1180750Sdes#!/bin/bash 2180740Sdes# 3295367Sdes# ssh-user-config, Copyright 2000-2014 Red Hat Inc. 4180740Sdes# 5180740Sdes# This file is part of the Cygwin port of OpenSSH. 6197670Sdes# 7197670Sdes# Permission to use, copy, modify, and distribute this software for any 8197670Sdes# purpose with or without fee is hereby granted, provided that the above 9197670Sdes# copyright notice and this permission notice appear in all copies. 10197670Sdes# 11197670Sdes# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12197670Sdes# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 13197670Sdes# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 14197670Sdes# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 15197670Sdes# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16197670Sdes# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR 17197670Sdes# THE USE OR OTHER DEALINGS IN THE SOFTWARE. 18180740Sdes 19180750Sdes# ====================================================================== 20180750Sdes# Initialization 21180750Sdes# ====================================================================== 22180750SdesPROGNAME=$(basename -- $0) 23180750Sdes_tdir=$(dirname -- $0) 24180750SdesPROGDIR=$(cd $_tdir && pwd) 25180750Sdes 26180750SdesCSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh 27180750Sdes 28180750Sdes# Subdirectory where the new package is being installed 29180750SdesPREFIX=/usr 30180750Sdes 31180740Sdes# Directory where the config files are stored 32180740SdesSYSCONFDIR=/etc 33180740Sdes 34180750Sdessource ${CSIH_SCRIPT} 35180750Sdes 36180740Sdesauto_passphrase="no" 37180740Sdespassphrase="" 38180750Sdespwdhome= 39180750Sdeswith_passphrase= 40180740Sdes 41180750Sdes# ====================================================================== 42221377Sdes# Routine: create_identity 43221377Sdes# optionally create identity of type argument in ~/.ssh 44180750Sdes# optionally add result to ~/.ssh/authorized_keys 45180750Sdes# ====================================================================== 46221377Sdescreate_identity() { 47221377Sdes local file="$1" 48221377Sdes local type="$2" 49221377Sdes local name="$3" 50221377Sdes if [ ! -f "${pwdhome}/.ssh/${file}" ] 51180740Sdes then 52221377Sdes if csih_request "Shall I create a ${name} identity file for you?" 53180750Sdes then 54221377Sdes csih_inform "Generating ${pwdhome}/.ssh/${file}" 55180750Sdes if [ "${with_passphrase}" = "yes" ] 56180750Sdes then 57221377Sdes ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null 58180750Sdes else 59221377Sdes ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null 60180750Sdes fi 61180750Sdes if csih_request "Do you want to use this identity to login to this machine?" 62180750Sdes then 63180750Sdes csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" 64221377Sdes cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys" 65180750Sdes fi 66180750Sdes fi 67180750Sdes fi 68180750Sdes} # === End of create_ssh1_identity() === # 69221377Sdesreadonly -f create_identity 70180750Sdes 71180750Sdes# ====================================================================== 72180750Sdes# Routine: check_user_homedir 73180750Sdes# Perform various checks on the user's home directory 74180750Sdes# SETS GLOBAL VARIABLE: 75180750Sdes# pwdhome 76180750Sdes# ====================================================================== 77180750Sdescheck_user_homedir() { 78295367Sdes pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }') 79180750Sdes if [ "X${pwdhome}" = "X" ] 80180750Sdes then 81197670Sdes csih_error_multi \ 82295367Sdes "There is no home directory set for you in the account database." \ 83180750Sdes 'Setting $HOME is not sufficient!' 84180750Sdes fi 85180750Sdes 86180750Sdes if [ ! -d "${pwdhome}" ] 87180750Sdes then 88197670Sdes csih_error_multi \ 89295367Sdes "${pwdhome} is set in the account database as your home directory" \ 90180750Sdes 'but it is not a valid directory. Cannot create user identity files.' 91180750Sdes fi 92180750Sdes 93180750Sdes # If home is the root dir, set home to empty string to avoid error messages 94180750Sdes # in subsequent parts of that script. 95180750Sdes if [ "X${pwdhome}" = "X/" ] 96180750Sdes then 97180750Sdes # But first raise a warning! 98295367Sdes csih_warning "Your home directory in the account database is set to root (/). This is not recommended!" 99180750Sdes if csih_request "Would you like to proceed anyway?" 100180750Sdes then 101180750Sdes pwdhome='' 102180750Sdes else 103180750Sdes csih_warning "Exiting. Configuration is not complete" 104180750Sdes exit 1 105180750Sdes fi 106180750Sdes fi 107180750Sdes 108295367Sdes if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] 109180750Sdes then 110180750Sdes echo 111180750Sdes csih_warning 'group and other have been revoked write permission to your home' 112180750Sdes csih_warning "directory ${pwdhome}." 113180750Sdes csih_warning 'This is required by OpenSSH to allow public key authentication using' 114180750Sdes csih_warning 'the key files stored in your .ssh subdirectory.' 115180750Sdes csih_warning 'Revert this change ONLY if you know what you are doing!' 116180750Sdes echo 117180750Sdes fi 118180750Sdes} # === End of check_user_homedir() === # 119180750Sdesreadonly -f check_user_homedir 120180750Sdes 121180750Sdes# ====================================================================== 122180750Sdes# Routine: check_user_dot_ssh_dir 123180750Sdes# Perform various checks on the ~/.ssh directory 124180750Sdes# PREREQUISITE: 125180750Sdes# pwdhome -- check_user_homedir() 126180750Sdes# ====================================================================== 127180750Sdescheck_user_dot_ssh_dir() { 128180750Sdes if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] 129180750Sdes then 130180750Sdes csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." 131180750Sdes fi 132180750Sdes 133180750Sdes if [ ! -e "${pwdhome}/.ssh" ] 134180750Sdes then 135180750Sdes mkdir "${pwdhome}/.ssh" 136180750Sdes if [ ! -e "${pwdhome}/.ssh" ] 137180750Sdes then 138180750Sdes csih_error "Creating users ${pwdhome}/.ssh directory failed" 139180750Sdes fi 140180750Sdes fi 141180750Sdes} # === End of check_user_dot_ssh_dir() === # 142180750Sdesreadonly -f check_user_dot_ssh_dir 143180750Sdes 144180750Sdes# ====================================================================== 145180750Sdes# Routine: fix_authorized_keys_perms 146180750Sdes# Corrects the permissions of ~/.ssh/authorized_keys 147180750Sdes# PREREQUISITE: 148180750Sdes# pwdhome -- check_user_homedir() 149180750Sdes# ====================================================================== 150180750Sdesfix_authorized_keys_perms() { 151295367Sdes if [ -e "${pwdhome}/.ssh/authorized_keys" ] 152180750Sdes then 153295367Sdes setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n 154295367Sdes if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys" 155180750Sdes then 156180750Sdes csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" 157180750Sdes csih_warning "failed. Please care for the correct permissions. The minimum requirement" 158180750Sdes csih_warning "is, the owner needs read permissions." 159180750Sdes echo 160180750Sdes fi 161180750Sdes fi 162180750Sdes} # === End of fix_authorized_keys_perms() === # 163180750Sdesreadonly -f fix_authorized_keys_perms 164180750Sdes 165180750Sdes 166180750Sdes# ====================================================================== 167180750Sdes# Main Entry Point 168180750Sdes# ====================================================================== 169180750Sdes 170180750Sdes# Check how the script has been started. If 171180750Sdes# (1) it has been started by giving the full path and 172180750Sdes# that path is /etc/postinstall, OR 173180750Sdes# (2) Otherwise, if the environment variable 174180750Sdes# SSH_USER_CONFIG_AUTO_ANSWER_NO is set 175180750Sdes# then set auto_answer to "no". This allows automatic 176180750Sdes# creation of the config files in /etc w/o overwriting 177180750Sdes# them if they already exist. In both cases, color 178180750Sdes# escape sequences are suppressed, so as to prevent 179180750Sdes# cluttering setup's logfiles. 180180750Sdesif [ "$PROGDIR" = "/etc/postinstall" ] 181180740Sdesthen 182180750Sdes csih_auto_answer="no" 183180750Sdes csih_disable_color 184180740Sdesfi 185180750Sdesif [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] 186180750Sdesthen 187180750Sdes csih_auto_answer="no" 188180750Sdes csih_disable_color 189180750Sdesfi 190180740Sdes 191180750Sdes# ====================================================================== 192180750Sdes# Parse options 193180750Sdes# ====================================================================== 194180740Sdeswhile : 195180740Sdesdo 196180740Sdes case $# in 197180740Sdes 0) 198180740Sdes break 199180740Sdes ;; 200180740Sdes esac 201180740Sdes 202180740Sdes option=$1 203180740Sdes shift 204180740Sdes 205180740Sdes case "$option" in 206180740Sdes -d | --debug ) 207180740Sdes set -x 208180750Sdes csih_trace_on 209180740Sdes ;; 210180740Sdes 211180740Sdes -y | --yes ) 212180750Sdes csih_auto_answer=yes 213180740Sdes ;; 214180740Sdes 215180740Sdes -n | --no ) 216180750Sdes csih_auto_answer=no 217180740Sdes ;; 218180740Sdes 219180740Sdes -p | --passphrase ) 220180740Sdes with_passphrase="yes" 221180740Sdes passphrase=$1 222180740Sdes shift 223180740Sdes ;; 224180740Sdes 225180740Sdes *) 226180750Sdes echo "usage: ${PROGNAME} [OPTION]..." 227180740Sdes echo 228180740Sdes echo "This script creates an OpenSSH user configuration." 229180740Sdes echo 230180740Sdes echo "Options:" 231180740Sdes echo " --debug -d Enable shell's debug output." 232180740Sdes echo " --yes -y Answer all questions with \"yes\" automatically." 233180740Sdes echo " --no -n Answer all questions with \"no\" automatically." 234180740Sdes echo " --passphrase -p word Use \"word\" as passphrase automatically." 235180740Sdes echo 236180740Sdes exit 1 237180740Sdes ;; 238180740Sdes 239180740Sdes esac 240180740Sdesdone 241180740Sdes 242180750Sdes# ====================================================================== 243180750Sdes# Action! 244180750Sdes# ====================================================================== 245180740Sdes 246180750Sdescheck_user_homedir 247180750Sdescheck_user_dot_ssh_dir 248221377Sdescreate_identity id_rsa rsa "SSH2 RSA" 249221377Sdescreate_identity id_dsa dsa "SSH2 DSA" 250221377Sdescreate_identity id_ecdsa ecdsa "SSH2 ECDSA" 251221377Sdescreate_identity identity rsa1 "(deprecated) SSH1 RSA" 252180750Sdesfix_authorized_keys_perms 253180740Sdes 254180750Sdesecho 255180750Sdescsih_inform "Configuration finished. Have fun!" 256180740Sdes 257180740Sdes 258