* Request for TESTING: New ssh-host-config and ssh-user-config scripts
@ 2000-12-22 13:49 Corinna Vinschen
2000-12-22 15:39 ` CyberZombie
2001-01-09 5:59 ` Corinna Vinschen
0 siblings, 2 replies; 3+ messages in thread
From: Corinna Vinschen @ 2000-12-22 13:49 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2138 bytes --]
Hi folks,
I have attached two new scripts which shall replace the former
`ssh-config' script in the next Cygwin OpenSSH version.
The first script is called `ssh-host-config' and creates only the
host configuration in /etc. I added two functionalities:
- It creates a line
sshd 22/tcp # SSH daemon
in the systems `services' file if it's not already present and
- it adds a line
# sshd stream tcp nowait root /usr/sbin/sshd -i
to /etc/inetd.conf if the file exists and a `sshd' line isn't
already present. Note that this line is added as a comment!
To support testing and unattended installation ssh-host-config got
some options:
usage: ssh-host-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
The second script is `ssh-user-config'. It can be called for each new
user which needs a ssh configuration on the system. The additional
functionality here is that the script asks if the newly created identities
should be added to the authorized_keys files to allow login to this system.
To support testing and unattended installation ssh-user-config got
some options as well:
usage: ssh-user-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
--passphrase -p word Use "word" as passphrase automatically.
Please, give those scripts a try. They will only work with the test
version of OpenSSH which I announced yesterday because it uses the
new ssh-keygen options and it tries to create SSH2 RSA keys.
Please report errors or problems in this mailing list and feel free
to submit patches or new ideas for extending the functionality of
both scripts.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
[-- Attachment #2: ssh-host-config --]
[-- Type: text/x-shellscript, Size: 9370 bytes --]
#!/bin/sh
#
# ssh-host-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
# Subdirectory where the new package is being installed
PREFIX=/usr
# Directory where the config files are stored
SYSCONFDIR=/etc
# Subdirectory where an old package might be installed
OLDPREFIX=/usr/local
OLDSYSCONFDIR=${OLDPREFIX}/etc
progname=$0
auto_answer=""
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
echo -n "$1 (yes/no) "
read answer
done
if [ "X${answer}" = "Xyes" ]
then
return 0
else
return 1
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH host configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo
exit 1
;;
esac
done
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
if ps -ef | grep -v grep | grep -q ssh
then
echo
echo "There are still ssh processes running. Please shut them down first."
echo
exit 1
fi
# Check for ${SYSCONFDIR} directory
if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
then
echo
echo "${SYSCONFDIR} is existant but not a directory."
echo "Cannot create global configuration files."
echo
exit 1
fi
# Create it if necessary
if [ ! -e "${SYSCONFDIR}" ]
then
mkdir "${SYSCONFDIR}"
if [ ! -e "${SYSCONFDIR}" ]
then
echo
echo "Creating ${SYSCONFDIR} directory failed"
echo
exit 1
fi
fi
# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}
old_install=0
if [ "${OLDPREFIX}" != "${PREFIX}" ]
then
if [ -f "${OLDPREFIX}/sbin/sshd" ]
then
echo
echo "You seem to have an older installation in ${OLDPREFIX}."
echo
# Check if old global configuration files exist
if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
then
if request "Do you want to copy your config files to your new installation?"
then
cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
fi
fi
if request "Do you want to erase your old installation?"
then
rm -f ${OLDPREFIX}/bin/ssh.exe
rm -f ${OLDPREFIX}/bin/ssh-config
rm -f ${OLDPREFIX}/bin/scp.exe
rm -f ${OLDPREFIX}/bin/ssh-add.exe
rm -f ${OLDPREFIX}/bin/ssh-agent.exe
rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
rm -f ${OLDPREFIX}/bin/slogin
rm -f ${OLDSYSCONFDIR}/ssh_host_key
rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
rm -f ${OLDSYSCONFDIR}/ssh_config
rm -f ${OLDSYSCONFDIR}/sshd_config
rm -f ${OLDPREFIX}/man/man1/ssh.1
rm -f ${OLDPREFIX}/man/man1/scp.1
rm -f ${OLDPREFIX}/man/man1/ssh-add.1
rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
rm -f ${OLDPREFIX}/man/man1/slogin.1
rm -f ${OLDPREFIX}/man/man8/sshd.8
rm -f ${OLDPREFIX}/sbin/sshd.exe
rm -f ${OLDPREFIX}/sbin/sftp-server.exe
fi
old_install=1
fi
fi
# First generate host keys if not already existing
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_key"
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi
# Check if ssh_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
then
rm -f "${SYSCONFDIR}/ssh_config"
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
fi
fi
fi
# Create default ssh_config from here script
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Generating ${SYSCONFDIR}/ssh_config file"
cat > ${SYSCONFDIR}/ssh_config << EOF
# This is ssh client systemwide configuration file. This file provides
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent yes
# ForwardX11 yes
# RhostsAuthentication yes
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking no
# Port 22
# Protocol 2,1
# Cipher 3des
# EscapeChar ~
# Be paranoid by default
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
# Try authentification with the following identities
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
EOF
fi
# Check if sshd_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
then
rm -f "${SYSCONFDIR}/sshd_config"
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
fi
fi
fi
# Create default sshd_config from here script
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Generating ${SYSCONFDIR}/sshd_config file"
cat > ${SYSCONFDIR}/sshd_config << EOF
# This is ssh server systemwide configuration file.
Port 22
#
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
#
# Uncomment the following lines according to the used authentication
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# To install for logon to different user accounts change to "no" here
RSAAuthentication yes
# To install for logon to different user accounts change to "yes" here
PasswordAuthentication no
PermitEmptyPasswords no
CheckMail no
UseLogin no
#Uncomment if you want to enable sftp
#Subsystem sftp /usr/sbin/sftp-server
#MaxStartups 10:30:60
EOF
fi
# Add port 22/tcp to services
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
_wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
else
_wservices="${WINDIR}\\SERVICES"
_wserv_tmp="${WINDIR}\\SERV.$$"
fi
_services=`cygpath -u "${_wservices}"`
_serv_tmp=`cygpath -u "${_wserv_tmp}"`
mount -b -f "${_wservices}" "${_services}"
mount -b -f "${_wserv_tmp}" "${_serv_tmp}"
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Added sshd to ${_services}"
else
echo "Adding sshd to ${_services} failed\!"
fi
rm -f "${_serv_tmp}"
else
echo "Adding sshd to ${_services} failed\!"
fi
fi
umount "${_services}"
umount "${_serv_tmp}"
# Add sshd line to inetd.conf
if [ -f /etc/inetd.conf ]
then
grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf
fi
if [ "${old_install}" = "1" ]
then
echo
echo "Note: If you have used sshd as service or from inetd, don't forget to"
echo " change the path to sshd.exe in the service entry or in inetd.conf."
fi
echo
echo "Host configuration finished. Have fun!"
[-- Attachment #3: ssh-user-config --]
[-- Type: text/x-shellscript, Size: 4048 bytes --]
#!/bin/sh
#
# ssh-user-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
progname=$0
auto_answer=""
auto_passphrase="no"
passphrase=""
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
echo -n "$1 (yes/no) "
read answer
done
if [ "X${answer}" = "Xyes" ]
then
return 0
else
return 1
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
-p | --passphrase )
with_passphrase="yes"
passphrase=$1
shift
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH user configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo " --passphrase -p word Use \"word\" as passphrase automatically."
echo
exit 1
;;
esac
done
# Ask user if user identity should be generated
if [ "X${HOME}" = "X" ]
then
echo '$HOME is nonexistant. Cannot create user identity files.'
exit 1
fi
if [ ! -d "${HOME}" ]
then
echo '$HOME is not a valid directory. Cannot create user identity files.'
exit 1
fi
# If HOME is the root dir, set HOME to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${HOME}" = "X/" ]
then
HOME=''
fi
if [ -e "${HOME}/.ssh" -a ! -d "${HOME}/.ssh" ]
then
echo '$HOME/.ssh is existant but not a directory. Cannot create user identity files.'
exit 1
fi
if [ ! -e "${HOME}/.ssh" ]
then
mkdir "${HOME}/.ssh"
if [ ! -e "${HOME}/.ssh" ]
then
echo "Creating users ${HOME}/.ssh directory failed"
exit 1
fi
fi
if [ ! -f "${HOME}/.ssh/identity" ]
then
if request "Shall I create an SSH1 RSA identity file for you?"
then
echo "Generating ${HOME}/.ssh/identity"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t rsa1 -N "${passphrase}" -f "${HOME}/.ssh/identity" > /dev/null
else
ssh-keygen -t rsa1 -f "${HOME}/.ssh/identity" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${HOME}/.ssh/authorized_keys"
cat "${HOME}/.ssh/identity.pub" >> "${HOME}/.ssh/authorized_keys"
fi
fi
fi
if [ ! -f "${HOME}/.ssh/id_rsa" ]
then
if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
then
echo "Generating ${HOME}/.ssh/id_rsa"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t rsa -N "${passphrase}" -f "${HOME}/.ssh/id_rsa" > /dev/null
else
ssh-keygen -t rsa -f "${HOME}/.ssh/id_rsa" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${HOME}/.ssh/authorized_keys2"
cat "${HOME}/.ssh/id_rsa.pub" >> "${HOME}/.ssh/authorized_keys2"
fi
fi
fi
if [ ! -f "${HOME}/.ssh/id_dsa" ]
then
if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
then
echo "Generating ${HOME}/.ssh/id_dsa"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t dsa -N "${passphrase}" -f "${HOME}/.ssh/id_dsa" > /dev/null
else
ssh-keygen -t dsa -f "${HOME}/.ssh/id_dsa" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${HOME}/.ssh/authorized_keys2"
cat "${HOME}/.ssh/id_dsa.pub" >> "${HOME}/.ssh/authorized_keys2"
fi
fi
fi
echo
echo 'Please care for setting your home directory in /etc/passwd as well.'
echo 'Otherwise you will get problems running ssh!!!'
echo
echo "Configuration finished. Have fun!"
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Request for TESTING: New ssh-host-config and ssh-user-config scripts
2000-12-22 13:49 Request for TESTING: New ssh-host-config and ssh-user-config scripts Corinna Vinschen
@ 2000-12-22 15:39 ` CyberZombie
2001-01-09 5:59 ` Corinna Vinschen
1 sibling, 0 replies; 3+ messages in thread
From: CyberZombie @ 2000-12-22 15:39 UTC (permalink / raw)
To: cygwin
You might consider adding a port option to ssh-host-config. As my client
sits behind a maniacal corporate firewall, I configured my home box to run
sshd on port 80. That is probably a common workaround for users punching
through firewalls...
----- Original Message -----
From: "Corinna Vinschen" <cygwin@cygwin.com>
To: "cygwin" <cygwin@cygwin.com>
Sent: Friday, December 22, 2000 4:49 PM
Subject: Request for TESTING: New ssh-host-config and ssh-user-config
scripts
Hi folks,
I have attached two new scripts which shall replace the former
`ssh-config' script in the next Cygwin OpenSSH version.
The first script is called `ssh-host-config' and creates only the
host configuration in /etc. I added two functionalities:
- It creates a line
sshd 22/tcp # SSH daemon
in the systems `services' file if it's not already present and
- it adds a line
# sshd stream tcp nowait root /usr/sbin/sshd -i
to /etc/inetd.conf if the file exists and a `sshd' line isn't
already present. Note that this line is added as a comment!
To support testing and unattended installation ssh-host-config got
some options:
usage: ssh-host-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
The second script is `ssh-user-config'. It can be called for each new
user which needs a ssh configuration on the system. The additional
functionality here is that the script asks if the newly created identities
should be added to the authorized_keys files to allow login to this system.
To support testing and unattended installation ssh-user-config got
some options as well:
usage: ssh-user-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
--passphrase -p word Use "word" as passphrase automatically.
Please, give those scripts a try. They will only work with the test
version of OpenSSH which I announced yesterday because it uses the
new ssh-keygen options and it tries to create SSH2 RSA keys.
Please report errors or problems in this mailing list and feel free
to submit patches or new ideas for extending the functionality of
both scripts.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
----------------------------------------------------------------------------
----
> --
> Want to unsubscribe from this list?
> Check out: http://cygwin.com/ml/#unsubscribe-simple
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Request for TESTING: New ssh-host-config and ssh-user-config scripts
2000-12-22 13:49 Request for TESTING: New ssh-host-config and ssh-user-config scripts Corinna Vinschen
2000-12-22 15:39 ` CyberZombie
@ 2001-01-09 5:59 ` Corinna Vinschen
1 sibling, 0 replies; 3+ messages in thread
From: Corinna Vinschen @ 2001-01-09 5:59 UTC (permalink / raw)
To: cygwin
Hi,
I have made a change to ssh-user-config which should refuse
creating the user files when the /etc/passwd entry of the
user isn't ok.
Please, test it. I have attached both scripts again as
described in my original mail.
On Fri, Dec 22, 2000 at 10:49:15PM +0100, Corinna Vinschen wrote:
> Hi folks,
>
> I have attached two new scripts which shall replace the former
> `ssh-config' script in the next Cygwin OpenSSH version.
>
> The first script is called `ssh-host-config' and creates only the
> host configuration in /etc. I added two functionalities:
>
> - It creates a line
>
> sshd 22/tcp # SSH daemon
>
> in the systems `services' file if it's not already present and
>
> - it adds a line
>
> # sshd stream tcp nowait root /usr/sbin/sshd -i
>
> to /etc/inetd.conf if the file exists and a `sshd' line isn't
> already present. Note that this line is added as a comment!
>
> To support testing and unattended installation ssh-host-config got
> some options:
>
> usage: ssh-host-config [OPTION]...
> Options:
> --debug -d Enable shell's debug output.
> --yes -y Answer all questions with "yes" automatically.
> --no -n Answer all questions with "no" automatically.
>
>
> The second script is `ssh-user-config'. It can be called for each new
> user which needs a ssh configuration on the system. The additional
> functionality here is that the script asks if the newly created identities
> should be added to the authorized_keys files to allow login to this system.
>
> To support testing and unattended installation ssh-user-config got
> some options as well:
>
> usage: ssh-user-config [OPTION]...
> Options:
> --debug -d Enable shell's debug output.
> --yes -y Answer all questions with "yes" automatically.
> --no -n Answer all questions with "no" automatically.
> --passphrase -p word Use "word" as passphrase automatically.
>
> Please, give those scripts a try. They will only work with the test
> version of OpenSSH which I announced yesterday because it uses the
> new ssh-keygen options and it tries to create SSH2 RSA keys.
>
> Please report errors or problems in this mailing list and feel free
> to submit patches or new ideas for extending the functionality of
> both scripts.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-01-09 5:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-12-22 13:49 Request for TESTING: New ssh-host-config and ssh-user-config scripts Corinna Vinschen
2000-12-22 15:39 ` CyberZombie
2001-01-09 5:59 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).