New configuration scripts for Cygwin

Corinna Vinschen vinschen at redhat.com
Fri Jan 19 01:39:20 EST 2001


Hi,

I have attached two new shell scripts `ssh-host-config' and
`ssh-user-config' which will replace the script `ssh-config'
in the next Cygwin OpenSSH release.

Could somebody with write access please remove

	contrib/cygwin/ssh-config

from the OpenSSH repository and add these two attached files
instead?

The third attached file is the diff for contrib/cygwin/README.

Thanks in advance,
Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
-------------- next part --------------
#!/bin/sh
#
# ssh-host-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

# Subdirectory where the new package is being installed
PREFIX=/usr

# Directory where the config files are stored
SYSCONFDIR=/etc

# Subdirectory where an old package might be installed
OLDPREFIX=/usr/local
OLDSYSCONFDIR=${OLDPREFIX}/etc

progname=$0
auto_answer=""

request()
{
  if [ "${auto_answer}" = "yes" ]
  then
    return 0
  elif [ "${auto_answer}" = "no" ]
  then
    return 1
  fi

  answer=""
  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
  do
    echo -n "$1 (yes/no) "
    read answer
  done
  if [ "X${answer}" = "Xyes" ]
  then
    return 0
  else
    return 1
  fi
}

# Check options

while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    ;;

  -y | --yes )
    auto_answer=yes
    ;;

  -n | --no )
    auto_answer=no
    ;;

  *)
    echo "usage: ${progname} [OPTION]..."
    echo
    echo "This script creates an OpenSSH host configuration."
    echo
    echo "Options:"
    echo "    --debug  -d     Enable shell's debug output."
    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
    echo "    --no     -n     Answer all questions with \"no\" automatically."
    echo
    exit 1
    ;;

  esac
done

# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running

if ps -ef | grep -v grep | grep -q ssh
then
  echo
  echo "There are still ssh processes running. Please shut them down first."
  echo
  exit 1
fi

# Check for ${SYSCONFDIR} directory

if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
then
  echo
  echo "${SYSCONFDIR} is existant but not a directory."
  echo "Cannot create global configuration files."
  echo
  exit 1
fi

# Create it if necessary

if [ ! -e "${SYSCONFDIR}" ]
then
  mkdir "${SYSCONFDIR}"
  if [ ! -e "${SYSCONFDIR}" ]
  then
    echo
    echo "Creating ${SYSCONFDIR} directory failed"
    echo
    exit 1
  fi
fi

# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}

old_install=0
if [ "${OLDPREFIX}" != "${PREFIX}" ]
then
  if [ -f "${OLDPREFIX}/sbin/sshd" ]
  then
    echo
    echo "You seem to have an older installation in ${OLDPREFIX}."
    echo
    # Check if old global configuration files exist
    if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
    then
      if request "Do you want to copy your config files to your new installation?"
      then
        cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
        cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
      fi
    fi
    if request "Do you want to erase your old installation?"
    then
      rm -f ${OLDPREFIX}/bin/ssh.exe
      rm -f ${OLDPREFIX}/bin/ssh-config
      rm -f ${OLDPREFIX}/bin/scp.exe
      rm -f ${OLDPREFIX}/bin/ssh-add.exe
      rm -f ${OLDPREFIX}/bin/ssh-agent.exe
      rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
      rm -f ${OLDPREFIX}/bin/slogin
      rm -f ${OLDSYSCONFDIR}/ssh_host_key
      rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
      rm -f ${OLDSYSCONFDIR}/ssh_config
      rm -f ${OLDSYSCONFDIR}/sshd_config
      rm -f ${OLDPREFIX}/man/man1/ssh.1
      rm -f ${OLDPREFIX}/man/man1/scp.1
      rm -f ${OLDPREFIX}/man/man1/ssh-add.1
      rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
      rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
      rm -f ${OLDPREFIX}/man/man1/slogin.1
      rm -f ${OLDPREFIX}/man/man8/sshd.8
      rm -f ${OLDPREFIX}/sbin/sshd.exe
      rm -f ${OLDPREFIX}/sbin/sftp-server.exe
    fi
    old_install=1
  fi
fi

# First generate host keys if not already existing

if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_key"
  ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi

if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
  ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi

if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
  ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi

# Check if ssh_config exists. If yes, ask for overwriting

if [ -f "${SYSCONFDIR}/ssh_config" ]
then
  if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
  then
    rm -f "${SYSCONFDIR}/ssh_config"
    if [ -f "${SYSCONFDIR}/ssh_config" ]
    then
      echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
    fi
  fi
fi

# Create default ssh_config from here script

if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
  echo "Generating ${SYSCONFDIR}/ssh_config file"
  cat > ${SYSCONFDIR}/ssh_config << EOF
# This is ssh client systemwide configuration file.  This file provides 
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent yes
#   ForwardX11 yes
#   RhostsAuthentication yes
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking no
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   EscapeChar ~

# Be paranoid by default
Host *
        ForwardAgent no
        ForwardX11 no
        FallBackToRsh no

# Try authentification with the following identities
        IdentityFile ~/.ssh/identity
        IdentityFile ~/.ssh/id_rsa
        IdentityFile ~/.ssh/id_dsa
EOF
fi

# Check if sshd_config exists. If yes, ask for overwriting

if [ -f "${SYSCONFDIR}/sshd_config" ]
then
  if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
  then
    rm -f "${SYSCONFDIR}/sshd_config"
    if [ -f "${SYSCONFDIR}/sshd_config" ]
    then
      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
    fi
  fi
fi

# Create default sshd_config from here script

if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
  echo "Generating ${SYSCONFDIR}/sshd_config file"
  cat > ${SYSCONFDIR}/sshd_config << EOF
# This is ssh server systemwide configuration file.

Port 22
#
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
#
# Uncomment the following lines according to the used authentication
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no

# To install for logon to different user accounts change to "no" here
RSAAuthentication yes

# To install for logon to different user accounts change to "yes" here
PasswordAuthentication no

PermitEmptyPasswords no

CheckMail no
UseLogin no

#Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/sbin/sftp-server
#MaxStartups 10:30:60
EOF
fi

# Add port 22/tcp to services
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
  _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
else
  _wservices="${WINDIR}\\SERVICES"
  _wserv_tmp="${WINDIR}\\SERV.$$"
fi
_services=`cygpath -u "${_wservices}"`
_serv_tmp=`cygpath -u "${_wserv_tmp}"`

mount -b -f "${_wservices}" "${_services}"
mount -b -f "${_wserv_tmp}" "${_serv_tmp}"

if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
  awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd               22/tcp                           #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}"
  if [ -f "${_serv_tmp}" ]
  then
    if mv "${_serv_tmp}" "${_services}"
    then
      echo "Added sshd to ${_services}"
    else
      echo "Adding sshd to ${_services} failed\!"
    fi
    rm -f "${_serv_tmp}"
  else
    echo "Adding sshd to ${_services} failed\!"
  fi
fi

umount "${_services}"
umount "${_serv_tmp}"

# Add sshd line to inetd.conf
if [ -f /etc/inetd.conf ]
then
  grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd  stream  tcp     nowait  root    /usr/sbin/sshd -i" >> /etc/inetd.conf
fi

if [ "${old_install}" = "1" ]
then
  echo
  echo "Note: If you have used sshd as service or from inetd, don't forget to"
  echo "      change the path to sshd.exe in the service entry or in inetd.conf."
fi

echo
echo "Host configuration finished. Have fun!"
-------------- next part --------------
#!/bin/sh
#
# ssh-user-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

progname=$0
auto_answer=""
auto_passphrase="no"
passphrase=""

request()
{
  if [ "${auto_answer}" = "yes" ]
  then
    return 0
  elif [ "${auto_answer}" = "no" ]
  then
    return 1
  fi

  answer=""
  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
  do
    echo -n "$1 (yes/no) "
    read answer
  done
  if [ "X${answer}" = "Xyes" ]
  then
    return 0
  else
    return 1
  fi
}

# Check options

while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    ;;

  -y | --yes )
    auto_answer=yes
    ;;

  -n | --no )
    auto_answer=no
    ;;

  -p | --passphrase )
    with_passphrase="yes"
    passphrase=$1
    shift
    ;;

  *)
    echo "usage: ${progname} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
    echo "Options:"
    echo "    --debug      -d        Enable shell's debug output."
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
    echo
    exit 1
    ;;

  esac
done

# Ask user if user identity should be generated

if [ ! -f /etc/passwd ]
then
  echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file'
  echo 'first using mkpasswd. Check if it contains an entry for you and'
  echo 'please care for the home directory in your entry as well.'
  exit 1
fi

uid=`id -u`
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd`

if [ "X${pwdhome}" = "X" ]
then
  echo 'There is no home directory set for you in /etc/passwd.'
  echo 'Setting $HOME is not sufficient!'
  exit 1
fi

if [ ! -d "${pwdhome}" ]
then
  echo "${pwdhome} is set in /etc/passwd as your home directory"
  echo 'but it is not a valid directory. Cannot create user identity files.'
  exit 1
fi

# If home is the root dir, set home to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${pwdhome}" = "X/" ]
then
  # But first raise a warning!
  echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!'
  if request "Would you like to proceed anyway?"
  then
    pwdhome=''
  else
    exit 1
  fi
fi

if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
  exit 1
fi

if [ ! -e "${pwdhome}/.ssh" ]
then
  mkdir "${pwdhome}/.ssh"
  if [ ! -e "${pwdhome}/.ssh" ]
  then
    echo "Creating users ${pwdhome}/.ssh directory failed"
    exit 1
  fi
fi

if [ ! -f "${pwdhome}/.ssh/identity" ]
then
  if request "Shall I create an SSH1 RSA identity file for you?"
  then
    echo "Generating ${pwdhome}/.ssh/identity"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
    else
      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
then
  if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
  then
    echo "Generating ${pwdhome}/.ssh/id_rsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    else
      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
then
  if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
  then
    echo "Generating ${pwdhome}/.ssh/id_dsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    else
      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
    fi
  fi
fi

echo
echo "Configuration finished. Have fun!"
-------------- next part --------------
Index: README
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- contrib/cygwin/README	2000/10/29 19:18:49	1.1
+++ contrib/cygwin/README	2001/01/18 14:37:43
@@ -20,18 +20,41 @@ of the files has changed from /usr/local
 files are in /etc now.
 
 If you are installing OpenSSH the first time, you can generate
-global config files, server keys and your own user keys by running
+global config files and server keys by running
    
-   /usr/bin/ssh-config
+   /usr/bin/ssh-host-config
 
-If you are updating your installation you may run the above ssh-config
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+If you are updating your installation you may run the above ssh-host-config
 as well to move your configuration files to the new location and to
 erase the files at the old location.
 
-Be sure to start the new ssh-config when updating!
+To support testing and unattended installation ssh-host-config got
+some options:
 
-Note that this binary archive doesn't contain default config files in /etc.
-That files are only created if ssh-config is started.
+usage: ssh-host-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+
+You can create the private and public keys for a user now by running
+
+  /usr/bin/ssh-user-config
+
+under the users account.
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+    --passphrase -p word   Use "word" as passphrase automatically.
 
 Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
 (results in very slow deamon startup!) or from the command line (recommended


More information about the openssh-unix-dev mailing list