Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7c582db74b46f841f8efba7f5353ca16bf357ec2 / . / contrib / cygwin / ssh-host-config
blob: c69cfd88bccc7058a4d16af667b505468126bbb5 [file] [log] [blame]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]1#!/bin/sh
2#
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]3# ssh-host-config, Copyright 2000, Red Hat Inc.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]4#
5# This file is part of the Cygwin port of OpenSSH.
6
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]7# Subdirectory where the new package is being installed
8PREFIX=/usr
9
10# Directory where the config files are stored
11SYSCONFDIR=/etc
12
13# Subdirectory where an old package might be installed
14OLDPREFIX=/usr/local
15OLDSYSCONFDIR=${OLDPREFIX}/etc
16
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]17progname=$0
18auto_answer=""
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]19port_number=22
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]20
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]21privsep_configured=no
22privsep_used=yes
23sshd_in_passwd=no
24sshd_in_sam=no
25
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]26request()
27{
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]28 if [ "${auto_answer}" = "yes" ]
29 then
30 return 0
31 elif [ "${auto_answer}" = "no" ]
32 then
33 return 1
34 fi
35
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]36 answer=""
37 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
38 do
39 echo -n "$1 (yes/no) "
40 read answer
41 done
42 if [ "X${answer}" = "Xyes" ]
43 then
44 return 0
45 else
46 return 1
47 fi
48}
49
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]50# Check options
51
52while :
53do
54 case $# in
55 0)
56 break
57 ;;
58 esac
59
60 option=$1
61 shift
62
63 case "$option" in
64 -d | --debug )
65 set -x
66 ;;
67
68 -y | --yes )
69 auto_answer=yes
70 ;;
71
72 -n | --no )
73 auto_answer=no
74 ;;
75
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]76 -p | --port )
77 port_number=$1
78 shift
79 ;;
80
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]81 *)
82 echo "usage: ${progname} [OPTION]..."
83 echo
84 echo "This script creates an OpenSSH host configuration."
85 echo
86 echo "Options:"
87 echo " --debug -d Enable shell's debug output."
88 echo " --yes -y Answer all questions with \"yes\" automatically."
89 echo " --no -n Answer all questions with \"no\" automatically."
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]90 echo " --port -p <n> sshd listens on port n."
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]91 echo
92 exit 1
93 ;;
94
95 esac
96done
97
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]98# Check if running on NT
99_sys="`uname -a`"
100_nt=`expr "$_sys" : "CYGWIN_NT"`
101
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]102# Check for running ssh/sshd processes first. Refuse to do anything while
103# some ssh processes are still running
104
105if ps -ef | grep -v grep | grep -q ssh
106then
107 echo
108 echo "There are still ssh processes running. Please shut them down first."
109 echo
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]110 exit 1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]111fi
112
113# Check for ${SYSCONFDIR} directory
114
115if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
116then
117 echo
118 echo "${SYSCONFDIR} is existant but not a directory."
119 echo "Cannot create global configuration files."
120 echo
121 exit 1
122fi
123
124# Create it if necessary
125
126if [ ! -e "${SYSCONFDIR}" ]
127then
128 mkdir "${SYSCONFDIR}"
129 if [ ! -e "${SYSCONFDIR}" ]
130 then
131 echo
132 echo "Creating ${SYSCONFDIR} directory failed"
133 echo
134 exit 1
135 fi
136fi
137
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]138# Create /var/log and /var/log/lastlog if not already existing
139
140if [ -f /var/log ]
141then
142 echo "Creating /var/log failed\!"
143else
144 if [ ! -d /var/log ]
145 then
146 mkdir -p /var/log
147 fi
148 if [ -d /var/log/lastlog ]
149 then
150 echo "Creating /var/log/lastlog failed\!"
151 elif [ ! -f /var/log/lastlog ]
152 then
153 cat /dev/null > /var/log/lastlog
154 fi
155fi
156
157# Create /var/empty file used as chroot jail for privilege separation
158if [ -f /var/empty ]
159then
160 echo "Creating /var/empty failed\!"
161else
162 mkdir -p /var/empty
163 # On NT change ownership of that dir to user "system"
164 if [ $_nt -gt 0 ]
165 then
Tim Rice68273952002-07-10 07:40:11 -0700[diff] [blame]166 chmod 755 /var/empty
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]167 chown system.system /var/empty
168 fi
169fi
170
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]171# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
172# the same as ${PREFIX}
173
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]174old_install=0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]175if [ "${OLDPREFIX}" != "${PREFIX}" ]
176then
177 if [ -f "${OLDPREFIX}/sbin/sshd" ]
178 then
179 echo
180 echo "You seem to have an older installation in ${OLDPREFIX}."
181 echo
182 # Check if old global configuration files exist
183 if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
184 then
185 if request "Do you want to copy your config files to your new installation?"
186 then
187 cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
188 cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
189 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
190 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
191 cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
192 cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
193 fi
194 fi
195 if request "Do you want to erase your old installation?"
196 then
197 rm -f ${OLDPREFIX}/bin/ssh.exe
198 rm -f ${OLDPREFIX}/bin/ssh-config
199 rm -f ${OLDPREFIX}/bin/scp.exe
200 rm -f ${OLDPREFIX}/bin/ssh-add.exe
201 rm -f ${OLDPREFIX}/bin/ssh-agent.exe
202 rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
203 rm -f ${OLDPREFIX}/bin/slogin
204 rm -f ${OLDSYSCONFDIR}/ssh_host_key
205 rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
206 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
207 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
208 rm -f ${OLDSYSCONFDIR}/ssh_config
209 rm -f ${OLDSYSCONFDIR}/sshd_config
210 rm -f ${OLDPREFIX}/man/man1/ssh.1
211 rm -f ${OLDPREFIX}/man/man1/scp.1
212 rm -f ${OLDPREFIX}/man/man1/ssh-add.1
213 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
214 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
215 rm -f ${OLDPREFIX}/man/man1/slogin.1
216 rm -f ${OLDPREFIX}/man/man8/sshd.8
217 rm -f ${OLDPREFIX}/sbin/sshd.exe
218 rm -f ${OLDPREFIX}/sbin/sftp-server.exe
219 fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]220 old_install=1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]221 fi
222fi
223
224# First generate host keys if not already existing
225
226if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
227then
228 echo "Generating ${SYSCONFDIR}/ssh_host_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]229 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
230fi
231
232if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
233then
234 echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
235 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]236fi
237
238if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
239then
240 echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]241 ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]242fi
243
244# Check if ssh_config exists. If yes, ask for overwriting
245
246if [ -f "${SYSCONFDIR}/ssh_config" ]
247then
248 if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
249 then
250 rm -f "${SYSCONFDIR}/ssh_config"
251 if [ -f "${SYSCONFDIR}/ssh_config" ]
252 then
253 echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
254 fi
255 fi
256fi
257
258# Create default ssh_config from here script
259
260if [ ! -f "${SYSCONFDIR}/ssh_config" ]
261then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]262 echo "Generating ${SYSCONFDIR}/ssh_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]263 cat > ${SYSCONFDIR}/ssh_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]264# This is the ssh client system-wide configuration file. See
265# ssh_config(5) for more information. This file provides defaults for
266# users, and the values can be changed in per-user configuration files
267# or on the command line.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]268
269# Configuration data is parsed as follows:
270# 1. command line options
271# 2. user-specific file
272# 3. system-wide file
273# Any configuration value is only changed the first time it is set.
274# Thus, host-specific definitions should be at the beginning of the
275# configuration file, and defaults at the end.
276
277# Site-wide defaults for various options
278
279# Host *
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]280# ForwardAgent no
281# ForwardX11 no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]282# RhostsRSAAuthentication no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]283# RSAAuthentication yes
284# PasswordAuthentication yes
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]285# HostbasedAuthentication no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]286# BatchMode no
287# CheckHostIP yes
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]288# AddressFamily any
289# ConnectTimeout 0
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]290# StrictHostKeyChecking ask
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]291# IdentityFile ~/.ssh/identity
292# IdentityFile ~/.ssh/id_dsa
293# IdentityFile ~/.ssh/id_rsa
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]294# Port 22
295# Protocol 2,1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]296# Cipher 3des
297# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]298# EscapeChar ~
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]299EOF
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]300 if [ "$port_number" != "22" ]
301 then
302 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
303 echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
304 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]305fi
306
307# Check if sshd_config exists. If yes, ask for overwriting
308
309if [ -f "${SYSCONFDIR}/sshd_config" ]
310then
311 if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
312 then
313 rm -f "${SYSCONFDIR}/sshd_config"
314 if [ -f "${SYSCONFDIR}/sshd_config" ]
315 then
316 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
317 fi
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]318 else
319 grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]320 fi
321fi
322
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]323# Prior to creating or modifying sshd_config, care for privilege separation
324
325if [ "$privsep_configured" != "yes" ]
326then
327 if [ $_nt -gt 0 ]
328 then
329 echo "Privilege separation is set to yes by default since OpenSSH 3.3."
330 echo "However, this requires a non-privileged account called 'sshd'."
331 echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
332 echo
333 if request "Shall privilege separation be used?"
334 then
335 privsep_used=yes
336 grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
337 net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
338 if [ "$sshd_in_passwd" != "yes" ]
339 then
340 if [ "$sshd_in_sam" != "yes" ]
341 then
342 echo "Warning: The following function requires administrator privileges!"
343 if request "Shall this script create a local user 'sshd' on this machine?"
344 then
345 dos_var_empty=`cygpath -w /var/empty`
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]346 net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]347 if [ "$sshd_in_sam" != "yes" ]
348 then
349 echo "Warning: Creating the user 'sshd' failed!"
350 fi
351 fi
352 fi
353 if [ "$sshd_in_sam" != "yes" ]
354 then
355 echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
356 echo " Privilege separation set to 'no' again!"
357 echo " Check your ${SYSCONFDIR}/sshd_config file!"
358 privsep_used=no
359 else
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]360 mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]361 fi
362 fi
363 else
364 privsep_used=no
365 fi
366 else
367 # On 9x don't use privilege separation. Since security isn't
368 # available it just adds useless addtional processes.
369 privsep_used=no
370 fi
371fi
372
373# Create default sshd_config from here script or modify to add the
374# missing privsep configuration option
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]375
376if [ ! -f "${SYSCONFDIR}/sshd_config" ]
377then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]378 echo "Generating ${SYSCONFDIR}/sshd_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]379 cat > ${SYSCONFDIR}/sshd_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]380# This is the sshd server system-wide configuration file. See
381# sshd_config(5) for more information.
382
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]383# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
384
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]385# The strategy used for options in the default sshd_config shipped with
386# OpenSSH is to specify options with their default value where
387# possible, but leave them commented. Uncommented options change a
388# default value.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]389
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]390Port $port_number
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]391#Protocol 2,1
392#ListenAddress 0.0.0.0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]393#ListenAddress ::
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]394
395# HostKey for protocol version 1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]396#HostKey ${SYSCONFDIR}/ssh_host_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]397# HostKeys for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]398#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
399#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]400
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]401# Lifetime and size of ephemeral version 1 server key
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]402#KeyRegenerationInterval 1h
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]403#ServerKeyBits 768
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]404
405# Logging
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]406#obsoletes QuietMode and FascistLogging
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]407#SyslogFacility AUTH
408#LogLevel INFO
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]409
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]410# Authentication:
411
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]412#LoginGraceTime 2m
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]413#PermitRootLogin yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]414# The following setting overrides permission checks on host key files
415# and directories. For security reasons set this to "yes" when running
416# NT/W2K, NTFS and CYGWIN=ntsec.
417StrictModes no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]418
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]419#RSAAuthentication yes
420#PubkeyAuthentication yes
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]421#AuthorizedKeysFile .ssh/authorized_keys
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]422
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]423# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
424#RhostsRSAAuthentication no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]425# similar for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]426#HostbasedAuthentication no
427# Change to yes if you don't trust ~/.ssh/known_hosts for
428# RhostsRSAAuthentication and HostbasedAuthentication
429#IgnoreUserKnownHosts no
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]430# Don't read the user's ~/.rhosts and ~/.shosts files
431#IgnoreRhosts yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]432
433# To disable tunneled clear text passwords, change to no here!
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]434#PasswordAuthentication yes
435#PermitEmptyPasswords no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]436
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]437# Change to no to disable s/key passwords
438#ChallengeResponseAuthentication yes
439
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]440#AllowTcpForwarding yes
441#GatewayPorts no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]442#X11Forwarding no
443#X11DisplayOffset 10
444#X11UseLocalhost yes
445#PrintMotd yes
446#PrintLastLog yes
447#KeepAlive yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]448#UseLogin no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]449UsePrivilegeSeparation $privsep_used
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]450#PermitUserEnvironment no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]451#Compression yes
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]452#ClientAliveInterval 0
453#ClientAliveCountMax 3
454#UseDNS yes
455#PidFile /var/run/sshd.pid
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]456#MaxStartups 10
Darren Tucker8daf4b42003-09-22 12:32:00 +1000[diff] [blame]457
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]458# no default banner path
459#Banner /some/path
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]460
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]461# override default of no subsystems
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]462Subsystem sftp /usr/sbin/sftp-server
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]463EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]464elif [ "$privsep_configured" != "yes" ]
465then
466 echo >> ${SYSCONFDIR}/sshd_config
467 echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]468fi
469
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]470# Care for services file
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]471_my_etcdir="/ssh-host-config.$$"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]472if [ $_nt -gt 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]473then
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]474 _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
475 _services="${_my_etcdir}/services"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]476else
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]477 _win_etcdir="${WINDIR}"
478 _services="${_my_etcdir}/SERVICES"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]479fi
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]480_serv_tmp="${_my_etcdir}/srv.out.$$"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]481
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]482mount -t -f "${_win_etcdir}" "${_my_etcdir}"
483
484# Depends on the above mount
485_wservices=`cygpath -w "${_services}"`
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]486
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]487# Remove sshd 22/port from services
488if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]489then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]490 grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
491 if [ -f "${_serv_tmp}" ]
492 then
493 if mv "${_serv_tmp}" "${_services}"
494 then
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]495 echo "Removing sshd from ${_wservices}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]496 else
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]497 echo "Removing sshd from ${_wservices} failed\!"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]498 fi
499 rm -f "${_serv_tmp}"
500 else
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]501 echo "Removing sshd from ${_wservices} failed\!"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]502 fi
503fi
504
505# Add ssh 22/tcp and ssh 22/udp to services
506if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
507then
508 awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]509 if [ -f "${_serv_tmp}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]510 then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]511 if mv "${_serv_tmp}" "${_services}"
512 then
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]513 echo "Added ssh to ${_wservices}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]514 else
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]515 echo "Adding ssh to ${_wservices} failed\!"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]516 fi
517 rm -f "${_serv_tmp}"
518 else
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]519 echo "Adding ssh to ${_wservices} failed\!"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]520 fi
521fi
522
Darren Tucker7c582db2003-11-03 18:59:29 +1100[diff] [blame^]523umount "${_my_etcdir}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]524
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]525# Care for inetd.conf file
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]526_inetcnf="${SYSCONFDIR}/inetd.conf"
527_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]528
529if [ -f "${_inetcnf}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]530then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]531 # Check if ssh service is already in use as sshd
532 with_comment=1
533 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
534 # Remove sshd line from inetd.conf
535 if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
536 then
537 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
538 if [ -f "${_inetcnf_tmp}" ]
539 then
540 if mv "${_inetcnf_tmp}" "${_inetcnf}"
541 then
542 echo "Removed sshd from ${_inetcnf}"
543 else
544 echo "Removing sshd from ${_inetcnf} failed\!"
545 fi
546 rm -f "${_inetcnf_tmp}"
547 else
548 echo "Removing sshd from ${_inetcnf} failed\!"
549 fi
550 fi
551
552 # Add ssh line to inetd.conf
553 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
554 then
555 if [ "${with_comment}" -eq 0 ]
556 then
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]557 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]558 else
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]559 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]560 fi
561 echo "Added ssh to ${_inetcnf}"
562 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]563fi
564
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]565# On NT ask if sshd should be installed as service
566if [ $_nt -gt 0 ]
567then
568 echo
569 echo "Do you want to install sshd as service?"
570 if request "(Say \"no\" if it's already installed as service)"
571 then
572 echo
573 echo "Which value should the environment variable CYGWIN have when"
574 echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
575 echo "able to change user context without password."
576 echo -n "Default is \"binmode ntsec tty\". CYGWIN="
577 read _cygwin
578 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
579 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
580 then
Tim Riceb66e2922002-07-05 16:22:32 -0700[diff] [blame]581 chown system ${SYSCONFDIR}/ssh*
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]582 echo
583 echo "The service has been installed under LocalSystem account."
584 fi
585 fi
586fi
587
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]588if [ "${old_install}" = "1" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]589then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]590 echo
591 echo "Note: If you have used sshd as service or from inetd, don't forget to"
592 echo " change the path to sshd.exe in the service entry or in inetd.conf."
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]593fi
594
595echo
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]596echo "Host configuration finished. Have fun!"