blob: 83eff3a13b2be410e5c415fbb521eda88bc40daa [file] [log] [blame]
Kevin Steves9be6e262000-10-29 19:18:49 +00001#!/bin/sh
2#
Ben Lindstromb100ec92001-01-19 05:37:32 +00003# ssh-host-config, Copyright 2000, Red Hat Inc.
Kevin Steves9be6e262000-10-29 19:18:49 +00004#
5# This file is part of the Cygwin port of OpenSSH.
6
Kevin Steves9be6e262000-10-29 19:18:49 +00007# Subdirectory where the new package is being installed
8PREFIX=/usr
9
10# Directory where the config files are stored
11SYSCONFDIR=/etc
12
13# Subdirectory where an old package might be installed
14OLDPREFIX=/usr/local
15OLDSYSCONFDIR=${OLDPREFIX}/etc
16
Ben Lindstromb100ec92001-01-19 05:37:32 +000017progname=$0
18auto_answer=""
Damien Miller8ac0a7e2001-03-07 21:38:19 +110019port_number=22
Ben Lindstromb100ec92001-01-19 05:37:32 +000020
Kevin Steves9be6e262000-10-29 19:18:49 +000021request()
22{
Ben Lindstromb100ec92001-01-19 05:37:32 +000023 if [ "${auto_answer}" = "yes" ]
24 then
25 return 0
26 elif [ "${auto_answer}" = "no" ]
27 then
28 return 1
29 fi
30
Kevin Steves9be6e262000-10-29 19:18:49 +000031 answer=""
32 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
33 do
34 echo -n "$1 (yes/no) "
35 read answer
36 done
37 if [ "X${answer}" = "Xyes" ]
38 then
39 return 0
40 else
41 return 1
42 fi
43}
44
Ben Lindstromb100ec92001-01-19 05:37:32 +000045# Check options
46
47while :
48do
49 case $# in
50 0)
51 break
52 ;;
53 esac
54
55 option=$1
56 shift
57
58 case "$option" in
59 -d | --debug )
60 set -x
61 ;;
62
63 -y | --yes )
64 auto_answer=yes
65 ;;
66
67 -n | --no )
68 auto_answer=no
69 ;;
70
Damien Miller8ac0a7e2001-03-07 21:38:19 +110071 -p | --port )
72 port_number=$1
73 shift
74 ;;
75
Ben Lindstromb100ec92001-01-19 05:37:32 +000076 *)
77 echo "usage: ${progname} [OPTION]..."
78 echo
79 echo "This script creates an OpenSSH host configuration."
80 echo
81 echo "Options:"
82 echo " --debug -d Enable shell's debug output."
83 echo " --yes -y Answer all questions with \"yes\" automatically."
84 echo " --no -n Answer all questions with \"no\" automatically."
Damien Miller8ac0a7e2001-03-07 21:38:19 +110085 echo " --port -p <n> sshd listens on port n."
Ben Lindstromb100ec92001-01-19 05:37:32 +000086 echo
87 exit 1
88 ;;
89
90 esac
91done
92
Kevin Steves9be6e262000-10-29 19:18:49 +000093# Check for running ssh/sshd processes first. Refuse to do anything while
94# some ssh processes are still running
95
96if ps -ef | grep -v grep | grep -q ssh
97then
98 echo
99 echo "There are still ssh processes running. Please shut them down first."
100 echo
101 exit 1
102fi
103
104# Check for ${SYSCONFDIR} directory
105
106if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
107then
108 echo
109 echo "${SYSCONFDIR} is existant but not a directory."
110 echo "Cannot create global configuration files."
111 echo
112 exit 1
113fi
114
115# Create it if necessary
116
117if [ ! -e "${SYSCONFDIR}" ]
118then
119 mkdir "${SYSCONFDIR}"
120 if [ ! -e "${SYSCONFDIR}" ]
121 then
122 echo
123 echo "Creating ${SYSCONFDIR} directory failed"
124 echo
125 exit 1
126 fi
127fi
128
129# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
130# the same as ${PREFIX}
131
Ben Lindstromb100ec92001-01-19 05:37:32 +0000132old_install=0
Kevin Steves9be6e262000-10-29 19:18:49 +0000133if [ "${OLDPREFIX}" != "${PREFIX}" ]
134then
135 if [ -f "${OLDPREFIX}/sbin/sshd" ]
136 then
137 echo
138 echo "You seem to have an older installation in ${OLDPREFIX}."
139 echo
140 # Check if old global configuration files exist
141 if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
142 then
143 if request "Do you want to copy your config files to your new installation?"
144 then
145 cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
146 cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
147 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
148 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
149 cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
150 cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
151 fi
152 fi
153 if request "Do you want to erase your old installation?"
154 then
155 rm -f ${OLDPREFIX}/bin/ssh.exe
156 rm -f ${OLDPREFIX}/bin/ssh-config
157 rm -f ${OLDPREFIX}/bin/scp.exe
158 rm -f ${OLDPREFIX}/bin/ssh-add.exe
159 rm -f ${OLDPREFIX}/bin/ssh-agent.exe
160 rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
161 rm -f ${OLDPREFIX}/bin/slogin
162 rm -f ${OLDSYSCONFDIR}/ssh_host_key
163 rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
164 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
165 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
166 rm -f ${OLDSYSCONFDIR}/ssh_config
167 rm -f ${OLDSYSCONFDIR}/sshd_config
168 rm -f ${OLDPREFIX}/man/man1/ssh.1
169 rm -f ${OLDPREFIX}/man/man1/scp.1
170 rm -f ${OLDPREFIX}/man/man1/ssh-add.1
171 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
172 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
173 rm -f ${OLDPREFIX}/man/man1/slogin.1
174 rm -f ${OLDPREFIX}/man/man8/sshd.8
175 rm -f ${OLDPREFIX}/sbin/sshd.exe
176 rm -f ${OLDPREFIX}/sbin/sftp-server.exe
177 fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000178 old_install=1
Kevin Steves9be6e262000-10-29 19:18:49 +0000179 fi
180fi
181
182# First generate host keys if not already existing
183
184if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
185then
186 echo "Generating ${SYSCONFDIR}/ssh_host_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000187 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
188fi
189
190if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
191then
192 echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
193 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000194fi
195
196if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
197then
198 echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000199 ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000200fi
201
202# Check if ssh_config exists. If yes, ask for overwriting
203
204if [ -f "${SYSCONFDIR}/ssh_config" ]
205then
206 if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
207 then
208 rm -f "${SYSCONFDIR}/ssh_config"
209 if [ -f "${SYSCONFDIR}/ssh_config" ]
210 then
211 echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
212 fi
213 fi
214fi
215
216# Create default ssh_config from here script
217
218if [ ! -f "${SYSCONFDIR}/ssh_config" ]
219then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000220 echo "Generating ${SYSCONFDIR}/ssh_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000221 cat > ${SYSCONFDIR}/ssh_config << EOF
222# This is ssh client systemwide configuration file. This file provides
223# defaults for users, and the values can be changed in per-user configuration
224# files or on the command line.
225
226# Configuration data is parsed as follows:
227# 1. command line options
228# 2. user-specific file
229# 3. system-wide file
230# Any configuration value is only changed the first time it is set.
231# Thus, host-specific definitions should be at the beginning of the
232# configuration file, and defaults at the end.
233
234# Site-wide defaults for various options
235
236# Host *
237# ForwardAgent yes
238# ForwardX11 yes
239# RhostsAuthentication yes
240# RhostsRSAAuthentication yes
241# RSAAuthentication yes
242# PasswordAuthentication yes
243# FallBackToRsh no
244# UseRsh no
245# BatchMode no
246# CheckHostIP yes
247# StrictHostKeyChecking no
Kevin Steves9be6e262000-10-29 19:18:49 +0000248# Port 22
249# Protocol 2,1
250# Cipher 3des
251# EscapeChar ~
252
253# Be paranoid by default
254Host *
255 ForwardAgent no
256 ForwardX11 no
257 FallBackToRsh no
Ben Lindstromb100ec92001-01-19 05:37:32 +0000258
259# Try authentification with the following identities
260 IdentityFile ~/.ssh/identity
261 IdentityFile ~/.ssh/id_rsa
262 IdentityFile ~/.ssh/id_dsa
Kevin Steves9be6e262000-10-29 19:18:49 +0000263EOF
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100264 if [ "$port_number" != "22" ]
265 then
266 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
267 echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
268 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000269fi
270
271# Check if sshd_config exists. If yes, ask for overwriting
272
273if [ -f "${SYSCONFDIR}/sshd_config" ]
274then
275 if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
276 then
277 rm -f "${SYSCONFDIR}/sshd_config"
278 if [ -f "${SYSCONFDIR}/sshd_config" ]
279 then
280 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
281 fi
282 fi
283fi
284
285# Create default sshd_config from here script
286
287if [ ! -f "${SYSCONFDIR}/sshd_config" ]
288then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000289 echo "Generating ${SYSCONFDIR}/sshd_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000290 cat > ${SYSCONFDIR}/sshd_config << EOF
291# This is ssh server systemwide configuration file.
292
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100293Port $port_number
Ben Lindstromb100ec92001-01-19 05:37:32 +0000294#
295Protocol 2,1
Kevin Steves9be6e262000-10-29 19:18:49 +0000296ListenAddress 0.0.0.0
297#ListenAddress ::
Ben Lindstromb100ec92001-01-19 05:37:32 +0000298#
299# Uncomment the following lines according to the used authentication
300HostKey /etc/ssh_host_key
301HostKey /etc/ssh_host_rsa_key
302HostKey /etc/ssh_host_dsa_key
Kevin Steves9be6e262000-10-29 19:18:49 +0000303ServerKeyBits 768
304LoginGraceTime 600
305KeyRegenerationInterval 3600
306PermitRootLogin yes
307#
308# Don't read ~/.rhosts and ~/.shosts files
309IgnoreRhosts yes
310# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
311#IgnoreUserKnownHosts yes
Ben Lindstroma5820292001-07-18 16:25:41 +0000312
313#
314# The following setting overrides permission checks on host key files
315# and directories. For security reasons set this to "yes" when running
316# NT/W2K, NTFS and CYGWIN=ntsec.
317StrictModes no
318
Kevin Steves9be6e262000-10-29 19:18:49 +0000319X11Forwarding no
320X11DisplayOffset 10
321PrintMotd yes
322KeepAlive yes
323
324# Logging
325SyslogFacility AUTH
326LogLevel INFO
327#obsoletes QuietMode and FascistLogging
328
329RhostsAuthentication no
330#
331# For this to work you will also need host keys in /etc/ssh_known_hosts
332RhostsRSAAuthentication no
333
Kevin Steves9be6e262000-10-29 19:18:49 +0000334RSAAuthentication yes
335
Ben Lindstroma5820292001-07-18 16:25:41 +0000336PasswordAuthentication yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000337PermitEmptyPasswords no
338
339CheckMail no
340UseLogin no
341
342#Uncomment if you want to enable sftp
343#Subsystem sftp /usr/sbin/sftp-server
344#MaxStartups 10:30:60
345EOF
346fi
347
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100348# Care for services file
Ben Lindstromb100ec92001-01-19 05:37:32 +0000349_sys="`uname -a`"
350_nt=`expr "$_sys" : "CYGWIN_NT"`
351if [ $_nt -gt 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000352then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000353 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
354 _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
355else
356 _wservices="${WINDIR}\\SERVICES"
357 _wserv_tmp="${WINDIR}\\SERV.$$"
Kevin Steves9be6e262000-10-29 19:18:49 +0000358fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000359_services=`cygpath -u "${_wservices}"`
360_serv_tmp=`cygpath -u "${_wserv_tmp}"`
Kevin Steves9be6e262000-10-29 19:18:49 +0000361
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100362mount -t -f "${_wservices}" "${_services}"
363mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
Kevin Steves9be6e262000-10-29 19:18:49 +0000364
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100365# Remove sshd 22/port from services
366if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000367then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100368 grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
369 if [ -f "${_serv_tmp}" ]
370 then
371 if mv "${_serv_tmp}" "${_services}"
372 then
373 echo "Removing sshd from ${_services}"
374 else
375 echo "Removing sshd from ${_services} failed\!"
376 fi
377 rm -f "${_serv_tmp}"
378 else
379 echo "Removing sshd from ${_services} failed\!"
380 fi
381fi
382
383# Add ssh 22/tcp and ssh 22/udp to services
384if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
385then
386 awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000387 if [ -f "${_serv_tmp}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000388 then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000389 if mv "${_serv_tmp}" "${_services}"
390 then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100391 echo "Added ssh to ${_services}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000392 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100393 echo "Adding ssh to ${_services} failed\!"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000394 fi
395 rm -f "${_serv_tmp}"
396 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100397 echo "Adding ssh to ${_services} failed\!"
Kevin Steves9be6e262000-10-29 19:18:49 +0000398 fi
399fi
400
Ben Lindstromb100ec92001-01-19 05:37:32 +0000401umount "${_services}"
402umount "${_serv_tmp}"
403
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100404# Care for inetd.conf file
405_inetcnf="/etc/inetd.conf"
406_inetcnf_tmp="/etc/inetd.conf.$$"
407
408if [ -f "${_inetcnf}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000409then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100410 # Check if ssh service is already in use as sshd
411 with_comment=1
412 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
413 # Remove sshd line from inetd.conf
414 if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
415 then
416 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
417 if [ -f "${_inetcnf_tmp}" ]
418 then
419 if mv "${_inetcnf_tmp}" "${_inetcnf}"
420 then
421 echo "Removed sshd from ${_inetcnf}"
422 else
423 echo "Removing sshd from ${_inetcnf} failed\!"
424 fi
425 rm -f "${_inetcnf_tmp}"
426 else
427 echo "Removing sshd from ${_inetcnf} failed\!"
428 fi
429 fi
430
431 # Add ssh line to inetd.conf
432 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
433 then
434 if [ "${with_comment}" -eq 0 ]
435 then
436 echo 'ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
437 else
438 echo '# ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}"
439 fi
440 echo "Added ssh to ${_inetcnf}"
441 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000442fi
443
Ben Lindstroma5820292001-07-18 16:25:41 +0000444# Create /var/log and /var/log/lastlog if not already existing
445
446if [ -f /var/log ]
447then
448 echo "Creating /var/log failed\!"
449else
450 if [ ! -d /var/log ]
451 then
452 mkdir /var/log
453 fi
454 if [ -d /var/log/lastlog ]
455 then
456 echo "Creating /var/log/lastlog failed\!"
457 elif [ ! -f /var/log/lastlog ]
458 then
459 cat /dev/null > /var/log/lastlog
460 fi
461fi
462
463# On NT ask if sshd should be installed as service
464if [ $_nt -gt 0 ]
465then
466 echo
467 echo "Do you want to install sshd as service?"
468 if request "(Say \"no\" if it's already installed as service)"
469 then
470 echo
471 echo "Which value should the environment variable CYGWIN have when"
472 echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
473 echo "able to change user context without password."
474 echo -n "Default is \"binmode ntsec tty\". CYGWIN="
475 read _cygwin
476 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
477 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
478 then
479 chown system /etc/ssh*
480 echo
481 echo "The service has been installed under LocalSystem account."
482 fi
483 fi
484fi
485
Ben Lindstromb100ec92001-01-19 05:37:32 +0000486if [ "${old_install}" = "1" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000487then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000488 echo
489 echo "Note: If you have used sshd as service or from inetd, don't forget to"
490 echo " change the path to sshd.exe in the service entry or in inetd.conf."
Kevin Steves9be6e262000-10-29 19:18:49 +0000491fi
492
493echo
Ben Lindstromb100ec92001-01-19 05:37:32 +0000494echo "Host configuration finished. Have fun!"