Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / d5e082f0d52f652ba50fe33c97f62442d6619045 / . / contrib / cygwin / ssh-host-config
blob: 2c6db51e50a3d050e18549ca2ea520a0b703a005 [file] [log] [blame]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]1#!/bin/sh
2#
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]3# ssh-host-config, Copyright 2000, Red Hat Inc.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]4#
5# This file is part of the Cygwin port of OpenSSH.
6
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]7# Subdirectory where the new package is being installed
8PREFIX=/usr
9
10# Directory where the config files are stored
11SYSCONFDIR=/etc
12
13# Subdirectory where an old package might be installed
14OLDPREFIX=/usr/local
15OLDSYSCONFDIR=${OLDPREFIX}/etc
16
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]17progname=$0
18auto_answer=""
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]19port_number=22
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]20
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]21privsep_configured=no
22privsep_used=yes
23sshd_in_passwd=no
24sshd_in_sam=no
25
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]26request()
27{
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]28 if [ "${auto_answer}" = "yes" ]
29 then
30 return 0
31 elif [ "${auto_answer}" = "no" ]
32 then
33 return 1
34 fi
35
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]36 answer=""
37 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
38 do
39 echo -n "$1 (yes/no) "
40 read answer
41 done
42 if [ "X${answer}" = "Xyes" ]
43 then
44 return 0
45 else
46 return 1
47 fi
48}
49
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]50# Check options
51
52while :
53do
54 case $# in
55 0)
56 break
57 ;;
58 esac
59
60 option=$1
61 shift
62
63 case "$option" in
64 -d | --debug )
65 set -x
66 ;;
67
68 -y | --yes )
69 auto_answer=yes
70 ;;
71
72 -n | --no )
73 auto_answer=no
74 ;;
75
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]76 -p | --port )
77 port_number=$1
78 shift
79 ;;
80
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]81 *)
82 echo "usage: ${progname} [OPTION]..."
83 echo
84 echo "This script creates an OpenSSH host configuration."
85 echo
86 echo "Options:"
87 echo " --debug -d Enable shell's debug output."
88 echo " --yes -y Answer all questions with \"yes\" automatically."
89 echo " --no -n Answer all questions with \"no\" automatically."
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]90 echo " --port -p <n> sshd listens on port n."
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]91 echo
92 exit 1
93 ;;
94
95 esac
96done
97
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]98# Check if running on NT
99_sys="`uname -a`"
100_nt=`expr "$_sys" : "CYGWIN_NT"`
101
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]102# Check for running ssh/sshd processes first. Refuse to do anything while
103# some ssh processes are still running
104
105if ps -ef | grep -v grep | grep -q ssh
106then
107 echo
108 echo "There are still ssh processes running. Please shut them down first."
109 echo
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]110 exit 1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]111fi
112
113# Check for ${SYSCONFDIR} directory
114
115if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
116then
117 echo
118 echo "${SYSCONFDIR} is existant but not a directory."
119 echo "Cannot create global configuration files."
120 echo
121 exit 1
122fi
123
124# Create it if necessary
125
126if [ ! -e "${SYSCONFDIR}" ]
127then
128 mkdir "${SYSCONFDIR}"
129 if [ ! -e "${SYSCONFDIR}" ]
130 then
131 echo
132 echo "Creating ${SYSCONFDIR} directory failed"
133 echo
134 exit 1
135 fi
136fi
137
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]138# Create /var/log and /var/log/lastlog if not already existing
139
140if [ -f /var/log ]
141then
142 echo "Creating /var/log failed\!"
143else
144 if [ ! -d /var/log ]
145 then
146 mkdir -p /var/log
147 fi
148 if [ -d /var/log/lastlog ]
149 then
150 echo "Creating /var/log/lastlog failed\!"
151 elif [ ! -f /var/log/lastlog ]
152 then
153 cat /dev/null > /var/log/lastlog
154 fi
155fi
156
157# Create /var/empty file used as chroot jail for privilege separation
158if [ -f /var/empty ]
159then
160 echo "Creating /var/empty failed\!"
161else
162 mkdir -p /var/empty
163 # On NT change ownership of that dir to user "system"
164 if [ $_nt -gt 0 ]
165 then
Tim Rice68273952002-07-10 07:40:11 -0700[diff] [blame]166 chmod 755 /var/empty
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]167 chown system.system /var/empty
168 fi
169fi
170
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]171# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
172# the same as ${PREFIX}
173
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]174old_install=0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]175if [ "${OLDPREFIX}" != "${PREFIX}" ]
176then
177 if [ -f "${OLDPREFIX}/sbin/sshd" ]
178 then
179 echo
180 echo "You seem to have an older installation in ${OLDPREFIX}."
181 echo
182 # Check if old global configuration files exist
183 if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
184 then
185 if request "Do you want to copy your config files to your new installation?"
186 then
187 cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
188 cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
189 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
190 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
191 cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
192 cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
193 fi
194 fi
195 if request "Do you want to erase your old installation?"
196 then
197 rm -f ${OLDPREFIX}/bin/ssh.exe
198 rm -f ${OLDPREFIX}/bin/ssh-config
199 rm -f ${OLDPREFIX}/bin/scp.exe
200 rm -f ${OLDPREFIX}/bin/ssh-add.exe
201 rm -f ${OLDPREFIX}/bin/ssh-agent.exe
202 rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
203 rm -f ${OLDPREFIX}/bin/slogin
204 rm -f ${OLDSYSCONFDIR}/ssh_host_key
205 rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
206 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
207 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
208 rm -f ${OLDSYSCONFDIR}/ssh_config
209 rm -f ${OLDSYSCONFDIR}/sshd_config
210 rm -f ${OLDPREFIX}/man/man1/ssh.1
211 rm -f ${OLDPREFIX}/man/man1/scp.1
212 rm -f ${OLDPREFIX}/man/man1/ssh-add.1
213 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
214 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
215 rm -f ${OLDPREFIX}/man/man1/slogin.1
216 rm -f ${OLDPREFIX}/man/man8/sshd.8
217 rm -f ${OLDPREFIX}/sbin/sshd.exe
218 rm -f ${OLDPREFIX}/sbin/sftp-server.exe
219 fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]220 old_install=1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]221 fi
222fi
223
224# First generate host keys if not already existing
225
226if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
227then
228 echo "Generating ${SYSCONFDIR}/ssh_host_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]229 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
230fi
231
232if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
233then
234 echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
235 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]236fi
237
238if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
239then
240 echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]241 ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]242fi
243
244# Check if ssh_config exists. If yes, ask for overwriting
245
246if [ -f "${SYSCONFDIR}/ssh_config" ]
247then
248 if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
249 then
250 rm -f "${SYSCONFDIR}/ssh_config"
251 if [ -f "${SYSCONFDIR}/ssh_config" ]
252 then
253 echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
254 fi
255 fi
256fi
257
258# Create default ssh_config from here script
259
260if [ ! -f "${SYSCONFDIR}/ssh_config" ]
261then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]262 echo "Generating ${SYSCONFDIR}/ssh_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]263 cat > ${SYSCONFDIR}/ssh_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]264# This is the ssh client system-wide configuration file. See
265# ssh_config(5) for more information. This file provides defaults for
266# users, and the values can be changed in per-user configuration files
267# or on the command line.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]268
269# Configuration data is parsed as follows:
270# 1. command line options
271# 2. user-specific file
272# 3. system-wide file
273# Any configuration value is only changed the first time it is set.
274# Thus, host-specific definitions should be at the beginning of the
275# configuration file, and defaults at the end.
276
277# Site-wide defaults for various options
278
279# Host *
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]280# ForwardAgent no
281# ForwardX11 no
282# RhostsAuthentication no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]283# RhostsRSAAuthentication no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]284# RSAAuthentication yes
285# PasswordAuthentication yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]286# BatchMode no
287# CheckHostIP yes
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]288# StrictHostKeyChecking ask
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]289# IdentityFile ~/.ssh/identity
290# IdentityFile ~/.ssh/id_dsa
291# IdentityFile ~/.ssh/id_rsa
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]292# Port 22
293# Protocol 2,1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]294# Cipher 3des
295# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]296# EscapeChar ~
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]297EOF
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]298 if [ "$port_number" != "22" ]
299 then
300 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
301 echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
302 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]303fi
304
305# Check if sshd_config exists. If yes, ask for overwriting
306
307if [ -f "${SYSCONFDIR}/sshd_config" ]
308then
309 if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
310 then
311 rm -f "${SYSCONFDIR}/sshd_config"
312 if [ -f "${SYSCONFDIR}/sshd_config" ]
313 then
314 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
315 fi
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]316 else
317 grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]318 fi
319fi
320
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]321# Prior to creating or modifying sshd_config, care for privilege separation
322
323if [ "$privsep_configured" != "yes" ]
324then
325 if [ $_nt -gt 0 ]
326 then
327 echo "Privilege separation is set to yes by default since OpenSSH 3.3."
328 echo "However, this requires a non-privileged account called 'sshd'."
329 echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
330 echo
331 if request "Shall privilege separation be used?"
332 then
333 privsep_used=yes
334 grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
335 net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
336 if [ "$sshd_in_passwd" != "yes" ]
337 then
338 if [ "$sshd_in_sam" != "yes" ]
339 then
340 echo "Warning: The following function requires administrator privileges!"
341 if request "Shall this script create a local user 'sshd' on this machine?"
342 then
343 dos_var_empty=`cygpath -w /var/empty`
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]344 net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]345 if [ "$sshd_in_sam" != "yes" ]
346 then
347 echo "Warning: Creating the user 'sshd' failed!"
348 fi
349 fi
350 fi
351 if [ "$sshd_in_sam" != "yes" ]
352 then
353 echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
354 echo " Privilege separation set to 'no' again!"
355 echo " Check your ${SYSCONFDIR}/sshd_config file!"
356 privsep_used=no
357 else
Tim Ricee475a3c2002-07-07 14:07:46 -0700[diff] [blame]358 mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]359 fi
360 fi
361 else
362 privsep_used=no
363 fi
364 else
365 # On 9x don't use privilege separation. Since security isn't
366 # available it just adds useless addtional processes.
367 privsep_used=no
368 fi
369fi
370
371# Create default sshd_config from here script or modify to add the
372# missing privsep configuration option
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]373
374if [ ! -f "${SYSCONFDIR}/sshd_config" ]
375then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]376 echo "Generating ${SYSCONFDIR}/sshd_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]377 cat > ${SYSCONFDIR}/sshd_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]378# This is the sshd server system-wide configuration file. See
379# sshd_config(5) for more information.
380
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]381# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
382
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]383# The strategy used for options in the default sshd_config shipped with
384# OpenSSH is to specify options with their default value where
385# possible, but leave them commented. Uncommented options change a
386# default value.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]387
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]388Port $port_number
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]389#Protocol 2,1
390#ListenAddress 0.0.0.0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]391#ListenAddress ::
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]392
393# HostKey for protocol version 1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]394#HostKey ${SYSCONFDIR}/ssh_host_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]395# HostKeys for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]396#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
397#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]398
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]399# Lifetime and size of ephemeral version 1 server key
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]400#KeyRegenerationInterval 3600
401#ServerKeyBits 768
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]402
403# Logging
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]404#obsoletes QuietMode and FascistLogging
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]405#SyslogFacility AUTH
406#LogLevel INFO
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]407
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]408# Authentication:
409
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]410#LoginGraceTime 120
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]411#PermitRootLogin yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]412# The following setting overrides permission checks on host key files
413# and directories. For security reasons set this to "yes" when running
414# NT/W2K, NTFS and CYGWIN=ntsec.
415StrictModes no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]416
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]417#RSAAuthentication yes
418#PubkeyAuthentication yes
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]419#AuthorizedKeysFile .ssh/authorized_keys
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]420
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]421# rhosts authentication should not be used
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]422#RhostsAuthentication no
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]423# Don't read the user's ~/.rhosts and ~/.shosts files
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]424#IgnoreRhosts yes
425# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
426#RhostsRSAAuthentication no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]427# similar for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]428#HostbasedAuthentication no
429# Change to yes if you don't trust ~/.ssh/known_hosts for
430# RhostsRSAAuthentication and HostbasedAuthentication
431#IgnoreUserKnownHosts no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]432
433# To disable tunneled clear text passwords, change to no here!
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]434#PasswordAuthentication yes
435#PermitEmptyPasswords no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]436
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]437# Change to no to disable s/key passwords
438#ChallengeResponseAuthentication yes
439
440#X11Forwarding no
441#X11DisplayOffset 10
442#X11UseLocalhost yes
443#PrintMotd yes
444#PrintLastLog yes
445#KeepAlive yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]446#UseLogin no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]447UsePrivilegeSeparation $privsep_used
Ben Lindstrom224313c2002-11-09 15:59:27 +0000[diff] [blame]448#PermitUserEnvironment no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]449#Compression yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]450
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]451#MaxStartups 10
452# no default banner path
453#Banner /some/path
454#VerifyReverseMapping no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]455
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]456# override default of no subsystems
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]457Subsystem sftp /usr/sbin/sftp-server
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]458EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]459elif [ "$privsep_configured" != "yes" ]
460then
461 echo >> ${SYSCONFDIR}/sshd_config
462 echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]463fi
464
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]465# Care for services file
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]466if [ $_nt -gt 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]467then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]468 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
469 _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
470else
471 _wservices="${WINDIR}\\SERVICES"
472 _wserv_tmp="${WINDIR}\\SERV.$$"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]473fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]474_services=`cygpath -u "${_wservices}"`
475_serv_tmp=`cygpath -u "${_wserv_tmp}"`
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]476
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]477mount -t -f "${_wservices}" "${_services}"
478mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]479
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]480# Remove sshd 22/port from services
481if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]482then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]483 grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
484 if [ -f "${_serv_tmp}" ]
485 then
486 if mv "${_serv_tmp}" "${_services}"
487 then
488 echo "Removing sshd from ${_services}"
489 else
490 echo "Removing sshd from ${_services} failed\!"
491 fi
492 rm -f "${_serv_tmp}"
493 else
494 echo "Removing sshd from ${_services} failed\!"
495 fi
496fi
497
498# Add ssh 22/tcp and ssh 22/udp to services
499if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
500then
501 awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]502 if [ -f "${_serv_tmp}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]503 then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]504 if mv "${_serv_tmp}" "${_services}"
505 then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]506 echo "Added ssh to ${_services}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]507 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]508 echo "Adding ssh to ${_services} failed\!"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]509 fi
510 rm -f "${_serv_tmp}"
511 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]512 echo "Adding ssh to ${_services} failed\!"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]513 fi
514fi
515
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]516umount "${_services}"
517umount "${_serv_tmp}"
518
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]519# Care for inetd.conf file
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]520_inetcnf="${SYSCONFDIR}/inetd.conf"
521_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]522
523if [ -f "${_inetcnf}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]524then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]525 # Check if ssh service is already in use as sshd
526 with_comment=1
527 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
528 # Remove sshd line from inetd.conf
529 if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
530 then
531 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
532 if [ -f "${_inetcnf_tmp}" ]
533 then
534 if mv "${_inetcnf_tmp}" "${_inetcnf}"
535 then
536 echo "Removed sshd from ${_inetcnf}"
537 else
538 echo "Removing sshd from ${_inetcnf} failed\!"
539 fi
540 rm -f "${_inetcnf_tmp}"
541 else
542 echo "Removing sshd from ${_inetcnf} failed\!"
543 fi
544 fi
545
546 # Add ssh line to inetd.conf
547 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
548 then
549 if [ "${with_comment}" -eq 0 ]
550 then
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]551 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]552 else
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]553 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]554 fi
555 echo "Added ssh to ${_inetcnf}"
556 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]557fi
558
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]559# On NT ask if sshd should be installed as service
560if [ $_nt -gt 0 ]
561then
562 echo
563 echo "Do you want to install sshd as service?"
564 if request "(Say \"no\" if it's already installed as service)"
565 then
566 echo
567 echo "Which value should the environment variable CYGWIN have when"
568 echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
569 echo "able to change user context without password."
570 echo -n "Default is \"binmode ntsec tty\". CYGWIN="
571 read _cygwin
572 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
573 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
574 then
Tim Riceb66e2922002-07-05 16:22:32 -0700[diff] [blame]575 chown system ${SYSCONFDIR}/ssh*
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]576 echo
577 echo "The service has been installed under LocalSystem account."
578 fi
579 fi
580fi
581
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]582if [ "${old_install}" = "1" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]583then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]584 echo
585 echo "Note: If you have used sshd as service or from inetd, don't forget to"
586 echo " change the path to sshd.exe in the service entry or in inetd.conf."
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]587fi
588
589echo
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]590echo "Host configuration finished. Have fun!"