Mail Archives: cygwin/2015/01/08/08:19:48
--mvuFargmsA+C2jC8
Content-Type: multipart/mixed; boundary="e8/wErwm0bqugfcz"
Content-Disposition: inline
--e8/wErwm0bqugfcz
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Jan 5 09:12, Andrey Repin wrote:
> Greetings, All!
>=20
> Replace line 79 with
>=20
> pwdhome=3D$(getent passwd ${uid} | cut -sd : -f 6 )
>=20
> The error messages in the next few lines should probably be updated as we=
ll.
> Something along the lines of
>=20
> 83: "Unable to determine user's home directory from system settings.=
" \
>=20
> 90: "${pwdhome} is found to be set as your home directory" \
>=20
> 99: csih_warning "Your home directory is found to be set to root (/). =
This is not recommended!"
Just as I outlined in my other mail a few minutes ago, ssh-user-config
in the OpenSSH release package is not the latest upstream version. If
you want to test the latest ssh-user-config script with 1.7.34-awareness,
see the attached.
Thanks,
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--e8/wErwm0bqugfcz
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename=ssh-user-config
Content-Transfer-Encoding: quoted-printable
#!/bin/bash
#
# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS=
=20=20
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.=20=
=20=20
# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,=20=
=20=20
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR=20=
=20=20=20
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR=20=
=20=20=20
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Initialization
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
PROGNAME=3D$(basename -- $0)
_tdir=3D$(dirname -- $0)
PROGDIR=3D$(cd $_tdir && pwd)
CSIH_SCRIPT=3D/usr/share/csih/cygwin-service-installation-helper.sh
# Subdirectory where the new package is being installed
PREFIX=3D/usr
# Directory where the config files are stored
SYSCONFDIR=3D/etc
source ${CSIH_SCRIPT}
auto_passphrase=3D"no"
passphrase=3D""
pwdhome=3D
with_passphrase=3D
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Routine: create_identity
# optionally create identity of type argument in ~/.ssh
# optionally add result to ~/.ssh/authorized_keys
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
create_identity() {
local file=3D"$1"
local type=3D"$2"
local name=3D"$3"
if [ ! -f "${pwdhome}/.ssh/${file}" ]
then
if csih_request "Shall I create a ${name} identity file for you?"
then
csih_inform "Generating ${pwdhome}/.ssh/${file}"
if [ "${with_passphrase}" =3D "yes" ]
then
ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${fi=
le}" > /dev/null
else
ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
fi
if csih_request "Do you want to use this identity to login to this ma=
chine?"
then
csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_ke=
ys"
fi
fi
fi
} # =3D=3D=3D End of create_ssh1_identity() =3D=3D=3D #
readonly -f create_identity
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Routine: check_user_homedir
# Perform various checks on the user's home directory
# SETS GLOBAL VARIABLE:
# pwdhome
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
check_user_homedir() {
pwdhome=3D$(getent passwd $UID | awk -F: '{ print $6; }')
if [ "X${pwdhome}" =3D "X" ]
then
csih_error_multi \
"There is no home directory set for you in the account database." \
'Setting $HOME is not sufficient!'
fi
=20=20
if [ ! -d "${pwdhome}" ]
then
csih_error_multi \
"${pwdhome} is set in the account database as your home directory" \
'but it is not a valid directory. Cannot create user identity files.'
fi
=20=20
# If home is the root dir, set home to empty string to avoid error messag=
es
# in subsequent parts of that script.
if [ "X${pwdhome}" =3D "X/" ]
then
# But first raise a warning!
csih_warning "Your home directory in the account database is set to roo=
t (/). This is not recommended!"
if csih_request "Would you like to proceed anyway?"
then
pwdhome=3D''
else
csih_warning "Exiting. Configuration is not complete"
exit 1
fi
fi
=20=20
if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
then
echo
csih_warning 'group and other have been revoked write permission to you=
r home'
csih_warning "directory ${pwdhome}."
csih_warning 'This is required by OpenSSH to allow public key authentic=
ation using'
csih_warning 'the key files stored in your .ssh subdirectory.'
csih_warning 'Revert this change ONLY if you know what you are doing!'
echo
fi
} # =3D=3D=3D End of check_user_homedir() =3D=3D=3D #
readonly -f check_user_homedir
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Routine: check_user_dot_ssh_dir
# Perform various checks on the ~/.ssh directory
# PREREQUISITE:
# pwdhome -- check_user_homedir()
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
check_user_dot_ssh_dir() {
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot cre=
ate user identity files."
fi
=20=20
if [ ! -e "${pwdhome}/.ssh" ]
then
mkdir "${pwdhome}/.ssh"
if [ ! -e "${pwdhome}/.ssh" ]
then
csih_error "Creating users ${pwdhome}/.ssh directory failed"
fi
fi
} # =3D=3D=3D End of check_user_dot_ssh_dir() =3D=3D=3D #
readonly -f check_user_dot_ssh_dir
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Routine: fix_authorized_keys_perms
# Corrects the permissions of ~/.ssh/authorized_keys
# PREREQUISITE:
# pwdhome -- check_user_homedir()
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
fix_authorized_keys_perms() {
if [ -e "${pwdhome}/.ssh/authorized_keys" ]
then
setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n
if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
then
csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authoriz=
ed_keys"
csih_warning "failed. Please care for the correct permissions. The =
minimum requirement"
csih_warning "is, the owner needs read permissions."
echo
fi
fi
} # =3D=3D=3D End of fix_authorized_keys_perms() =3D=3D=3D #
readonly -f fix_authorized_keys_perms
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Main Entry Point
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Check how the script has been started. If
# (1) it has been started by giving the full path and
# that path is /etc/postinstall, OR
# (2) Otherwise, if the environment variable
# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
# then set auto_answer to "no". This allows automatic
# creation of the config files in /etc w/o overwriting
# them if they already exist. In both cases, color
# escape sequences are suppressed, so as to prevent
# cluttering setup's logfiles.
if [ "$PROGDIR" =3D "/etc/postinstall" ]
then
csih_auto_answer=3D"no"
csih_disable_color
fi
if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
then
csih_auto_answer=3D"no"
csih_disable_color
fi
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Parse options
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
while :
do
case $# in
0)
break
;;
esac
option=3D$1
shift
case "$option" in
-d | --debug )
set -x
csih_trace_on
;;
-y | --yes )
csih_auto_answer=3Dyes
;;
-n | --no )
csih_auto_answer=3Dno
;;
-p | --passphrase )
with_passphrase=3D"yes"
passphrase=3D$1
shift
;;
*)
echo "usage: ${PROGNAME} [OPTION]..."
echo
echo "This script creates an OpenSSH user configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" auto=
matically."
echo " --no -n Answer all questions with \"no\" autom=
atically."
echo " --passphrase -p word Use \"word\" as passphrase automatical=
ly."
echo
exit 1
;;
esac
done
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Action!
# =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
check_user_homedir
check_user_dot_ssh_dir
create_identity id_rsa rsa "SSH2 RSA"
create_identity id_dsa dsa "SSH2 DSA"
create_identity id_ecdsa ecdsa "SSH2 ECDSA"
create_identity identity rsa1 "(deprecated) SSH1 RSA"
fix_authorized_keys_perms
echo
csih_inform "Configuration finished. Have fun!"
--e8/wErwm0bqugfcz--
--mvuFargmsA+C2jC8
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUroPaAAoJEPU2Bp2uRE+gXZEP/ihfrfmXLdkjS2ElGPgEEjA8
KyIXjIZXw1guSLsqPi4UBuDxAaVa9vC6nkXa4mHBbvoe46JGhA1532BR1UvshhTc
W8gBLNt5gLEp/wPyii2RpVFlcC7VX+dMvHLBMCkQfZHQ4JNRQZilYb5jXDEM/VU7
T4kQ/Tt5LE9vwVsiKgWbEfWUSl48dwq7JK3Plm1ZJzMJHhfpriBZHNJPjOYvwBtD
cou4YAwWl8PdK49XLqJt0JZmMQS62W1WvQHl6h9h3WxkPQRmB59KjXnxTun/uxIQ
dNHkjlbV6b+jATKv96+hHagLrKOU/qWAt9kMd3LFxLUYHeDC4dphvzQQieR+EptT
GdcGkXi8bvw03uUCvORJpaBqhFx2Y0U2/FvrDgfVV+SQZSfVR46+eQf9ax0hPe+p
+QHHZfv57cRDkxpT46/EiWwXEwBtt2dp9f0ubzi34FncvO7m4nRMyNJ81ciYiO56
HvpSYPe7uHL41ek1KJDqJFOGxpOdjO8sjD1uxGuzGfCPHzQ7S/Tn9Nn9pyQ3u/ig
5jWp5WBU5zIh1IgHzpZe0QpiLTatTxs9jPAITQAchoC689Q+eWGqsQh4j2MOKmgv
tngsEJcKOYsDc4AkWyv0USvY+IaYs38psEda8gsSs2UVCHieqbtO7+TNVEEgws45
ywX/4qNZMfdyR+QwEha3
=Rr1e
-----END PGP SIGNATURE-----
--mvuFargmsA+C2jC8--
- Raw text -