blob: 83eff3a13b2be410e5c415fbb521eda88bc40daa [file] [log] [blame] [raw]
#!/bin/sh
#
# ssh-host-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
# Subdirectory where the new package is being installed
PREFIX=/usr
# Directory where the config files are stored
SYSCONFDIR=/etc
# Subdirectory where an old package might be installed
OLDPREFIX=/usr/local
OLDSYSCONFDIR=${OLDPREFIX}/etc
progname=$0
auto_answer=""
port_number=22
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
echo -n "$1 (yes/no) "
read answer
done
if [ "X${answer}" = "Xyes" ]
then
return 0
else
return 1
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
-p | --port )
port_number=$1
shift
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH host configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo " --port -p <n> sshd listens on port n."
echo
exit 1
;;
esac
done
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
if ps -ef | grep -v grep | grep -q ssh
then
echo
echo "There are still ssh processes running. Please shut them down first."
echo
exit 1
fi
# Check for ${SYSCONFDIR} directory
if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
then
echo
echo "${SYSCONFDIR} is existant but not a directory."
echo "Cannot create global configuration files."
echo
exit 1
fi
# Create it if necessary
if [ ! -e "${SYSCONFDIR}" ]
then
mkdir "${SYSCONFDIR}"
if [ ! -e "${SYSCONFDIR}" ]
then
echo
echo "Creating ${SYSCONFDIR} directory failed"
echo
exit 1
fi
fi
# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}
old_install=0
if [ "${OLDPREFIX}" != "${PREFIX}" ]
then
if [ -f "${OLDPREFIX}/sbin/sshd" ]
then
echo
echo "You seem to have an older installation in ${OLDPREFIX}."
echo
# Check if old global configuration files exist
if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
then
if request "Do you want to copy your config files to your new installation?"
then
cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
fi
fi
if request "Do you want to erase your old installation?"
then
rm -f ${OLDPREFIX}/bin/ssh.exe
rm -f ${OLDPREFIX}/bin/ssh-config
rm -f ${OLDPREFIX}/bin/scp.exe
rm -f ${OLDPREFIX}/bin/ssh-add.exe
rm -f ${OLDPREFIX}/bin/ssh-agent.exe
rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
rm -f ${OLDPREFIX}/bin/slogin
rm -f ${OLDSYSCONFDIR}/ssh_host_key
rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
rm -f ${OLDSYSCONFDIR}/ssh_config
rm -f ${OLDSYSCONFDIR}/sshd_config
rm -f ${OLDPREFIX}/man/man1/ssh.1
rm -f ${OLDPREFIX}/man/man1/scp.1
rm -f ${OLDPREFIX}/man/man1/ssh-add.1
rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
rm -f ${OLDPREFIX}/man/man1/slogin.1
rm -f ${OLDPREFIX}/man/man8/sshd.8
rm -f ${OLDPREFIX}/sbin/sshd.exe
rm -f ${OLDPREFIX}/sbin/sftp-server.exe
fi
old_install=1
fi
fi
# First generate host keys if not already existing
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_key"
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi
# Check if ssh_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
then
rm -f "${SYSCONFDIR}/ssh_config"
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
fi
fi
fi
# Create default ssh_config from here script
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Generating ${SYSCONFDIR}/ssh_config file"
cat > ${SYSCONFDIR}/ssh_config << EOF
# This is ssh client systemwide configuration file. This file provides
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent yes
# ForwardX11 yes
# RhostsAuthentication yes
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking no
# Port 22
# Protocol 2,1
# Cipher 3des
# EscapeChar ~
# Be paranoid by default
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
# Try authentification with the following identities
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
EOF
if [ "$port_number" != "22" ]
then
echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
fi
fi
# Check if sshd_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
then
rm -f "${SYSCONFDIR}/sshd_config"
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
fi
fi
fi
# Create default sshd_config from here script
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Generating ${SYSCONFDIR}/sshd_config file"
cat > ${SYSCONFDIR}/sshd_config << EOF
# This is ssh server systemwide configuration file.
Port $port_number
#
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
#
# Uncomment the following lines according to the used authentication
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
#
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
# NT/W2K, NTFS and CYGWIN=ntsec.
StrictModes no
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
CheckMail no
UseLogin no
#Uncomment if you want to enable sftp
#Subsystem sftp /usr/sbin/sftp-server
#MaxStartups 10:30:60
EOF
fi
# Care for services file
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
_wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
else
_wservices="${WINDIR}\\SERVICES"
_wserv_tmp="${WINDIR}\\SERV.$$"
fi
_services=`cygpath -u "${_wservices}"`
_serv_tmp=`cygpath -u "${_wserv_tmp}"`
mount -t -f "${_wservices}" "${_services}"
mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
# Remove sshd 22/port from services
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
then
grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Removing sshd from ${_services}"
else
echo "Removing sshd from ${_services} failed\!"
fi
rm -f "${_serv_tmp}"
else
echo "Removing sshd from ${_services} failed\!"
fi
fi
# Add ssh 22/tcp and ssh 22/udp to services
if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Added ssh to ${_services}"
else
echo "Adding ssh to ${_services} failed\!"
fi
rm -f "${_serv_tmp}"
else
echo "Adding ssh to ${_services} failed\!"
fi
fi
umount "${_services}"
umount "${_serv_tmp}"
# Care for inetd.conf file
_inetcnf="/etc/inetd.conf"
_inetcnf_tmp="/etc/inetd.conf.$$"
if [ -f "${_inetcnf}" ]
then
# Check if ssh service is already in use as sshd
with_comment=1
grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
# Remove sshd line from inetd.conf
if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
then
grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
if [ -f "${_inetcnf_tmp}" ]
then
if mv "${_inetcnf_tmp}" "${_inetcnf}"
then
echo "Removed sshd from ${_inetcnf}"
else
echo "Removing sshd from ${_inetcnf} failed\!"
fi
rm -f "${_inetcnf_tmp}"
else
echo "Removing sshd from ${_inetcnf} failed\!"
fi
fi
# Add ssh line to inetd.conf
if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
then
if [ "${with_comment}" -eq 0 ]
then
echo 'ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
else
echo '# ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
fi
echo "Added ssh to ${_inetcnf}"
fi
fi
# Create /var/log and /var/log/lastlog if not already existing
if [ -f /var/log ]
then
echo "Creating /var/log failed\!"
else
if [ ! -d /var/log ]
then
mkdir /var/log
fi
if [ -d /var/log/lastlog ]
then
echo "Creating /var/log/lastlog failed\!"
elif [ ! -f /var/log/lastlog ]
then
cat /dev/null > /var/log/lastlog
fi
fi
# On NT ask if sshd should be installed as service
if [ $_nt -gt 0 ]
then
echo
echo "Do you want to install sshd as service?"
if request "(Say \"no\" if it's already installed as service)"
then
echo
echo "Which value should the environment variable CYGWIN have when"
echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
echo "able to change user context without password."
echo -n "Default is \"binmode ntsec tty\". CYGWIN="
read _cygwin
[ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
then
chown system /etc/ssh*
echo
echo "The service has been installed under LocalSystem account."
fi
fi
fi
if [ "${old_install}" = "1" ]
then
echo
echo "Note: If you have used sshd as service or from inetd, don't forget to"
echo " change the path to sshd.exe in the service entry or in inetd.conf."
fi
echo
echo "Host configuration finished. Have fun!"