ssh-user-config revision 180740 
1#!/bin/sh
2#
3# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
4#
5# This file is part of the Cygwin port of OpenSSH.
6
7# Directory where the config files are stored
8SYSCONFDIR=/etc
9
10progname=$0
11auto_answer=""
12auto_passphrase="no"
13passphrase=""
14
15request()
16{
17  if [ "${auto_answer}" = "yes" ]
18  then
19    return 0
20  elif [ "${auto_answer}" = "no" ]
21  then
22    return 1
23  fi
24
25  answer=""
26  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
27  do
28    echo -n "$1 (yes/no) "
29    read answer
30  done
31  if [ "X${answer}" = "Xyes" ]
32  then
33    return 0
34  else
35    return 1
36  fi
37}
38
39# Check if running on NT
40_sys="`uname -a`"
41_nt=`expr "$_sys" : "CYGWIN_NT"`
42# If running on NT, check if running under 2003 Server or later
43if [ $_nt -gt 0 ]
44then
45  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
46fi
47
48# Check options
49
50while :
51do
52  case $# in
53  0)
54    break
55    ;;
56  esac
57
58  option=$1
59  shift
60
61  case "$option" in
62  -d | --debug )
63    set -x
64    ;;
65
66  -y | --yes )
67    auto_answer=yes
68    ;;
69
70  -n | --no )
71    auto_answer=no
72    ;;
73
74  -p | --passphrase )
75    with_passphrase="yes"
76    passphrase=$1
77    shift
78    ;;
79
80  *)
81    echo "usage: ${progname} [OPTION]..."
82    echo
83    echo "This script creates an OpenSSH user configuration."
84    echo
85    echo "Options:"
86    echo "    --debug      -d        Enable shell's debug output."
87    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
88    echo "    --no         -n        Answer all questions with \"no\" automatically."
89    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
90    echo
91    exit 1
92    ;;
93
94  esac
95done
96
97# Ask user if user identity should be generated
98
99if [ ! -f ${SYSCONFDIR}/passwd ]
100then
101  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
102  echo 'first using mkpasswd. Check if it contains an entry for you and'
103  echo 'please care for the home directory in your entry as well.'
104  exit 1
105fi
106
107uid=`id -u`
108pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
109
110if [ "X${pwdhome}" = "X" ]
111then
112  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
113  echo 'Setting $HOME is not sufficient!'
114  exit 1
115fi
116
117if [ ! -d "${pwdhome}" ]
118then
119  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
120  echo 'but it is not a valid directory. Cannot create user identity files.'
121  exit 1
122fi
123
124# If home is the root dir, set home to empty string to avoid error messages
125# in subsequent parts of that script.
126if [ "X${pwdhome}" = "X/" ]
127then
128  # But first raise a warning!
129  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
130  if request "Would you like to proceed anyway?"
131  then
132    pwdhome=''
133  else
134    exit 1
135  fi
136fi
137
138if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
139then
140  echo
141  echo 'WARNING: group and other have been revoked write permission to your home'
142  echo "         directory ${pwdhome}."
143  echo '         This is required by OpenSSH to allow public key authentication using'
144  echo '         the key files stored in your .ssh subdirectory.'
145  echo '         Revert this change ONLY if you know what you are doing!'
146  echo
147fi
148
149if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
150then
151  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
152  exit 1
153fi
154
155if [ ! -e "${pwdhome}/.ssh" ]
156then
157  mkdir "${pwdhome}/.ssh"
158  if [ ! -e "${pwdhome}/.ssh" ]
159  then
160    echo "Creating users ${pwdhome}/.ssh directory failed"
161    exit 1
162  fi
163fi
164
165if [ $_nt -gt 0 ]
166then
167  _user="system"
168  if [ $_nt2003 -gt 0 ]
169  then
170    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
171  fi
172  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
173  then
174    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
175    echo "Please try to solve this problem first."
176    exit 1
177  fi
178fi
179
180if [ ! -f "${pwdhome}/.ssh/identity" ]
181then
182  if request "Shall I create an SSH1 RSA identity file for you?"
183  then
184    echo "Generating ${pwdhome}/.ssh/identity"
185    if [ "${with_passphrase}" = "yes" ]
186    then
187      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
188    else
189      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
190    fi
191    if request "Do you want to use this identity to login to this machine?"
192    then
193      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
194      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
195    fi
196  fi
197fi
198
199if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
200then
201  if request "Shall I create an SSH2 RSA identity file for you?"
202  then
203    echo "Generating ${pwdhome}/.ssh/id_rsa"
204    if [ "${with_passphrase}" = "yes" ]
205    then
206      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
207    else
208      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
209    fi
210    if request "Do you want to use this identity to login to this machine?"
211    then
212      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
213      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
214    fi
215  fi
216fi
217
218if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
219then
220  if request "Shall I create an SSH2 DSA identity file for you?"
221  then
222    echo "Generating ${pwdhome}/.ssh/id_dsa"
223    if [ "${with_passphrase}" = "yes" ]
224    then
225      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
226    else
227      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
228    fi
229    if request "Do you want to use this identity to login to this machine?"
230    then
231      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
232      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
233    fi
234  fi
235fi
236
237if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
238then
239  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
240  then
241    echo
242    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
243    echo "failed.  Please care for the correct permissions.  The minimum requirement"
244    echo "is, the owner and ${_user} both need read permissions."
245    echo
246  fi
247fi
248
249echo
250echo "Configuration finished. Have fun!"
251