi - if request "Do you want to erase your old installation?" - then - rm -f ${OLDPREFIX}/bin/ssh.exe - rm -f ${OLDPREFIX}/bin/ssh-config - rm -f ${OLDPREFIX}/bin/scp.exe - rm -f ${OLDPREFIX}/bin/ssh-add.exe - rm -f ${OLDPREFIX}/bin/ssh-agent.exe - rm -f ${OLDPREFIX}/bin/ssh-keygen.exe - rm -f ${OLDPREFIX}/bin/slogin - rm -f ${OLDSYSCONFDIR}/ssh_host_key - rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub - rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key - rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub - rm -f ${OLDSYSCONFDIR}/ssh_config - rm -f ${OLDSYSCONFDIR}/sshd_config - rm -f ${OLDPREFIX}/man/man1/ssh.1 - rm -f ${OLDPREFIX}/man/man1/scp.1 - rm -f ${OLDPREFIX}/man/man1/ssh-add.1 - rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 - rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 - rm -f ${OLDPREFIX}/man/man1/slogin.1 - rm -f ${OLDPREFIX}/man/man8/sshd.8 - rm -f ${OLDPREFIX}/sbin/sshd.exe - rm -f ${OLDPREFIX}/sbin/sftp-server.exe - fi - fi -fi - -# First generate host keys if not already existing - -if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_key" - ssh-keygen -f ${SYSCONFDIR}/ssh_host_key -N '' -fi - -if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" - ssh-keygen -d -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -fi - -# Check if ssh_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/ssh_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" - then - rm -f "${SYSCONFDIR}/ssh_config" - if [ -f "${SYSCONFDIR}/ssh_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." - fi - fi -fi - -# Create default ssh_config from here script - -if [ ! -f "${SYSCONFDIR}/ssh_config" ] -then - echo "Creating default ${SYSCONFDIR}/ssh_config file" - cat > ${SYSCONFDIR}/ssh_config << EOF -# This is ssh client systemwide configuration file. This file provides -# defaults for users, and the values can be changed in per-user configuration -# files or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for various options - -# Host * -# ForwardAgent yes -# ForwardX11 yes -# RhostsAuthentication yes -# RhostsRSAAuthentication yes -# RSAAuthentication yes -# PasswordAuthentication yes -# FallBackToRsh no -# UseRsh no -# BatchMode no -# CheckHostIP yes -# StrictHostKeyChecking no -# IdentityFile ~/.ssh/identity -# Port 22 -# Protocol 2,1 -# Cipher 3des -# EscapeChar ~ - -# Be paranoid by default -Host * - ForwardAgent no - ForwardX11 no - FallBackToRsh no -EOF -fi - -# Check if sshd_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/sshd_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" - then - rm -f "${SYSCONFDIR}/sshd_config" - if [ -f "${SYSCONFDIR}/sshd_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." - fi - fi -fi - -# Create default sshd_config from here script - -if [ ! -f "${SYSCONFDIR}/sshd_config" ] -then - echo "Creating default ${SYSCONFDIR}/sshd_config file" - cat > ${SYSCONFDIR}/sshd_config << EOF -# This is ssh server systemwide configuration file. - -Port 22 -#Protocol 2,1 -ListenAddress 0.0.0.0 -#ListenAddress :: -#HostKey /etc/ssh_host_key -ServerKeyBits 768 -LoginGraceTime 600 -KeyRegenerationInterval 3600 -PermitRootLogin yes -# -# Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes -StrictModes yes -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -KeepAlive yes - -# Logging -SyslogFacility AUTH -LogLevel INFO -#obsoletes QuietMode and FascistLogging - -RhostsAuthentication no -# -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no - -# To install for logon to different user accounts change to "no" here -RSAAuthentication yes - -# To install for logon to different user accounts change to "yes" here -PasswordAuthentication no - -PermitEmptyPasswords no - -CheckMail no -UseLogin no - -#Uncomment if you want to enable sftp -#Subsystem sftp /usr/sbin/sftp-server -#MaxStartups 10:30:60 -EOF -fi - -# Ask user if user identity should be generated - -if [ "X${HOME}" = "X" ] -then - echo '$HOME is nonexistant. Cannot create user identity files.' - exit 1 -fi - -if [ ! -d "${HOME}" ] -then - echo '$HOME is not a valid directory. Cannot create user identity files.' - exit 1 -fi - -# If HOME is the root dir, set HOME to empty string to avoid error messages -# in subsequent parts of that script. -if [ "X${HOME}" = "X/" ] -then - HOME='' -fi - -if [ -e "${HOME}/.ssh" -a ! -d "${HOME}/.ssh" ] -then - echo '$HOME/.ssh is existant but not a directory. Cannot create user identity files.' - exit 1 -fi - -if [ ! -e "${HOME}/.ssh" ] -then - mkdir "${HOME}/.ssh" - if [ ! -e "${HOME}/.ssh" ] - then - echo "Creating users ${HOME}/.ssh directory failed" - exit 1 - fi -fi - -if [ ! -f "${HOME}/.ssh/identity" ] -then - if request "Shall I create an RSA identity file for you?" - then - echo "Generating ${HOME}/.ssh/identity" - ssh-keygen -f "${HOME}/.ssh/identity" - fi -fi - -if [ ! -f "${HOME}/.ssh/id_dsa" ] -then - if request "Shall I create an DSA identity file for you? (yes/no) " - then - echo "Generating ${HOME}/.ssh/id_dsa" - ssh-keygen -d -f "${HOME}/.ssh/id_dsa" - fi -fi - -echo -echo "Note: If you have used sshd as service or from inetd, don't forget to" -echo " change the path to sshd.exe in the service entry or in inetd.conf." -echo -echo "Configuration finished. Have fun!" diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config new file mode 100644 index 000000000..6fe2c7795 --- /dev/null +++ b/contrib/cygwin/ssh-host-config @@ -0,0 +1,384 @@ +#!/bin/sh +# +# ssh-host-config, Copyright 2000, Red Hat Inc. +# +# This file is part of the Cygwin port of OpenSSH. + +# Subdirectory where the new package is being installed +PREFIX=/usr + +# Directory where the config files are stored +SYSCONFDIR=/etc + +# Subdirectory where an old package might be installed +OLDPREFIX=/usr/local +OLDSYSCONFDIR=${OLDPREFIX}/etc + +progname=$0 +auto_answer="" + +request() +{ + if [ "${auto_answer}" = "yes" ] + then + return 0 + elif [ "${auto_answer}" = "no" ] + then + return 1 + fi + + answer="" + while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] + do + echo -n "$1 (yes/no) " + read answer + done + if [ "X${answer}" = "Xyes" ] + then + return 0 + else + return 1 + fi +} + +# Check options + +while : +do + case $# in + 0) + break + ;; + esac + + option=$1 + shift + + case "$option" in + -d | --debug ) + set -x + ;; + + -y | --yes ) + auto_answer=yes + ;; + + -n | --no ) + auto_answer=no + ;; + + *) + echo "usage: ${progname} [OPTION]..." + echo + echo "This script creates an OpenSSH host configuration." + echo + echo "Options:" + echo " --debug -d Enable shell's debug output." + echo " --yes -y Answer all questions with \"yes\" automatically." + echo " --no -n Answer all questions with \"no\" automatically." + echo + exit 1 + ;; + + esac +done + +# Check for running ssh/sshd processes first. Refuse to do anything while +# some ssh processes are still running + +if ps -ef | grep -v grep | grep -q ssh +then + echo + echo "There are still ssh processes running. Please shut them down first." + echo + exit 1 +fi + +# Check for ${SYSCONFDIR} directory + +if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] +then + echo + echo "${SYSCONFDIR} is existant but not a directory." + echo "Cannot create global configuration files." + echo + exit 1 +fi + +# Create it if necessary + +if [ ! -e "${SYSCONFDIR}" ] +then + mkdir "${SYSCONFDIR}" + if [ ! -e "${SYSCONFDIR}" ] + then + echo + echo "Creating ${SYSCONFDIR} directory failed" + echo + exit 1 + fi +fi + +# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't +# the same as ${PREFIX} + +old_install=0 +if [ "${OLDPREFIX}" != "${PREFIX}" ] +then + if [ -f "${OLDPREFIX}/sbin/sshd" ] + then + echo + echo "You seem to have an older installation in ${OLDPREFIX}." + echo + # Check if old global configuration files exist + if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] + then + if request "Do you want to copy your config files to your new installation?" + then + cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} + cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} + cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} + cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} + cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} + cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} + fi + fi + if request "Do you want to erase your old installation?" + then + rm -f ${OLDPREFIX}/bin/ssh.exe + rm -f ${OLDPREFIX}/bin/ssh-config + rm -f ${OLDPREFIX}/bin/scp.exe + rm -f ${OLDPREFIX}/bin/ssh-add.exe + rm -f ${OLDPREFIX}/bin/ssh-agent.exe + rm -f ${OLDPREFIX}/bin/ssh-keygen.exe + rm -f ${OLDPREFIX}/bin/slogin + rm -f ${OLDSYSCONFDIR}/ssh_host_key + rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub + rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key + rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub + rm -f ${OLDSYSCONFDIR}/ssh_config + rm -f ${OLDSYSCONFDIR}/sshd_config + rm -f ${OLDPREFIX}/man/man1/ssh.1 + rm -f ${OLDPREFIX}/man/man1/scp.1 + rm -f ${OLDPREFIX}/man/man1/ssh-add.1 + rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 + rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 + rm -f ${OLDPREFIX}/man/man1/slogin.1 + rm -f ${OLDPREFIX}/man/man8/sshd.8 + rm -f ${OLDPREFIX}/sbin/sshd.exe + rm -f ${OLDPREFIX}/sbin/sftp-server.exe + fi + old_install=1 + fi +fi + +# First generate host keys if not already existing + +if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] +then + echo "Generating ${SYSCONFDIR}/ssh_host_key" + ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null +fi + +if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] +then + echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" + ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null +fi + +if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] +then + echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" + ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null +fi + +# Check if ssh_config exists. If yes, ask for overwriting + +if [ -f "${SYSCONFDIR}/ssh_config" ] +then + if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" + then + rm -f "${SYSCONFDIR}/ssh_config" + if [ -f "${SYSCONFDIR}/ssh_config" ] + then + echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." + fi + fi +fi + +# Create default ssh_config from here script + +if [ ! -f "${SYSCONFDIR}/ssh_config" ] +then + echo "Generating ${SYSCONFDIR}/ssh_config file" + cat > ${SYSCONFDIR}/ssh_config << EOF +# This is ssh client systemwide configuration file. This file provides +# defaults for users, and the values can be changed in per-user configuration +# files or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for various options + +# Host * +# ForwardAgent yes +# ForwardX11 yes +# RhostsAuthentication yes +# RhostsRSAAuthentication yes +# RSAAuthentication yes +# PasswordAuthentication yes +# FallBackToRsh no +# UseRsh no +# BatchMode no +# CheckHostIP yes +# StrictHostKeyChecking no +# Port 22 +# Protocol 2,1 +# Cipher 3des +# EscapeChar ~ + +# Be paranoid by default +Host * + ForwardAgent no + ForwardX11 no + FallBackToRsh no + +# Try authentification with the following identities + IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +EOF +fi + +# Check if sshd_config exists. If yes, ask for overwriting + +if [ -f "${SYSCONFDIR}/sshd_config" ] +then + if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" + then + rm -f "${SYSCONFDIR}/sshd_config" + if [ -f "${SYSCONFDIR}/sshd_config" ] + then + echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." + fi + fi +fi + +# Create default sshd_config from here script + +if [ ! -f "${SYSCONFDIR}/sshd_config" ] +then + echo "Generating ${SYSCONFDIR}/sshd_config file" + cat > ${SYSCONFDIR}/sshd_config << EOF +# This is ssh server systemwide configuration file. + +Port 22 +# +Protocol 2,1 +ListenAddress 0.0.0.0 +#ListenAddress :: +# +# Uncomment the following lines according to the used authentication +HostKey /etc/ssh_host_key +HostKey /etc/ssh_host_rsa_key +HostKey /etc/ssh_host_dsa_key +ServerKeyBits 768 +LoginGraceTime 600 +KeyRegenerationInterval 3600 +PermitRootLogin yes +# +# Don't read ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes +StrictModes yes +X11Forwarding no +X11DisplayOffset 10 +PrintMotd yes +KeepAlive yes + +# Logging +SyslogFacility AUTH +LogLevel INFO +#obsoletes QuietMode and FascistLogging + +RhostsAuthentication no +# +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no + +# To install for logon to different user accounts change to "no" here +RSAAuthentication yes + +# To install for logon to different user accounts change to "yes" here +PasswordAuthentication no + +PermitEmptyPasswords no + +CheckMail no +UseLogin no + +#Uncomment if you want to enable sftp +#Subsystem sftp /usr/sbin/sftp-server +#MaxStartups 10:30:60 +EOF +fi + +# Add port 22/tcp to services +_sys="`uname -a`" +_nt=`expr "$_sys" : "CYGWIN_NT"` +if [ $_nt -gt 0 ] +then + _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" + _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" +else + _wservices="${WINDIR}\\SERVICES" + _wserv_tmp="${WINDIR}\\SERV.$$" +fi +_services=`cygpath -u "${_wservices}"` +_serv_tmp=`cygpath -u "${_wserv_tmp}"` + +mount -b -f "${_wservices}" "${_services}" +mount -b -f "${_wserv_tmp}" "${_serv_tmp}" + +if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] +then + awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}" + if [ -f "${_serv_tmp}" ] + then + if mv "${_serv_tmp}" "${_services}" + then + echo "Added sshd to ${_services}" + else + echo "Adding sshd to ${_services} failed\!" + fi + rm -f "${_serv_tmp}" + else + echo "Adding sshd to ${_services} failed\!" + fi +fi + +umount "${_services}" +umount "${_serv_tmp}" + +# Add sshd line to inetd.conf +if [ -f /etc/inetd.conf ] +then + grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf +fi + +if [ "${old_install}" = "1" ] +then + echo + echo "Note: If you have used sshd as service or from inetd, don't forget to" + echo " change the path to sshd.exe in the service entry or in inetd.conf." +fi + +echo +echo "Host configuration finished. Have fun!" diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config new file mode 100644 index 000000000..5a76adbaf --- /dev/null +++ b/contrib/cygwin/ssh-user-config @@ -0,0 +1,200 @@ +#!/bin/sh +# +# ssh-user-config, Copyright 2000, Red Hat Inc. +# +# This file is part of the Cygwin port of OpenSSH. + +progname=$0 +auto_answer="" +auto_passphrase="no" +passphrase="" + +request() +{ + if [ "${auto_answer}" = "yes" ] + then + return 0 + elif [ "${auto_answer}" = "no" ] + then + return 1 + fi + + answer="" + while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] + do + echo -n "$1 (yes/no) " + read answer + done + if [ "X${answer}" = "Xyes" ] + then + return 0 + else + return 1 + fi +} + +# Check options + +while : +do + case $# in + 0) + break + ;; + esac + + option=$1 + shift + + case "$option" in + -d | --debug ) + set -x + ;; + + -y | --yes ) + auto_answer=yes + ;; + + -n | --no ) + auto_answer=no + ;; + + -p | --passphrase ) + with_passphrase="yes" + passphrase=$1 + shift + ;; + + *) + echo "usage: ${progname} [OPTION]..." + echo + echo "This script creates an OpenSSH user configuration." + echo + echo "Options:" + echo " --debug -d Enable shell's debug output." + echo " --yes -y Answer all questions with \"yes\" automatically." + echo " --no -n Answer all questions with \"no\" automatically." + echo " --passphrase -p word Use \"word\" as passphrase automatically." + echo + exit 1 + ;; + + esac +done + +# Ask user if user identity should be generated + +if [ ! -f /etc/passwd ] +then + echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file' + echo 'first using mkpasswd. Check if it contains an entry for you and' + echo 'please care for the home directory in your entry as well.' + exit 1 +fi + +uid=`id -u` +pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd` + +if [ "X${pwdhome}" = "X" ] +then + echo 'There is no home directory set for you in /etc/passwd.' + echo 'Setting $HOME is not sufficient!' + exit 1 +fi + +if [ ! -d "${pwdhome}" ] +then + echo "${pwdhome} is set in /etc/passwd as your home directory" + echo 'but it is not a valid directory. Cannot create user identity files.' + exit 1 +fi + +# If home is the root dir, set home to empty string to avoid error messages +# in subsequent parts of that script. +if [ "X${pwdhome}" = "X/" ] +then + # But first raise a warning! + echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!' + if request "Would you like to proceed anyway?" + then + pwdhome='' + else + exit 1 + fi +fi + +if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] +then + echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." + exit 1 +fi + +if [ ! -e "${pwdhome}/.ssh" ] +then + mkdir "${pwdhome}/.ssh" + if [ ! -e "${pwdhome}/.ssh" ] + then + echo "Creating users ${pwdhome}/.ssh directory failed" + exit 1 + fi +fi + +if [ ! -f "${pwdhome}/.ssh/identity" ] +then + if request "Shall I create an SSH1 RSA identity file for you?" + then + echo "Generating ${pwdhome}/.ssh/identity" + if [ "${with_passphrase}" = "yes" ] + then + ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null + else + ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null + fi + if request "Do you want to use this identity to login to this machine?" + then + echo "Adding to ${pwdhome}/.ssh/authorized_keys" + cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" + fi + fi +fi + +if [ ! -f "${pwdhome}/.ssh/id_rsa" ] +then + if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " + then + echo "Generating ${pwdhome}/.ssh/id_rsa" + if [ "${with_passphrase}" = "yes" ] + then + ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null + else + ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null + fi + if request "Do you want to use this identity to login to this machine?" + then + echo "Adding to ${pwdhome}/.ssh/authorized_keys2" + cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" + fi + fi +fi + +if [ ! -f "${pwdhome}/.ssh/id_dsa" ] +then + if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " + then + echo "Generating ${pwdhome}/.ssh/id_dsa" + if [ "${with_passphrase}" = "yes" ] + then + ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null + else + ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null + fi + if request "Do you want to use this identity to login to this machine?" + then + echo "Adding to ${pwdhome}/.ssh/authorized_keys2" + cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" + fi + fi +fi + +echo +echo "Configuration finished. Have fun!" diff --git a/session.c b/session.c index 2c1500431..20975cb6c 100644 --- a/session.c +++ b/session.c @@ -2013,7 +2013,6 @@ do_authenticated2(Authctxt *authctxt) startup_pipe = -1; } #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) - /* ISSUE: Is this correct? */ if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { error("unable to get login class"); return; -- cgit v1.2.3