Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <010601c0a37f$e2f7d240$1d1587a8@deluxe.com> From: "CyberZombie" To: "Cygwin" Subject: ssh-host-config change request Date: Fri, 2 Mar 2001 19:18:42 -0600 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0102_01C0A34D.97C47DA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 ------=_NextPart_000_0102_01C0A34D.97C47DA0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0103_01C0A34D.97C47DA0" ------=_NextPart_001_0103_01C0A34D.97C47DA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Many corporate firewalls don't allow port 22 but do allow other ports = (examples would be 21 and 80). I've gotten tired of having to manually = change my sshd_config and services files every time I reconfig at = home...so I modified ssh-host-config to take an optional port = assignment. I have verified functionality on NT -- will check WindMill = tonight. Corinna -- would you consider adding this to the next release? = Thanks... diff follows and modified ssh-newhost-config is attached: 18a19 > port_number=3D22 69a71,75 > -p | --port ) > port_number=3D$1 > shift > ;; >=20 78a85 > echo " --port -p sshd listens on port n." 275c282 < Port 22 --- > Port $port_number 328c335 < # Add port 22/tcp to services --- > # Add port $port_number/tcp to services 345c352,368 < if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] --- > cat > /tmp/sshd_awk.$$ << EOF > \$1 =3D=3D "sshd" { next } > ! finished && \$2 + 0 >=3D $port_number { > finished =3D 1 > if ( \$2 + 0 =3D=3D $port_number ) { > # Problem -- non-sshd port assignment already exists. > } else { > print "sshd $port_number/tcp = #SSH daemon\r" > } > } > { print \$0 } > EOF >=20 > awk -f /tmp/sshd_awk.$$ < "${_services}" > "${_serv_tmp}" > rm -f /tmp/sshd_awk.$$ >=20 > if [ -f "${_serv_tmp}" ] 347,348c370 < awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp = #SSH daemon\r"; print $0; }' < "${_services}" > = "${_serv_tmp}" < if [ -f "${_serv_tmp}" ] --- > if [ `egrep -q '^sshd[ \t]' "${_serv_tmp}"; echo $?` -ne 0 ] 349a372,373 > echo "Unable to add sshd to ${_services} as port $port_number = already in use" > else 357,358d380 < else < echo "Adding sshd to ${_services} failed\!" 359a382,383 > else > echo "Adding sshd to ${_services} failed\!" ------=_NextPart_001_0103_01C0A34D.97C47DA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Many corporate firewalls don't allow = port 22 but do=20 allow other ports (examples would be 21 and 80).  I've gotten tired = of=20 having to manually change my sshd_config and services files every time I = reconfig at home...so I modified ssh-host-config to take an optional = port=20 assignment.  I have verified functionality on NT -- will check = WindMill=20 tonight.
 
Corinna -- would you consider adding = this to the=20 next release?  Thanks...
 
diff follows and modified = ssh-newhost-config is=20 attached:
 
18a19
>=20 port_number=3D22
69a71,75
>   -p | --port=20 )
>     = port_number=3D$1
>    =20 shift
>     ;;
>=20
78a85
>     echo "   =20 --port   -p <n> sshd listens on port = n."
275c282
< Port=20 22
---
> Port $port_number
328c335
< # Add port 22/tcp = to=20 services
---
> # Add port $port_number/tcp to=20 services
345c352,368
< if [ `grep -q 'sshd[ \t][ \t]*22'=20 "${_services}"; echo $?` -ne 0 ]
---
> cat > = /tmp/sshd_awk.$$=20 << EOF
> \$1 =3D=3D "sshd" { next }
> ! finished = && \$2 +=20 0 >=3D $port_number {
>   finished =3D = 1
>   if (=20 \$2 + 0 =3D=3D $port_number ) {
>     # = Problem --=20 non-sshd port assignment already exists.
>   } else=20 {
>     print=20 "sshd           &n= bsp;  =20 $port_number/tcp         &nb= sp;           &nbs= p;    =20 #SSH daemon\r"
>   }
> }
> { print \$0 = }
>=20 EOF
>
> awk -f /tmp/sshd_awk.$$ < "${_services}" >=20 "${_serv_tmp}"
> rm -f /tmp/sshd_awk.$$
>
> if [ -f=20 "${_serv_tmp}" ]
347,348c370
<   awk '{ if ( $2 ~ = /^23\/tcp/=20 ) print=20 "sshd           &n= bsp;  =20 22/tcp           &= nbsp;           &n= bsp;  =20 #SSH daemon\r"; print $0; }' < "${_services}" >=20 "${_serv_tmp}"
<   if [ -f "${_serv_tmp}"=20 ]
---
>   if [ `egrep -q '^sshd[ \t]' "${_serv_tmp}"; = echo=20 $?` -ne 0 ]
349a372,373
>     echo "Unable = to add=20 sshd to ${_services} as port $port_number already in = use"
>  =20 else
357,358d380
<   = else
<    =20 echo "Adding sshd to ${_services} failed\!"
359a382,383
>=20 else
>   echo "Adding sshd to ${_services}=20 failed\!"
------=_NextPart_001_0103_01C0A34D.97C47DA0-- ------=_NextPart_000_0102_01C0A34D.97C47DA0 Content-Type: application/octet-stream; name="ssh-newhost-config" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ssh-newhost-config" #!/bin/sh=0A= #=0A= # ssh-host-config, Copyright 2000, Red Hat Inc.=0A= #=0A= # This file is part of the Cygwin port of OpenSSH.=0A= =0A= # Subdirectory where the new package is being installed=0A= PREFIX=3D/usr=0A= =0A= # Directory where the config files are stored=0A= SYSCONFDIR=3D/etc=0A= =0A= # Subdirectory where an old package might be installed=0A= OLDPREFIX=3D/usr/local=0A= OLDSYSCONFDIR=3D${OLDPREFIX}/etc=0A= =0A= progname=3D$0=0A= auto_answer=3D""=0A= port_number=3D22=0A= =0A= request()=0A= {=0A= if [ "${auto_answer}" =3D "yes" ]=0A= then=0A= return 0=0A= elif [ "${auto_answer}" =3D "no" ]=0A= then=0A= return 1=0A= fi=0A= =0A= answer=3D""=0A= while [ "X${answer}" !=3D "Xyes" -a "X${answer}" !=3D "Xno" ]=0A= do=0A= echo -n "$1 (yes/no) "=0A= read answer=0A= done=0A= if [ "X${answer}" =3D "Xyes" ]=0A= then=0A= return 0=0A= else=0A= return 1=0A= fi=0A= }=0A= =0A= # Check options=0A= =0A= while :=0A= do=0A= case $# in=0A= 0)=0A= break=0A= ;;=0A= esac=0A= =0A= option=3D$1=0A= shift=0A= =0A= case "$option" in=0A= -d | --debug )=0A= set -x=0A= ;;=0A= =0A= -y | --yes )=0A= auto_answer=3Dyes=0A= ;;=0A= =0A= -n | --no )=0A= auto_answer=3Dno=0A= ;;=0A= =0A= -p | --port )=0A= port_number=3D$1=0A= shift=0A= ;;=0A= =0A= *)=0A= echo "usage: ${progname} [OPTION]..."=0A= echo=0A= echo "This script creates an OpenSSH host configuration."=0A= echo=0A= echo "Options:"=0A= echo " --debug -d Enable shell's debug output."=0A= echo " --yes -y Answer all questions with \"yes\" = automatically."=0A= echo " --no -n Answer all questions with \"no\" = automatically."=0A= echo " --port -p sshd listens on port n."=0A= echo=0A= exit 1=0A= ;;=0A= =0A= esac=0A= done=0A= =0A= # Check for running ssh/sshd processes first. Refuse to do anything while=0A= # some ssh processes are still running=0A= =0A= if ps -ef | grep -v grep | grep -q ssh=0A= then=0A= echo=0A= echo "There are still ssh processes running. Please shut them down = first."=0A= echo=0A= exit 1=0A= fi=0A= =0A= # Check for ${SYSCONFDIR} directory=0A= =0A= if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]=0A= then=0A= echo=0A= echo "${SYSCONFDIR} is existant but not a directory."=0A= echo "Cannot create global configuration files."=0A= echo=0A= exit 1=0A= fi=0A= =0A= # Create it if necessary=0A= =0A= if [ ! -e "${SYSCONFDIR}" ]=0A= then=0A= mkdir "${SYSCONFDIR}"=0A= if [ ! -e "${SYSCONFDIR}" ]=0A= then=0A= echo=0A= echo "Creating ${SYSCONFDIR} directory failed"=0A= echo=0A= exit 1=0A= fi=0A= fi=0A= =0A= # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't=0A= # the same as ${PREFIX}=0A= =0A= old_install=3D0=0A= if [ "${OLDPREFIX}" !=3D "${PREFIX}" ]=0A= then=0A= if [ -f "${OLDPREFIX}/sbin/sshd" ]=0A= then=0A= echo=0A= echo "You seem to have an older installation in ${OLDPREFIX}."=0A= echo=0A= # Check if old global configuration files exist=0A= if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]=0A= then=0A= if request "Do you want to copy your config files to your new = installation?"=0A= then=0A= cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}=0A= cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}=0A= cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}=0A= cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}=0A= cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}=0A= cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}=0A= fi=0A= fi=0A= if request "Do you want to erase your old installation?"=0A= then=0A= rm -f ${OLDPREFIX}/bin/ssh.exe=0A= rm -f ${OLDPREFIX}/bin/ssh-config=0A= rm -f ${OLDPREFIX}/bin/scp.exe=0A= rm -f ${OLDPREFIX}/bin/ssh-add.exe=0A= rm -f ${OLDPREFIX}/bin/ssh-agent.exe=0A= rm -f ${OLDPREFIX}/bin/ssh-keygen.exe=0A= rm -f ${OLDPREFIX}/bin/slogin=0A= rm -f ${OLDSYSCONFDIR}/ssh_host_key=0A= rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub=0A= rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key=0A= rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub=0A= rm -f ${OLDSYSCONFDIR}/ssh_config=0A= rm -f ${OLDSYSCONFDIR}/sshd_config=0A= rm -f ${OLDPREFIX}/man/man1/ssh.1=0A= rm -f ${OLDPREFIX}/man/man1/scp.1=0A= rm -f ${OLDPREFIX}/man/man1/ssh-add.1=0A= rm -f ${OLDPREFIX}/man/man1/ssh-agent.1=0A= rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1=0A= rm -f ${OLDPREFIX}/man/man1/slogin.1=0A= rm -f ${OLDPREFIX}/man/man8/sshd.8=0A= rm -f ${OLDPREFIX}/sbin/sshd.exe=0A= rm -f ${OLDPREFIX}/sbin/sftp-server.exe=0A= fi=0A= old_install=3D1=0A= fi=0A= fi=0A= =0A= # First generate host keys if not already existing=0A= =0A= if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]=0A= then=0A= echo "Generating ${SYSCONFDIR}/ssh_host_key"=0A= ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null=0A= fi=0A= =0A= if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]=0A= then=0A= echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"=0A= ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null=0A= fi=0A= =0A= if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]=0A= then=0A= echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"=0A= ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null=0A= fi=0A= =0A= # Check if ssh_config exists. If yes, ask for overwriting=0A= =0A= if [ -f "${SYSCONFDIR}/ssh_config" ]=0A= then=0A= if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"=0A= then=0A= rm -f "${SYSCONFDIR}/ssh_config"=0A= if [ -f "${SYSCONFDIR}/ssh_config" ]=0A= then=0A= echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write = protected."=0A= fi=0A= fi=0A= fi=0A= =0A= # Create default ssh_config from here script=0A= =0A= if [ ! -f "${SYSCONFDIR}/ssh_config" ]=0A= then=0A= echo "Generating ${SYSCONFDIR}/ssh_config file"=0A= cat > ${SYSCONFDIR}/ssh_config << EOF=0A= # This is ssh client systemwide configuration file. See ssh(1) for more=0A= # information. This file provides defaults for users, and the values can=0A= # be changed in per-user configuration files or on the command line.=0A= =0A= # Configuration data is parsed as follows:=0A= # 1. command line options=0A= # 2. user-specific file=0A= # 3. system-wide file=0A= # Any configuration value is only changed the first time it is set.=0A= # Thus, host-specific definitions should be at the beginning of the=0A= # configuration file, and defaults at the end.=0A= =0A= # Site-wide defaults for various options=0A= =0A= # Host *=0A= # ForwardAgent no=0A= # ForwardX11 no=0A= # RhostsAuthentication no=0A= # RhostsRSAAuthentication yes=0A= # RSAAuthentication yes=0A= # PasswordAuthentication yes=0A= # FallBackToRsh no=0A= # UseRsh no=0A= # BatchMode no=0A= # CheckHostIP yes=0A= # StrictHostKeyChecking yes=0A= # Port 22=0A= # Protocol 1,2=0A= # Cipher blowfish=0A= # EscapeChar ~=0A= =0A= IdentityFile ~/.ssh/identity=0A= IdentityFile ~/.ssh/id_rsa=0A= IdentityFile ~/.ssh/id_dsa=0A= EOF=0A= fi=0A= =0A= # Check if sshd_config exists. If yes, ask for overwriting=0A= =0A= if [ -f "${SYSCONFDIR}/sshd_config" ]=0A= then=0A= if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"=0A= then=0A= rm -f "${SYSCONFDIR}/sshd_config"=0A= if [ -f "${SYSCONFDIR}/sshd_config" ]=0A= then=0A= echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write = protected."=0A= fi=0A= fi=0A= fi=0A= =0A= # Create default sshd_config from here script=0A= =0A= if [ ! -f "${SYSCONFDIR}/sshd_config" ]=0A= then=0A= echo "Generating ${SYSCONFDIR}/sshd_config file"=0A= cat > ${SYSCONFDIR}/sshd_config << EOF=0A= # This is the sshd server system-wide configuration file. See sshd(8)=0A= # for more information.=0A= =0A= Port $port_number=0A= #Protocol 2,1=0A= #ListenAddress 0.0.0.0=0A= #ListenAddress ::=0A= #=0A= # Uncomment the following lines according to the used authentication=0A= HostKey /etc/ssh_host_key=0A= HostKey /etc/ssh_host_rsa_key=0A= HostKey /etc/ssh_host_dsa_key=0A= #=0A= ServerKeyBits 768=0A= LoginGraceTime 600=0A= KeyRegenerationInterval 3600=0A= PermitRootLogin yes=0A= #=0A= # Don't read ~/.rhosts and ~/.shosts files=0A= IgnoreRhosts yes=0A= # Uncomment if you don't trust ~/.ssh/known_hosts for = RhostsRSAAuthentication=0A= #IgnoreUserKnownHosts yes=0A= StrictModes yes=0A= X11Forwarding no=0A= X11DisplayOffset 10=0A= PrintMotd yes=0A= KeepAlive yes=0A= =0A= # Logging=0A= SyslogFacility AUTH=0A= LogLevel INFO=0A= #obsoletes QuietMode and FascistLogging=0A= =0A= RhostsAuthentication no=0A= #=0A= # For this to work you will also need host keys in /etc/ssh_known_hosts=0A= RhostsRSAAuthentication no=0A= =0A= # To install for logon to different user accounts change to "no" here=0A= RSAAuthentication yes=0A= =0A= # To disable tunneled clear text passwords, change to no here!=0A= PasswordAuthentication yes=0A= PermitEmptyPasswords no=0A= =0A= #CheckMail yes=0A= #UseLogin no=0A= =0A= #MaxStartups 10:30:60=0A= #Banner /etc/issue.net=0A= #ReverseMappingCheck yes=0A= =0A= Subsystem sftp /usr/sbin/sftp-server=0A= EOF=0A= fi=0A= =0A= # Add port $port_number/tcp to services=0A= _sys=3D"`uname -a`"=0A= _nt=3D`expr "$_sys" : "CYGWIN_NT"`=0A= if [ $_nt -gt 0 ]=0A= then=0A= _wservices=3D"${SYSTEMROOT}\\system32\\drivers\\etc\\services"=0A= _wserv_tmp=3D"${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"=0A= else=0A= _wservices=3D"${WINDIR}\\SERVICES"=0A= _wserv_tmp=3D"${WINDIR}\\SERV.$$"=0A= fi=0A= _services=3D`cygpath -u "${_wservices}"`=0A= _serv_tmp=3D`cygpath -u "${_wserv_tmp}"`=0A= =0A= mount -b -f "${_wservices}" "${_services}"=0A= mount -b -f "${_wserv_tmp}" "${_serv_tmp}"=0A= =0A= cat > /tmp/sshd_awk.$$ << EOF=0A= \$1 =3D=3D "sshd" { next }=0A= ! finished && \$2 + 0 >=3D $port_number {=0A= finished =3D 1=0A= if ( \$2 + 0 =3D=3D $port_number ) {=0A= # Problem -- non-sshd port assignment already exists.=0A= } else {=0A= print "sshd $port_number/tcp = #SSH daemon\r"=0A= }=0A= }=0A= { print \$0 }=0A= EOF=0A= =0A= awk -f /tmp/sshd_awk.$$ < "${_services}" > "${_serv_tmp}"=0A= rm -f /tmp/sshd_awk.$$=0A= =0A= if [ -f "${_serv_tmp}" ]=0A= then=0A= if [ `egrep -q '^sshd[ \t]' "${_serv_tmp}"; echo $?` -ne 0 ]=0A= then=0A= echo "Unable to add sshd to ${_services} as port $port_number = already in use"=0A= else=0A= if mv "${_serv_tmp}" "${_services}"=0A= then=0A= echo "Added sshd to ${_services}"=0A= else=0A= echo "Adding sshd to ${_services} failed\!"=0A= fi=0A= rm -f "${_serv_tmp}"=0A= fi=0A= else=0A= echo "Adding sshd to ${_services} failed\!"=0A= fi=0A= =0A= umount "${_services}"=0A= umount "${_serv_tmp}"=0A= =0A= # Add sshd line to inetd.conf=0A= if [ -f /etc/inetd.conf ]=0A= then=0A= grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp = nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf=0A= fi=0A= =0A= if [ "${old_install}" =3D "1" ]=0A= then=0A= echo=0A= echo "Note: If you have used sshd as service or from inetd, don't = forget to"=0A= echo " change the path to sshd.exe in the service entry or in = inetd.conf."=0A= fi=0A= =0A= echo=0A= echo "Host configuration finished. Have fun!"=0A= ------=_NextPart_000_0102_01C0A34D.97C47DA0 Content-Type: text/plain; charset=us-ascii -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple ------=_NextPart_000_0102_01C0A34D.97C47DA0--