mirror of git://anongit.mindrot.org/openssh.git
251 lines
6.1 KiB
Bash
251 lines
6.1 KiB
Bash
#!/bin/sh
|
|
#
|
|
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
|
|
#
|
|
# This file is part of the Cygwin port of OpenSSH.
|
|
|
|
# Directory where the config files are stored
|
|
SYSCONFDIR=/etc
|
|
|
|
progname=$0
|
|
auto_answer=""
|
|
auto_passphrase="no"
|
|
passphrase=""
|
|
|
|
request()
|
|
{
|
|
if [ "${auto_answer}" = "yes" ]
|
|
then
|
|
return 0
|
|
elif [ "${auto_answer}" = "no" ]
|
|
then
|
|
return 1
|
|
fi
|
|
|
|
answer=""
|
|
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
|
|
do
|
|
echo -n "$1 (yes/no) "
|
|
read answer
|
|
done
|
|
if [ "X${answer}" = "Xyes" ]
|
|
then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Check if running on NT
|
|
_sys="`uname -a`"
|
|
_nt=`expr "$_sys" : "CYGWIN_NT"`
|
|
# If running on NT, check if running under 2003 Server or later
|
|
if [ $_nt -gt 0 ]
|
|
then
|
|
_nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
|
|
fi
|
|
|
|
# Check options
|
|
|
|
while :
|
|
do
|
|
case $# in
|
|
0)
|
|
break
|
|
;;
|
|
esac
|
|
|
|
option=$1
|
|
shift
|
|
|
|
case "$option" in
|
|
-d | --debug )
|
|
set -x
|
|
;;
|
|
|
|
-y | --yes )
|
|
auto_answer=yes
|
|
;;
|
|
|
|
-n | --no )
|
|
auto_answer=no
|
|
;;
|
|
|
|
-p | --passphrase )
|
|
with_passphrase="yes"
|
|
passphrase=$1
|
|
shift
|
|
;;
|
|
|
|
*)
|
|
echo "usage: ${progname} [OPTION]..."
|
|
echo
|
|
echo "This script creates an OpenSSH user configuration."
|
|
echo
|
|
echo "Options:"
|
|
echo " --debug -d Enable shell's debug output."
|
|
echo " --yes -y Answer all questions with \"yes\" automatically."
|
|
echo " --no -n Answer all questions with \"no\" automatically."
|
|
echo " --passphrase -p word Use \"word\" as passphrase automatically."
|
|
echo
|
|
exit 1
|
|
;;
|
|
|
|
esac
|
|
done
|
|
|
|
# Ask user if user identity should be generated
|
|
|
|
if [ ! -f ${SYSCONFDIR}/passwd ]
|
|
then
|
|
echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
|
|
echo 'first using mkpasswd. Check if it contains an entry for you and'
|
|
echo 'please care for the home directory in your entry as well.'
|
|
exit 1
|
|
fi
|
|
|
|
uid=`id -u`
|
|
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
|
|
|
|
if [ "X${pwdhome}" = "X" ]
|
|
then
|
|
echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
|
|
echo 'Setting $HOME is not sufficient!'
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -d "${pwdhome}" ]
|
|
then
|
|
echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
|
|
echo 'but it is not a valid directory. Cannot create user identity files.'
|
|
exit 1
|
|
fi
|
|
|
|
# If home is the root dir, set home to empty string to avoid error messages
|
|
# in subsequent parts of that script.
|
|
if [ "X${pwdhome}" = "X/" ]
|
|
then
|
|
# But first raise a warning!
|
|
echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
|
|
if request "Would you like to proceed anyway?"
|
|
then
|
|
pwdhome=''
|
|
else
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
|
|
then
|
|
echo
|
|
echo 'WARNING: group and other have been revoked write permission to your home'
|
|
echo " directory ${pwdhome}."
|
|
echo ' This is required by OpenSSH to allow public key authentication using'
|
|
echo ' the key files stored in your .ssh subdirectory.'
|
|
echo ' Revert this change ONLY if you know what you are doing!'
|
|
echo
|
|
fi
|
|
|
|
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
|
|
then
|
|
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -e "${pwdhome}/.ssh" ]
|
|
then
|
|
mkdir "${pwdhome}/.ssh"
|
|
if [ ! -e "${pwdhome}/.ssh" ]
|
|
then
|
|
echo "Creating users ${pwdhome}/.ssh directory failed"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ $_nt -gt 0 ]
|
|
then
|
|
_user="system"
|
|
if [ $_nt2003 -gt 0 ]
|
|
then
|
|
grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
|
|
fi
|
|
if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
|
|
then
|
|
echo "${pwdhome}/.ssh couldn't be given the correct permissions."
|
|
echo "Please try to solve this problem first."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f "${pwdhome}/.ssh/identity" ]
|
|
then
|
|
if request "Shall I create an SSH1 RSA identity file for you?"
|
|
then
|
|
echo "Generating ${pwdhome}/.ssh/identity"
|
|
if [ "${with_passphrase}" = "yes" ]
|
|
then
|
|
ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
|
|
else
|
|
ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
|
|
fi
|
|
if request "Do you want to use this identity to login to this machine?"
|
|
then
|
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
|
cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
|
|
then
|
|
if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
|
|
then
|
|
echo "Generating ${pwdhome}/.ssh/id_rsa"
|
|
if [ "${with_passphrase}" = "yes" ]
|
|
then
|
|
ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
|
else
|
|
ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
|
fi
|
|
if request "Do you want to use this identity to login to this machine?"
|
|
then
|
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
|
cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
|
|
then
|
|
if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
|
|
then
|
|
echo "Generating ${pwdhome}/.ssh/id_dsa"
|
|
if [ "${with_passphrase}" = "yes" ]
|
|
then
|
|
ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
|
else
|
|
ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
|
fi
|
|
if request "Do you want to use this identity to login to this machine?"
|
|
then
|
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
|
cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
|
|
then
|
|
if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
|
|
then
|
|
echo
|
|
echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
|
|
echo "failed. Please care for the correct permissions. The minimum requirement"
|
|
echo "is, the owner and ${_user} both need read permissions."
|
|
echo
|
|
fi
|
|
fi
|
|
|
|
echo
|
|
echo "Configuration finished. Have fun!"
|