[PATCH]: Change Cygwin contrib files to better support PrivSep
Corinna Vinschen
vinschen at redhat.com
Wed Jul 3 22:27:17 EST 2002
Hi,
the following patch patches the files in contrib/cygwin. The changes
are necessary to allow a better support of privilege separation.
On NT machines the script asks now if it should create a user called
"sshd" and all that. Additionally it creates the /etc/ssh_config
and /etc/sshd_config files follows the latest versions.
Would you mind to apply this to the official OpenSSH repository?
Thanks,
Corinna
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
-------------- next part --------------
Index: contrib/cygwin/README
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/README,v
retrieving revision 1.9
diff -u -p -r1.9 README
--- contrib/cygwin/README 30 Apr 2002 03:53:13 -0000 1.9
+++ contrib/cygwin/README 3 Jul 2002 12:29:16 -0000
@@ -1,6 +1,30 @@
This package is the actual port of OpenSSH to Cygwin 1.3.
===========================================================================
+Important change since 3.4p1-2:
+
+This version adds privilege separation as default setting, see
+/usr/doc/openssh/README.privsep. According to that document the
+privsep feature requires a non-privileged account called 'sshd'.
+
+The new ssh-host-config file which is part of this version asks
+to create 'sshd' as local user if you want to use privilege
+separation. If you confirm, it creates that NT user and adds
+the necessary entry to /etc/passwd.
+
+On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
+since that feature doesn't make any sense on a system which doesn't
+differ between privileged and unprivileged users.
+
+The new ssh-host-config script also adds the /var/empty directory
+needed by privilege separation. When creating the /var/empty directory
+by yourself, please note that in contrast to the README.privsep document
+the owner sshould not be "root" but the user which is running sshd. So,
+in the standard configuration this is SYSTEM. The ssh-host-config script
+chowns /var/empty accordingly.
+===========================================================================
+
+===========================================================================
Important change since 3.0.1p1-2:
This version introduces the ability to register sshd as service on
Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.5
diff -u -p -r1.5 ssh-host-config
--- contrib/cygwin/ssh-host-config 12 Apr 2002 17:44:14 -0000 1.5
+++ contrib/cygwin/ssh-host-config 3 Jul 2002 12:29:16 -0000
@@ -18,6 +18,11 @@ progname=$0
auto_answer=""
port_number=22
+privsep_configured=no
+privsep_used=yes
+sshd_in_passwd=no
+sshd_in_sam=no
+
request()
{
if [ "${auto_answer}" = "yes" ]
@@ -90,6 +95,10 @@ do
esac
done
+# Check if running on NT
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
@@ -126,6 +135,38 @@ then
fi
fi
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+ echo "Creating /var/log failed\!"
+else
+ if [ ! -d /var/log ]
+ then
+ mkdir -p /var/log
+ fi
+ if [ -d /var/log/lastlog ]
+ then
+ echo "Creating /var/log/lastlog failed\!"
+ elif [ ! -f /var/log/lastlog ]
+ then
+ cat /dev/null > /var/log/lastlog
+ fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+if [ -f /var/empty ]
+then
+ echo "Creating /var/empty failed\!"
+else
+ mkdir -p /var/empty
+ # On NT change ownership of that dir to user "system"
+ if [ $_nt -gt 0 ]
+ then
+ chown system.system /var/empty
+ fi
+fi
+
# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}
@@ -219,9 +260,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Generating ${SYSCONFDIR}/ssh_config file"
cat > ${SYSCONFDIR}/ssh_config << EOF
-# This is ssh client systemwide configuration file. This file provides
-# defaults for users, and the values can be changed in per-user configuration
-# files or on the command line.
+# This is the ssh client system-wide configuration file. See
+# ssh_config(5) for more information. This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
@@ -237,20 +279,19 @@ then
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
-# RhostsRSAAuthentication yes
+# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
-# FallBackToRsh no
-# UseRsh no
# BatchMode no
# CheckHostIP yes
-# StrictHostKeyChecking yes
+# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
# Protocol 2,1
-# Cipher blowfish
+# Cipher 3des
+# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
EOF
if [ "$port_number" != "22" ]
@@ -271,17 +312,75 @@ then
then
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
fi
+ else
+ grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
fi
fi
-# Create default sshd_config from here script
+# Prior to creating or modifying sshd_config, care for privilege separation
+
+if [ "$privsep_configured" != "yes" ]
+then
+ if [ $_nt -gt 0 ]
+ then
+ echo "Privilege separation is set to yes by default since OpenSSH 3.3."
+ echo "However, this requires a non-privileged account called 'sshd'."
+ echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
+ echo
+ if request "Shall privilege separation be used?"
+ then
+ privsep_used=yes
+ grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
+ net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
+ if [ "$sshd_in_passwd" != "yes" ]
+ then
+ if [ "$sshd_in_sam" != "yes" ]
+ then
+ echo "Warning: The following function requires administrator privileges!"
+ if request "Shall this script create a local user 'sshd' on this machine?"
+ then
+ dos_var_empty=`cygpath -w /var/empty`
+ net user sshd /add /fullname:"sshd privsep" "/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 && sshd_in_sam=yes
+ if [ "$sshd_in_sam" != "yes" ]
+ then
+ echo "Warning: Creating the user 'sshd' failed!"
+ fi
+ fi
+ fi
+ if [ "$sshd_in_sam" != "yes" ]
+ then
+ echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
+ echo " Privilege separation set to 'no' again!"
+ echo " Check your ${SYSCONFDIR}/sshd_config file!"
+ privsep_used=no
+ else
+ mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd
+ fi
+ fi
+ else
+ privsep_used=no
+ fi
+ else
+ # On 9x don't use privilege separation. Since security isn't
+ # available it just adds useless addtional processes.
+ privsep_used=no
+ fi
+fi
+
+# Create default sshd_config from here script or modify to add the
+# missing privsep configuration option
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Generating ${SYSCONFDIR}/sshd_config file"
cat > ${SYSCONFDIR}/sshd_config << EOF
-# This is the sshd server system-wide configuration file. See sshd(8)
-# for more information.
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options change a
+# default value.
Port $port_number
#Protocol 2,1
@@ -289,66 +388,77 @@ Port $port_number
#ListenAddress ::
# HostKey for protocol version 1
-HostKey /etc/ssh_host_key
+#HostKey ${SYSCONFDIR}/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server ke
-KeyRegenerationInterval 3600
-ServerKeyBits 768
+#KeyRegenerationInterval 3600
+#ServerKeyBits 768
# Logging
-SyslogFacility AUTH
-LogLevel INFO
#obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
# Authentication:
-LoginGraceTime 600
-PermitRootLogin yes
+#LoginGraceTime 600
+#PermitRootLogin yes
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
# NT/W2K, NTFS and CYGWIN=ntsec.
StrictModes no
-RSAAuthentication yes
-PubkeyAuthentication yes
+#RSAAuthentication yes
+#PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used
-RhostsAuthentication no
+#RhostsAuthentication no
# Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
+#IgnoreRhosts yes
+# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
+#RhostsRSAAuthentication no
# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication yes
-PermitEmptyPasswords no
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
-X11Forwarding no
-X11DisplayOffset 10
-PrintMotd yes
-#PrintLastLog no
-KeepAlive yes
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#KeepAlive yes
#UseLogin no
+UsePrivilegeSeparation $privsep_used
+#Compression yes
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-#ReverseMappingCheck yes
+#MaxStartups 10
+# no default banner path
+#Banner /some/path
+#VerifyReverseMapping no
+# override default of no subsystems
Subsystem sftp /usr/sbin/sftp-server
EOF
+elif [ "$privsep_configured" != "yes" ]
+then
+ echo >> ${SYSCONFDIR}/sshd_config
+ echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
fi
# Care for services file
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
@@ -403,8 +513,8 @@ umount "${_services}"
umount "${_serv_tmp}"
# Care for inetd.conf file
-_inetcnf="/etc/inetd.conf"
-_inetcnf_tmp="/etc/inetd.conf.$$"
+_inetcnf="${SYSCONFDIR}/inetd.conf"
+_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
if [ -f "${_inetcnf}" ]
then
@@ -442,25 +552,6 @@ then
fi
fi
-# Create /var/log and /var/log/lastlog if not already existing
-
-if [ -f /var/log ]
-then
- echo "Creating /var/log failed\!"
-else
- if [ ! -d /var/log ]
- then
- mkdir /var/log
- fi
- if [ -d /var/log/lastlog ]
- then
- echo "Creating /var/log/lastlog failed\!"
- elif [ ! -f /var/log/lastlog ]
- then
- cat /dev/null > /var/log/lastlog
- fi
-fi
-
# On NT ask if sshd should be installed as service
if [ $_nt -gt 0 ]
then
@@ -477,7 +568,7 @@ then
[ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
then
- chown system /etc/ssh*
+ chown system /${SYSCONFDIR}/ssh*
echo
echo "The service has been installed under LocalSystem account."
fi
More information about the openssh-unix-dev
mailing list