ssh-user-config revision 180750
1#!/bin/bash 2# 3# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. 4# 5# This file is part of the Cygwin port of OpenSSH. 6 7# ====================================================================== 8# Initialization 9# ====================================================================== 10PROGNAME=$(basename -- $0) 11_tdir=$(dirname -- $0) 12PROGDIR=$(cd $_tdir && pwd) 13 14CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh 15 16# Subdirectory where the new package is being installed 17PREFIX=/usr 18 19# Directory where the config files are stored 20SYSCONFDIR=/etc 21 22source ${CSIH_SCRIPT} 23 24auto_passphrase="no" 25passphrase="" 26pwdhome= 27with_passphrase= 28 29# ====================================================================== 30# Routine: create_ssh1_identity 31# optionally create ~/.ssh/identity[.pub] 32# optionally add result to ~/.ssh/authorized_keys 33# ====================================================================== 34create_ssh1_identity() { 35 if [ ! -f "${pwdhome}/.ssh/identity" ] 36 then 37 if csih_request "Shall I create an SSH1 RSA identity file for you?" 38 then 39 csih_inform "Generating ${pwdhome}/.ssh/identity" 40 if [ "${with_passphrase}" = "yes" ] 41 then 42 ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null 43 else 44 ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null 45 fi 46 if csih_request "Do you want to use this identity to login to this machine?" 47 then 48 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" 49 cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" 50 fi 51 fi 52 fi 53} # === End of create_ssh1_identity() === # 54readonly -f create_ssh1_identity 55 56# ====================================================================== 57# Routine: create_ssh2_rsa_identity 58# optionally create ~/.ssh/id_rsa[.pub] 59# optionally add result to ~/.ssh/authorized_keys 60# ====================================================================== 61create_ssh2_rsa_identity() { 62 if [ ! -f "${pwdhome}/.ssh/id_rsa" ] 63 then 64 if csih_request "Shall I create an SSH2 RSA identity file for you?" 65 then 66 csih_inform "Generating ${pwdhome}/.ssh/id_rsa" 67 if [ "${with_passphrase}" = "yes" ] 68 then 69 ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null 70 else 71 ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null 72 fi 73 if csih_request "Do you want to use this identity to login to this machine?" 74 then 75 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" 76 cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" 77 fi 78 fi 79 fi 80} # === End of create_ssh2_rsa_identity() === # 81readonly -f create_ssh2_rsa_identity 82 83# ====================================================================== 84# Routine: create_ssh2_dsa_identity 85# optionally create ~/.ssh/id_dsa[.pub] 86# optionally add result to ~/.ssh/authorized_keys 87# ====================================================================== 88create_ssh2_dsa_identity() { 89 if [ ! -f "${pwdhome}/.ssh/id_dsa" ] 90 then 91 if csih_request "Shall I create an SSH2 DSA identity file for you?" 92 then 93 csih_inform "Generating ${pwdhome}/.ssh/id_dsa" 94 if [ "${with_passphrase}" = "yes" ] 95 then 96 ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null 97 else 98 ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null 99 fi 100 if csih_request "Do you want to use this identity to login to this machine?" 101 then 102 csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" 103 cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" 104 fi 105 fi 106 fi 107} # === End of create_ssh2_dsa_identity() === # 108readonly -f create_ssh2_dsa_identity 109 110# ====================================================================== 111# Routine: check_user_homedir 112# Perform various checks on the user's home directory 113# SETS GLOBAL VARIABLE: 114# pwdhome 115# ====================================================================== 116check_user_homedir() { 117 local uid=$(id -u) 118 pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) 119 if [ "X${pwdhome}" = "X" ] 120 then 121 csih_error_multiline \ 122 "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ 123 'Setting $HOME is not sufficient!' 124 fi 125 126 if [ ! -d "${pwdhome}" ] 127 then 128 csih_error_multiline \ 129 "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ 130 'but it is not a valid directory. Cannot create user identity files.' 131 fi 132 133 # If home is the root dir, set home to empty string to avoid error messages 134 # in subsequent parts of that script. 135 if [ "X${pwdhome}" = "X/" ] 136 then 137 # But first raise a warning! 138 csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" 139 if csih_request "Would you like to proceed anyway?" 140 then 141 pwdhome='' 142 else 143 csih_warning "Exiting. Configuration is not complete" 144 exit 1 145 fi 146 fi 147 148 if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] 149 then 150 echo 151 csih_warning 'group and other have been revoked write permission to your home' 152 csih_warning "directory ${pwdhome}." 153 csih_warning 'This is required by OpenSSH to allow public key authentication using' 154 csih_warning 'the key files stored in your .ssh subdirectory.' 155 csih_warning 'Revert this change ONLY if you know what you are doing!' 156 echo 157 fi 158} # === End of check_user_homedir() === # 159readonly -f check_user_homedir 160 161# ====================================================================== 162# Routine: check_user_dot_ssh_dir 163# Perform various checks on the ~/.ssh directory 164# PREREQUISITE: 165# pwdhome -- check_user_homedir() 166# ====================================================================== 167check_user_dot_ssh_dir() { 168 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] 169 then 170 csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." 171 fi 172 173 if [ ! -e "${pwdhome}/.ssh" ] 174 then 175 mkdir "${pwdhome}/.ssh" 176 if [ ! -e "${pwdhome}/.ssh" ] 177 then 178 csih_error "Creating users ${pwdhome}/.ssh directory failed" 179 fi 180 fi 181} # === End of check_user_dot_ssh_dir() === # 182readonly -f check_user_dot_ssh_dir 183 184# ====================================================================== 185# Routine: fix_authorized_keys_perms 186# Corrects the permissions of ~/.ssh/authorized_keys 187# PREREQUISITE: 188# pwdhome -- check_user_homedir() 189# ====================================================================== 190fix_authorized_keys_perms() { 191 if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] 192 then 193 if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" 194 then 195 csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" 196 csih_warning "failed. Please care for the correct permissions. The minimum requirement" 197 csih_warning "is, the owner needs read permissions." 198 echo 199 fi 200 fi 201} # === End of fix_authorized_keys_perms() === # 202readonly -f fix_authorized_keys_perms 203 204 205# ====================================================================== 206# Main Entry Point 207# ====================================================================== 208 209# Check how the script has been started. If 210# (1) it has been started by giving the full path and 211# that path is /etc/postinstall, OR 212# (2) Otherwise, if the environment variable 213# SSH_USER_CONFIG_AUTO_ANSWER_NO is set 214# then set auto_answer to "no". This allows automatic 215# creation of the config files in /etc w/o overwriting 216# them if they already exist. In both cases, color 217# escape sequences are suppressed, so as to prevent 218# cluttering setup's logfiles. 219if [ "$PROGDIR" = "/etc/postinstall" ] 220then 221 csih_auto_answer="no" 222 csih_disable_color 223fi 224if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] 225then 226 csih_auto_answer="no" 227 csih_disable_color 228fi 229 230# ====================================================================== 231# Parse options 232# ====================================================================== 233while : 234do 235 case $# in 236 0) 237 break 238 ;; 239 esac 240 241 option=$1 242 shift 243 244 case "$option" in 245 -d | --debug ) 246 set -x 247 csih_trace_on 248 ;; 249 250 -y | --yes ) 251 csih_auto_answer=yes 252 ;; 253 254 -n | --no ) 255 csih_auto_answer=no 256 ;; 257 258 -p | --passphrase ) 259 with_passphrase="yes" 260 passphrase=$1 261 shift 262 ;; 263 264 --privileged ) 265 csih_FORCE_PRIVILEGED_USER=yes 266 ;; 267 268 *) 269 echo "usage: ${PROGNAME} [OPTION]..." 270 echo 271 echo "This script creates an OpenSSH user configuration." 272 echo 273 echo "Options:" 274 echo " --debug -d Enable shell's debug output." 275 echo " --yes -y Answer all questions with \"yes\" automatically." 276 echo " --no -n Answer all questions with \"no\" automatically." 277 echo " --passphrase -p word Use \"word\" as passphrase automatically." 278 echo " --privileged On Windows NT/2k/XP, assume privileged user" 279 echo " instead of LocalSystem for sshd service." 280 echo 281 exit 1 282 ;; 283 284 esac 285done 286 287# ====================================================================== 288# Action! 289# ====================================================================== 290 291# Check passwd file 292if [ ! -f ${SYSCONFDIR}/passwd ] 293then 294 csih_error_multiline \ 295 "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ 296 'first using mkpasswd. Check if it contains an entry for you and' \ 297 'please care for the home directory in your entry as well.' 298fi 299 300check_user_homedir 301check_user_dot_ssh_dir 302create_ssh1_identity 303create_ssh2_rsa_identity 304create_ssh2_dsa_identity 305fix_authorized_keys_perms 306 307echo 308csih_inform "Configuration finished. Have fun!" 309 310 311