11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#!/bin/bash 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ssh-user-config, Copyright 2000-2008 Red Hat Inc. 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# This file is part of the Cygwin port of OpenSSH. 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Permission to use, copy, modify, and distribute this software for any 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# purpose with or without fee is hereby granted, provided that the above 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# copyright notice and this permission notice appear in all copies. 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# THE USE OR OTHER DEALINGS IN THE SOFTWARE. 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Initialization 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPROGNAME=$(basename -- $0) 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood_tdir=$(dirname -- $0) 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPROGDIR=$(cd $_tdir && pwd) 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodCSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Subdirectory where the new package is being installed 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPREFIX=/usr 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Directory where the config files are stored 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodSYSCONFDIR=/etc 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsource ${CSIH_SCRIPT} 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodauto_passphrase="no" 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodpassphrase="" 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodpwdhome= 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodwith_passphrase= 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: create_identity 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# optionally create identity of type argument in ~/.ssh 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# optionally add result to ~/.ssh/authorized_keys 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity() { 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood local file="$1" 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood local type="$2" 491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood local name="$3" 501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ ! -f "${pwdhome}/.ssh/${file}" ] 511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if csih_request "Shall I create a ${name} identity file for you?" 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_inform "Generating ${pwdhome}/.ssh/${file}" 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ "${with_passphrase}" = "yes" ] 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if csih_request "Do you want to use this identity to login to this machine?" 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys" 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of create_ssh1_identity() === # 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f create_identity 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: check_user_homedir 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Perform various checks on the user's home directory 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# SETS GLOBAL VARIABLE: 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# pwdhome 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_homedir() { 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood local uid=$(id -u) 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ "X${pwdhome}" = "X" ] 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_error_multi \ 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 'Setting $HOME is not sufficient!' 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ ! -d "${pwdhome}" ] 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_error_multi \ 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 'but it is not a valid directory. Cannot create user identity files.' 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood # If home is the root dir, set home to empty string to avoid error messages 951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood # in subsequent parts of that script. 961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ "X${pwdhome}" = "X/" ] 971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood # But first raise a warning! 991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" 1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if csih_request "Would you like to proceed anyway?" 1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdhome='' 1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "Exiting. Configuration is not complete" 1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit 1 1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] 1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning 'group and other have been revoked write permission to your home' 1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "directory ${pwdhome}." 1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning 'This is required by OpenSSH to allow public key authentication using' 1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning 'the key files stored in your .ssh subdirectory.' 1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning 'Revert this change ONLY if you know what you are doing!' 1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of check_user_homedir() === # 1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f check_user_homedir 1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: check_user_dot_ssh_dir 1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Perform various checks on the ~/.ssh directory 1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# PREREQUISITE: 1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# pwdhome -- check_user_homedir() 1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_dot_ssh_dir() { 1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] 1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." 1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ ! -e "${pwdhome}/.ssh" ] 1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood mkdir "${pwdhome}/.ssh" 1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ ! -e "${pwdhome}/.ssh" ] 1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_error "Creating users ${pwdhome}/.ssh directory failed" 1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of check_user_dot_ssh_dir() === # 1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f check_user_dot_ssh_dir 1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: fix_authorized_keys_perms 1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Corrects the permissions of ~/.ssh/authorized_keys 1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# PREREQUISITE: 1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# pwdhome -- check_user_homedir() 1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfix_authorized_keys_perms() { 1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] 1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" 1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood then 1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" 1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "failed. Please care for the correct permissions. The minimum requirement" 1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_warning "is, the owner needs read permissions." 1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fi 1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of fix_authorized_keys_perms() === # 1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f fix_authorized_keys_perms 1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Main Entry Point 1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Check how the script has been started. If 1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# (1) it has been started by giving the full path and 1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# that path is /etc/postinstall, OR 1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# (2) Otherwise, if the environment variable 1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# SSH_USER_CONFIG_AUTO_ANSWER_NO is set 1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# then set auto_answer to "no". This allows automatic 1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# creation of the config files in /etc w/o overwriting 1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# them if they already exist. In both cases, color 1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# escape sequences are suppressed, so as to prevent 1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# cluttering setup's logfiles. 1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ "$PROGDIR" = "/etc/postinstall" ] 1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen 1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_auto_answer="no" 1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_disable_color 1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi 1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] 1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen 1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_auto_answer="no" 1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_disable_color 1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi 1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Parse options 1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodwhile : 1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddo 1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case $# in 1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 0) 1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break 1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood esac 2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood option=$1 2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood shift 2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case "$option" in 2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood -d | --debug ) 2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood set -x 2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_trace_on 2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood -y | --yes ) 2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_auto_answer=yes 2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood -n | --no ) 2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_auto_answer=no 2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood -p | --passphrase ) 2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood with_passphrase="yes" 2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood passphrase=$1 2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood shift 2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood --privileged ) 2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_FORCE_PRIVILEGED_USER=yes 2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *) 2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo "usage: ${PROGNAME} [OPTION]..." 2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo "This script creates an OpenSSH user configuration." 2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo "Options:" 2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " --debug -d Enable shell's debug output." 2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " --yes -y Answer all questions with \"yes\" automatically." 2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " --no -n Answer all questions with \"no\" automatically." 2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " --passphrase -p word Use \"word\" as passphrase automatically." 2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " --privileged On Windows NT/2k/XP, assume privileged user" 2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo " instead of LocalSystem for sshd service." 2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood echo 2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit 1 2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ;; 2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood esac 2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddone 2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Action! 2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ====================================================================== 2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Check passwd file 2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ ! -f ${SYSCONFDIR}/passwd ] 2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen 2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood csih_error_multi \ 2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ 2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 'first using mkpasswd. Check if it contains an entry for you and' \ 2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 'please care for the home directory in your entry as well.' 2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi 2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_homedir 2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_dot_ssh_dir 2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_rsa rsa "SSH2 RSA" 2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_dsa dsa "SSH2 DSA" 2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_ecdsa ecdsa "SSH2 ECDSA" 2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity identity rsa1 "(deprecated) SSH1 RSA" 2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfix_authorized_keys_perms 2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodecho 2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcsih_inform "Configuration finished. Have fun!" 2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 273