X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=W2rPvB3Ch0ybTDvBA1mM5XDs914DJMImjX8d3fVl6R0SZHa3bwazW oUMOplORabA85eUffZpluQSpjChkqkUd4eozaSLznPlCZ5eI9kpBI4dCEETLlGrM GqDnFG9nuil+72ZoLvhau1DUUlMoAN1KazERPKY5Udr+ReJBxRa2eE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=Co6x2EaNnf1jnoJEP6TOxPdHxis=; b=MbIbEDOLsh4SUCUhHiZRs82CYdFJ R3gmx+VTyiZcf3ZZJU9/u4NBTCqv/5Y3qdCVPIFzr+p28Qo2IsLyzRbgb4kYVtjq xX5jRsMCLSq53MtE+ND5QGlSvbo9yvfL7szM0ZgPSy8a93M91s0/ovXLCwxMbzkN Rao5rCoMDhbdY4w= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Thu, 8 Jan 2015 14:19:22 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Fix for ssh-user-config /etc/passwd parsing Message-ID: <20150108131922.GM4190@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <1063405400 DOT 20150105091246 AT yandex DOT ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mvuFargmsA+C2jC8" Content-Disposition: inline In-Reply-To: <1063405400.20150105091246@yandex.ru> User-Agent: Mutt/1.5.23 (2014-03-12) --mvuFargmsA+C2jC8 Content-Type: multipart/mixed; boundary="e8/wErwm0bqugfcz" Content-Disposition: inline --e8/wErwm0bqugfcz Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jan 5 09:12, Andrey Repin wrote: > Greetings, All! >=20 > Replace line 79 with >=20 > pwdhome=3D$(getent passwd ${uid} | cut -sd : -f 6 ) >=20 > The error messages in the next few lines should probably be updated as we= ll. > Something along the lines of >=20 > 83: "Unable to determine user's home directory from system settings.= " \ >=20 > 90: "${pwdhome} is found to be set as your home directory" \ >=20 > 99: csih_warning "Your home directory is found to be set to root (/). = This is not recommended!" Just as I outlined in my other mail a few minutes ago, ssh-user-config in the OpenSSH release package is not the latest upstream version. If you want to test the latest ssh-user-config script with 1.7.34-awareness, see the attached. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --e8/wErwm0bqugfcz Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename=ssh-user-config Content-Transfer-Encoding: quoted-printable #!/bin/bash # # ssh-user-config, Copyright 2000-2014 Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS= =20=20 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.=20= =20=20 # IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,=20= =20=20 # DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR=20= =20=20=20 # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR=20= =20=20=20 # THE USE OR OTHER DEALINGS IN THE SOFTWARE.=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Initialization # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D PROGNAME=3D$(basename -- $0) _tdir=3D$(dirname -- $0) PROGDIR=3D$(cd $_tdir && pwd) CSIH_SCRIPT=3D/usr/share/csih/cygwin-service-installation-helper.sh # Subdirectory where the new package is being installed PREFIX=3D/usr # Directory where the config files are stored SYSCONFDIR=3D/etc source ${CSIH_SCRIPT} auto_passphrase=3D"no" passphrase=3D"" pwdhome=3D with_passphrase=3D # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Routine: create_identity # optionally create identity of type argument in ~/.ssh # optionally add result to ~/.ssh/authorized_keys # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D create_identity() { local file=3D"$1" local type=3D"$2" local name=3D"$3" if [ ! -f "${pwdhome}/.ssh/${file}" ] then if csih_request "Shall I create a ${name} identity file for you?" then csih_inform "Generating ${pwdhome}/.ssh/${file}" if [ "${with_passphrase}" =3D "yes" ] then ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${fi= le}" > /dev/null else ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null fi if csih_request "Do you want to use this identity to login to this ma= chine?" then csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_ke= ys" fi fi fi } # =3D=3D=3D End of create_ssh1_identity() =3D=3D=3D # readonly -f create_identity # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Routine: check_user_homedir # Perform various checks on the user's home directory # SETS GLOBAL VARIABLE: # pwdhome # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D check_user_homedir() { pwdhome=3D$(getent passwd $UID | awk -F: '{ print $6; }') if [ "X${pwdhome}" =3D "X" ] then csih_error_multi \ "There is no home directory set for you in the account database." \ 'Setting $HOME is not sufficient!' fi =20=20 if [ ! -d "${pwdhome}" ] then csih_error_multi \ "${pwdhome} is set in the account database as your home directory" \ 'but it is not a valid directory. Cannot create user identity files.' fi =20=20 # If home is the root dir, set home to empty string to avoid error messag= es # in subsequent parts of that script. if [ "X${pwdhome}" =3D "X/" ] then # But first raise a warning! csih_warning "Your home directory in the account database is set to roo= t (/). This is not recommended!" if csih_request "Would you like to proceed anyway?" then pwdhome=3D'' else csih_warning "Exiting. Configuration is not complete" exit 1 fi fi =20=20 if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] then echo csih_warning 'group and other have been revoked write permission to you= r home' csih_warning "directory ${pwdhome}." csih_warning 'This is required by OpenSSH to allow public key authentic= ation using' csih_warning 'the key files stored in your .ssh subdirectory.' csih_warning 'Revert this change ONLY if you know what you are doing!' echo fi } # =3D=3D=3D End of check_user_homedir() =3D=3D=3D # readonly -f check_user_homedir # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Routine: check_user_dot_ssh_dir # Perform various checks on the ~/.ssh directory # PREREQUISITE: # pwdhome -- check_user_homedir() # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D check_user_dot_ssh_dir() { if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] then csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot cre= ate user identity files." fi =20=20 if [ ! -e "${pwdhome}/.ssh" ] then mkdir "${pwdhome}/.ssh" if [ ! -e "${pwdhome}/.ssh" ] then csih_error "Creating users ${pwdhome}/.ssh directory failed" fi fi } # =3D=3D=3D End of check_user_dot_ssh_dir() =3D=3D=3D # readonly -f check_user_dot_ssh_dir # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Routine: fix_authorized_keys_perms # Corrects the permissions of ~/.ssh/authorized_keys # PREREQUISITE: # pwdhome -- check_user_homedir() # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D fix_authorized_keys_perms() { if [ -e "${pwdhome}/.ssh/authorized_keys" ] then setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys" then csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authoriz= ed_keys" csih_warning "failed. Please care for the correct permissions. The = minimum requirement" csih_warning "is, the owner needs read permissions." echo fi fi } # =3D=3D=3D End of fix_authorized_keys_perms() =3D=3D=3D # readonly -f fix_authorized_keys_perms # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Main Entry Point # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Check how the script has been started. If # (1) it has been started by giving the full path and # that path is /etc/postinstall, OR # (2) Otherwise, if the environment variable # SSH_USER_CONFIG_AUTO_ANSWER_NO is set # then set auto_answer to "no". This allows automatic # creation of the config files in /etc w/o overwriting # them if they already exist. In both cases, color # escape sequences are suppressed, so as to prevent # cluttering setup's logfiles. if [ "$PROGDIR" =3D "/etc/postinstall" ] then csih_auto_answer=3D"no" csih_disable_color fi if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] then csih_auto_answer=3D"no" csih_disable_color fi # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Parse options # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D while : do case $# in 0) break ;; esac option=3D$1 shift case "$option" in -d | --debug ) set -x csih_trace_on ;; -y | --yes ) csih_auto_answer=3Dyes ;; -n | --no ) csih_auto_answer=3Dno ;; -p | --passphrase ) with_passphrase=3D"yes" passphrase=3D$1 shift ;; *) echo "usage: ${PROGNAME} [OPTION]..." echo echo "This script creates an OpenSSH user configuration." echo echo "Options:" echo " --debug -d Enable shell's debug output." echo " --yes -y Answer all questions with \"yes\" auto= matically." echo " --no -n Answer all questions with \"no\" autom= atically." echo " --passphrase -p word Use \"word\" as passphrase automatical= ly." echo exit 1 ;; esac done # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Action! # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D check_user_homedir check_user_dot_ssh_dir create_identity id_rsa rsa "SSH2 RSA" create_identity id_dsa dsa "SSH2 DSA" create_identity id_ecdsa ecdsa "SSH2 ECDSA" create_identity identity rsa1 "(deprecated) SSH1 RSA" fix_authorized_keys_perms echo csih_inform "Configuration finished. Have fun!" --e8/wErwm0bqugfcz-- --mvuFargmsA+C2jC8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUroPaAAoJEPU2Bp2uRE+gXZEP/ihfrfmXLdkjS2ElGPgEEjA8 KyIXjIZXw1guSLsqPi4UBuDxAaVa9vC6nkXa4mHBbvoe46JGhA1532BR1UvshhTc W8gBLNt5gLEp/wPyii2RpVFlcC7VX+dMvHLBMCkQfZHQ4JNRQZilYb5jXDEM/VU7 T4kQ/Tt5LE9vwVsiKgWbEfWUSl48dwq7JK3Plm1ZJzMJHhfpriBZHNJPjOYvwBtD cou4YAwWl8PdK49XLqJt0JZmMQS62W1WvQHl6h9h3WxkPQRmB59KjXnxTun/uxIQ dNHkjlbV6b+jATKv96+hHagLrKOU/qWAt9kMd3LFxLUYHeDC4dphvzQQieR+EptT GdcGkXi8bvw03uUCvORJpaBqhFx2Y0U2/FvrDgfVV+SQZSfVR46+eQf9ax0hPe+p +QHHZfv57cRDkxpT46/EiWwXEwBtt2dp9f0ubzi34FncvO7m4nRMyNJ81ciYiO56 HvpSYPe7uHL41ek1KJDqJFOGxpOdjO8sjD1uxGuzGfCPHzQ7S/Tn9Nn9pyQ3u/ig 5jWp5WBU5zIh1IgHzpZe0QpiLTatTxs9jPAITQAchoC689Q+eWGqsQh4j2MOKmgv tngsEJcKOYsDc4AkWyv0USvY+IaYs38psEda8gsSs2UVCHieqbtO7+TNVEEgws45 ywX/4qNZMfdyR+QwEha3 =Rr1e -----END PGP SIGNATURE----- --mvuFargmsA+C2jC8--