Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Date: Tue, 9 Jan 2001 14:59:28 +0100 From: Corinna Vinschen To: cygwin Subject: Re: Request for TESTING: New ssh-host-config and ssh-user-config scripts Message-ID: <20010109145928.A4141@cobold.vinschen.de> Mail-Followup-To: cygwin References: <00122222491508 DOT 00503 AT cygbert> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00122222491508.00503@cygbert>; from cygwin@cygwin.com on Fri, Dec 22, 2000 at 10:49:15PM +0100 --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I have made a change to ssh-user-config which should refuse creating the user files when the /etc/passwd entry of the user isn't ok. Please, test it. I have attached both scripts again as described in my original mail. On Fri, Dec 22, 2000 at 10:49:15PM +0100, Corinna Vinschen wrote: > Hi folks, > > I have attached two new scripts which shall replace the former > `ssh-config' script in the next Cygwin OpenSSH version. > > The first script is called `ssh-host-config' and creates only the > host configuration in /etc. I added two functionalities: > > - It creates a line > > sshd 22/tcp # SSH daemon > > in the systems `services' file if it's not already present and > > - it adds a line > > # sshd stream tcp nowait root /usr/sbin/sshd -i > > to /etc/inetd.conf if the file exists and a `sshd' line isn't > already present. Note that this line is added as a comment! > > To support testing and unattended installation ssh-host-config got > some options: > > usage: ssh-host-config [OPTION]... > Options: > --debug -d Enable shell's debug output. > --yes -y Answer all questions with "yes" automatically. > --no -n Answer all questions with "no" automatically. > > > The second script is `ssh-user-config'. It can be called for each new > user which needs a ssh configuration on the system. The additional > functionality here is that the script asks if the newly created identities > should be added to the authorized_keys files to allow login to this system. > > To support testing and unattended installation ssh-user-config got > some options as well: > > usage: ssh-user-config [OPTION]... > Options: > --debug -d Enable shell's debug output. > --yes -y Answer all questions with "yes" automatically. > --no -n Answer all questions with "no" automatically. > --passphrase -p word Use "word" as passphrase automatically. > > Please, give those scripts a try. They will only work with the test > version of OpenSSH which I announced yesterday because it uses the > new ssh-keygen options and it tries to create SSH2 RSA keys. > > Please report errors or problems in this mailing list and feel free > to submit patches or new ideas for extending the functionality of > both scripts. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=ssh-host-config #!/bin/sh # # ssh-host-config, Copyright 2000, Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. # Subdirectory where the new package is being installed PREFIX=/usr # Directory where the config files are stored SYSCONFDIR=/etc # Subdirectory where an old package might be installed OLDPREFIX=/usr/local OLDSYSCONFDIR=${OLDPREFIX}/etc progname=$0 auto_answer="" request() { if [ "${auto_answer}" = "yes" ] then return 0 elif [ "${auto_answer}" = "no" ] then return 1 fi answer="" while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] do echo -n "$1 (yes/no) " read answer done if [ "X${answer}" = "Xyes" ] then return 0 else return 1 fi } # Check options while : do case $# in 0) break ;; esac option=$1 shift case "$option" in -d | --debug ) set -x ;; -y | --yes ) auto_answer=yes ;; -n | --no ) auto_answer=no ;; *) echo "usage: ${progname} [OPTION]..." echo echo "This script creates an OpenSSH host configuration." echo echo "Options:" echo " --debug -d Enable shell's debug output." echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo exit 1 ;; esac done # Check for running ssh/sshd processes first. Refuse to do anything while # some ssh processes are still running if ps -ef | grep -v grep | grep -q ssh then echo echo "There are still ssh processes running. Please shut them down first." echo exit 1 fi # Check for ${SYSCONFDIR} directory if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] then echo echo "${SYSCONFDIR} is existant but not a directory." echo "Cannot create global configuration files." echo exit 1 fi # Create it if necessary if [ ! -e "${SYSCONFDIR}" ] then mkdir "${SYSCONFDIR}" if [ ! -e "${SYSCONFDIR}" ] then echo echo "Creating ${SYSCONFDIR} directory failed" echo exit 1 fi fi # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't # the same as ${PREFIX} old_install=0 if [ "${OLDPREFIX}" != "${PREFIX}" ] then if [ -f "${OLDPREFIX}/sbin/sshd" ] then echo echo "You seem to have an older installation in ${OLDPREFIX}." echo # Check if old global configuration files exist if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] then if request "Do you want to copy your config files to your new installation?" then cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} fi fi if request "Do you want to erase your old installation?" then rm -f ${OLDPREFIX}/bin/ssh.exe rm -f ${OLDPREFIX}/bin/ssh-config rm -f ${OLDPREFIX}/bin/scp.exe rm -f ${OLDPREFIX}/bin/ssh-add.exe rm -f ${OLDPREFIX}/bin/ssh-agent.exe rm -f ${OLDPREFIX}/bin/ssh-keygen.exe rm -f ${OLDPREFIX}/bin/slogin rm -f ${OLDSYSCONFDIR}/ssh_host_key rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub rm -f ${OLDSYSCONFDIR}/ssh_config rm -f ${OLDSYSCONFDIR}/sshd_config rm -f ${OLDPREFIX}/man/man1/ssh.1 rm -f ${OLDPREFIX}/man/man1/scp.1 rm -f ${OLDPREFIX}/man/man1/ssh-add.1 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 rm -f ${OLDPREFIX}/man/man1/slogin.1 rm -f ${OLDPREFIX}/man/man8/sshd.8 rm -f ${OLDPREFIX}/sbin/sshd.exe rm -f ${OLDPREFIX}/sbin/sftp-server.exe fi old_install=1 fi fi # First generate host keys if not already existing if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] then echo "Generating ${SYSCONFDIR}/ssh_host_key" ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null fi if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] then echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null fi if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] then echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null fi # Check if ssh_config exists. If yes, ask for overwriting if [ -f "${SYSCONFDIR}/ssh_config" ] then if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" then rm -f "${SYSCONFDIR}/ssh_config" if [ -f "${SYSCONFDIR}/ssh_config" ] then echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." fi fi fi # Create default ssh_config from here script if [ ! -f "${SYSCONFDIR}/ssh_config" ] then echo "Generating ${SYSCONFDIR}/ssh_config file" cat > ${SYSCONFDIR}/ssh_config << EOF # This is ssh client systemwide configuration file. This file provides # defaults for users, and the values can be changed in per-user configuration # files or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent yes # ForwardX11 yes # RhostsAuthentication yes # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking no # Port 22 # Protocol 2,1 # Cipher 3des # EscapeChar ~ # Be paranoid by default Host * ForwardAgent no ForwardX11 no FallBackToRsh no # Try authentification with the following identities IdentityFile ~/.ssh/identity IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_dsa EOF fi # Check if sshd_config exists. If yes, ask for overwriting if [ -f "${SYSCONFDIR}/sshd_config" ] then if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" then rm -f "${SYSCONFDIR}/sshd_config" if [ -f "${SYSCONFDIR}/sshd_config" ] then echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." fi fi fi # Create default sshd_config from here script if [ ! -f "${SYSCONFDIR}/sshd_config" ] then echo "Generating ${SYSCONFDIR}/sshd_config file" cat > ${SYSCONFDIR}/sshd_config << EOF # This is ssh server systemwide configuration file. Port 22 # Protocol 2,1 ListenAddress 0.0.0.0 #ListenAddress :: # # Uncomment the following lines according to the used authentication HostKey /etc/ssh_host_key HostKey /etc/ssh_host_rsa_key HostKey /etc/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # To install for logon to different user accounts change to "no" here RSAAuthentication yes # To install for logon to different user accounts change to "yes" here PasswordAuthentication no PermitEmptyPasswords no CheckMail no UseLogin no #Uncomment if you want to enable sftp #Subsystem sftp /usr/sbin/sftp-server #MaxStartups 10:30:60 EOF fi # Add port 22/tcp to services _sys="`uname -a`" _nt=`expr "$_sys" : "CYGWIN_NT"` if [ $_nt -gt 0 ] then _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" else _wservices="${WINDIR}\\SERVICES" _wserv_tmp="${WINDIR}\\SERV.$$" fi _services=`cygpath -u "${_wservices}"` _serv_tmp=`cygpath -u "${_wserv_tmp}"` mount -b -f "${_wservices}" "${_services}" mount -b -f "${_wserv_tmp}" "${_serv_tmp}" if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] then awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}" if [ -f "${_serv_tmp}" ] then if mv "${_serv_tmp}" "${_services}" then echo "Added sshd to ${_services}" else echo "Adding sshd to ${_services} failed\!" fi rm -f "${_serv_tmp}" else echo "Adding sshd to ${_services} failed\!" fi fi umount "${_services}" umount "${_serv_tmp}" # Add sshd line to inetd.conf if [ -f /etc/inetd.conf ] then grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf fi if [ "${old_install}" = "1" ] then echo echo "Note: If you have used sshd as service or from inetd, don't forget to" echo " change the path to sshd.exe in the service entry or in inetd.conf." fi echo echo "Host configuration finished. Have fun!" --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=ssh-user-config #!/bin/sh # # ssh-user-config, Copyright 2000, Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. progname=$0 auto_answer="" auto_passphrase="no" passphrase="" request() { if [ "${auto_answer}" = "yes" ] then return 0 elif [ "${auto_answer}" = "no" ] then return 1 fi answer="" while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] do echo -n "$1 (yes/no) " read answer done if [ "X${answer}" = "Xyes" ] then return 0 else return 1 fi } # Check options while : do case $# in 0) break ;; esac option=$1 shift case "$option" in -d | --debug ) set -x ;; -y | --yes ) auto_answer=yes ;; -n | --no ) auto_answer=no ;; -p | --passphrase ) with_passphrase="yes" passphrase=$1 shift ;; *) echo "usage: ${progname} [OPTION]..." echo echo "This script creates an OpenSSH user configuration." echo echo "Options:" echo " --debug -d Enable shell's debug output." echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo " --passphrase -p word Use \"word\" as passphrase automatically." echo exit 1 ;; esac done # Ask user if user identity should be generated if [ ! -f /etc/passwd ] then echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file' echo 'first using mkpasswd. Check if it contains an entry for you and' echo 'please care for the home directory in your entry as well.' exit 1 fi uid=`id -u` pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd` if [ "X${pwdhome}" = "X" ] then echo 'There is no home directory set for you in /etc/passwd.' echo 'Setting $HOME is not sufficient!' exit 1 fi if [ ! -d "${pwdhome}" ] then echo "${pwdhome} is set in /etc/passwd as your home directory" echo 'but it is not a valid directory. Cannot create user identity files.' exit 1 fi # If home is the root dir, set home to empty string to avoid error messages # in subsequent parts of that script. if [ "X${pwdhome}" = "X/" ] then # But first raise a warning! echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!' if request "Would you like to proceed anyway?" then pwdhome='' else exit 1 fi fi if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] then echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." exit 1 fi if [ ! -e "${pwdhome}/.ssh" ] then mkdir "${pwdhome}/.ssh" if [ ! -e "${pwdhome}/.ssh" ] then echo "Creating users ${pwdhome}/.ssh directory failed" exit 1 fi fi if [ ! -f "${pwdhome}/.ssh/identity" ] then if request "Shall I create an SSH1 RSA identity file for you?" then echo "Generating ${pwdhome}/.ssh/identity" if [ "${with_passphrase}" = "yes" ] then ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null else ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null fi if request "Do you want to use this identity to login to this machine?" then echo "Adding to ${pwdhome}/.ssh/authorized_keys" cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" fi fi fi if [ ! -f "${pwdhome}/.ssh/id_rsa" ] then if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " then echo "Generating ${pwdhome}/.ssh/id_rsa" if [ "${with_passphrase}" = "yes" ] then ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null else ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null fi if request "Do you want to use this identity to login to this machine?" then echo "Adding to ${pwdhome}/.ssh/authorized_keys2" cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" fi fi fi if [ ! -f "${pwdhome}/.ssh/id_dsa" ] then if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " then echo "Generating ${pwdhome}/.ssh/id_dsa" if [ "${with_passphrase}" = "yes" ] then ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null else ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null fi if request "Do you want to use this identity to login to this machine?" then echo "Adding to ${pwdhome}/.ssh/authorized_keys2" cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" fi fi fi echo echo "Configuration finished. Have fun!" --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple --fUYQa+Pmc3FrFX/N--