# PostInstall script for OPENssh INSTALLF="/usr/sbin/installf" instbackup() { _DIRECTORY=$1 _FILEBASE=$2 $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE} _SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M` if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then echo " Backing up file ${_FILEBASE}..." if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX} cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX} echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}." else $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig." fi fi cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE} echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file." } ### Main body of script echo "" echo "Beginning postinstall script--this script should leave you with a" echo "functional and operational configuration of OpenSSH." echo "" if [ ! "${UPDATE}" = "1" ]; then echo "Performing a \"fresh\" installation of OpenSSH." ### Install init script and create symlinks $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2 cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2 $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2 $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2 ### The initial package installation leaves default versions of ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now ### we need to decide whether to install them. Since this is *not* ### an update install, we don't ask, but simply back up the old ones ### and put the new ones in their place. instbackup ${CONFDIR} ssh_prng_cmds instbackup ${CONFDIR} ssh_config instbackup ${CONFDIR} sshd_config instbackup ${CONFDIR} primes ### If no existing sshd_config and host key, then create if [ ! -f "${CONFDIR}/ssh_host_key" ]; then echo "Creating new RSA public/private host key pair for SSH-1." $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub ### If there is *anything* there then leave it, otherwise look ### in some reasonable alternate locations before giving up. ### It's worth spending some extra time looking for the old one ### to avoid a bunch of "host identification has changed" warnings. ### Note that some old keys from the commercial SSH might not ### be compatible, but we don't test for that. if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR} elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR} else ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N '' fi else echo "Using existing RSA public/private host key pair for SSH-1." fi if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then echo "Creating new DSA public/private host key pair for SSH-2." $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub ### If there is *anything* there then leave it, otherwise look ### in some reasonable alternate locations before giving up. ### It's worth spending some extra time looking for the old one ### to avoid a bunch of "host identification has changed" warnings. ### Note that some old keys from the commercial SSH2 might not ### be compatible, but we don't test for that. if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR} elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR} else ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N '' fi else echo "Using existing DSA public/private host key pair for SSH-2." fi else echo "Performing an \"update\" installation of OpenSSH." ### Okay, this part *is* an update install...so we need to ensure ### we don't overwrite any of the existing files. ### Install init script and create symlinks if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then echo "Installing init script in ${PKG_INSTALL_ROOT}/etc/init.d/sshd" $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2 cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd fi if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2 fi if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then $INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2 fi ### The initial package installation leaves default versions of ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now ### we need to decide whether to install them. Since this is ### an update install, we only install the new files if the old ### files somehow don't exist. NEWCONF=0 if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then instbackup ${CONFDIR} ssh_prng_cmds NEWCONF=1 fi if [ ! -r "${CONFDIR}/ssh_config" ]; then instbackup ${CONFDIR} ssh_config NEWCONF=1 fi if [ ! -r "${CONFDIR}/ssh_config" ]; then instbackup ${CONFDIR} sshd_config NEWCONF=1 fi if [ ! -r "${CONFDIR}/primes" ]; then instbackup ${CONFDIR} primes NEWCONF=1 fi if [ $NEWCONF -eq 0 ]; then echo "Your existing SSH configuration files have not been altered." else echo "Your other existing SSH configuration files have not been altered." fi ### If no existing sshd_config and host key, then create if [ ! -f "${CONFDIR}/ssh_host_key" ]; then echo "Creating new RSA public/private host key pair for SSH-1." $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub ### If there is *anything* there then leave it, otherwise look ### in some reasonable alternate locations before giving up. ### It's worth spending some extra time looking for the old one ### to avoid a bunch of "host identification has changed" warnings. ### Note that some old keys from the commercial SSH might not ### be compatible, but we don't test for that. if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR} elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR} else ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N '' fi else echo "Using existing RSA public/private host key pair for SSH-1." fi if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then echo "Creating new DSA public/private host key pair for SSH-2." $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub ### If there is *anything* there then leave it, otherwise look ### in some reasonable alternate locations before giving up. ### It's worth spending some extra time looking for the old one ### to avoid a bunch of "host identification has changed" warnings. ### Note that some old keys from the commercial SSH2 might not ### be compatible, but we don't test for that. if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR} elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR} else ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N '' fi else echo "Using existing DSA public/private host key pair for SSH-2." fi fi if [ ! -d %%PIDDIR%% ]; then $INSTALLF $PKGINST %%PIDDIR%% mkdir -p %%PIDDIR%% chown root:sys %%PIDDIR%% chmod 755 %%PIDDIR%% fi $INSTALLF -f $PKGINST || exit 2 if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then ### We're doing a local install, rather than an install for ### old-style diskless clients. echo "Stopping any current sshd process, and then starting the new sshd." /etc/init.d/sshd stop /etc/init.d/sshd start else echo "Not restarting sshd, since this appears to be a remote install" echo "for support of diskless clients." fi exit 0