[PATCH]: Some fixes in contrib/cygwin/ssh-host-config

Corinna Vinschen vinschen at redhat.com
Sun Jul 7 20:00:37 EST 2002 

Hi,

the attached patch changes the ssh-host-config script in the following
way:

- Actually exit if ssh processes are still running.  The "exit 1"
  is commented out for testing purposes and I accidentally left it
  this way when sending the patch to this list :-(

- Create the Windows NT account "sshd" so that it's deactivated.
  So even if the administrator(s) for some reason allow to login
  w/o password, nobody can login to the sshd account.  This is
  e. g. a problem on XP Home machines where login w/o password is
  *gulp* a default setting.

- Create the /etc/passwd entry for "sshd" so that the shell is set
  to /bin/false instead of /bin/bash.


Thanks,
Corinna

Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.7
diff -u -p -r1.7 ssh-host-config
--- contrib/cygwin/ssh-host-config	5 Jul 2002 23:22:32 -0000	1.7
+++ contrib/cygwin/ssh-host-config	7 Jul 2002 09:52:24 -0000
@@ -107,7 +107,7 @@ then
   echo
   echo "There are still ssh processes running. Please shut them down first."
   echo
-  #exit 1
+  exit 1
 fi
 
 # Check for ${SYSCONFDIR} directory
@@ -340,7 +340,7 @@ then
 	  if request "Shall this script create a local user 'sshd' on this machine?"
 	  then
 	    dos_var_empty=`cygpath -w /var/empty`
-	    net user sshd /add /fullname:"sshd privsep" "/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 && sshd_in_sam=yes
+	    net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
 	    if [ "$sshd_in_sam" != "yes" ]
 	    then
 	      echo "Warning: Creating the user 'sshd' failed!"
@@ -354,7 +354,7 @@ then
 	  echo "         Check your ${SYSCONFDIR}/sshd_config file!"
 	  privsep_used=no
 	else
-	  mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd
+	  mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
 	fi
       fi
     else

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

More information about the openssh-unix-dev mailing list