📄 ssh-host-config
字号:
#!/bin/sh## ssh-host-config, Copyright 2000, Red Hat Inc.## This file is part of the Cygwin port of OpenSSH.# Subdirectory where the new package is being installedPREFIX=/usr# Directory where the config files are storedSYSCONFDIR=/etc# Subdirectory where an old package might be installedOLDPREFIX=/usr/localOLDSYSCONFDIR=${OLDPREFIX}/etcprogname=$0auto_answer=""port_number=22request(){ if [ "${auto_answer}" = "yes" ] then return 0 elif [ "${auto_answer}" = "no" ] then return 1 fi answer="" while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] do echo -n "$1 (yes/no) " read answer done if [ "X${answer}" = "Xyes" ] then return 0 else return 1 fi}# Check optionswhile :do case $# in 0) break ;; esac option=$1 shift case "$option" in -d | --debug ) set -x ;; -y | --yes ) auto_answer=yes ;; -n | --no ) auto_answer=no ;; -p | --port ) port_number=$1 shift ;; *) echo "usage: ${progname} [OPTION]..." echo echo "This script creates an OpenSSH host configuration." echo echo "Options:" echo " --debug -d Enable shell's debug output." echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo " --port -p <n> sshd listens on port n." echo exit 1 ;; esacdone# Check for running ssh/sshd processes first. Refuse to do anything while# some ssh processes are still runningif ps -ef | grep -v grep | grep -q sshthen echo echo "There are still ssh processes running. Please shut them down first." echo #exit 1fi# Check for ${SYSCONFDIR} directoryif [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]then echo echo "${SYSCONFDIR} is existant but not a directory." echo "Cannot create global configuration files." echo exit 1fi# Create it if necessaryif [ ! -e "${SYSCONFDIR}" ]then mkdir "${SYSCONFDIR}" if [ ! -e "${SYSCONFDIR}" ] then echo echo "Creating ${SYSCONFDIR} directory failed" echo exit 1 fifi# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't# the same as ${PREFIX}old_install=0if [ "${OLDPREFIX}" != "${PREFIX}" ]then if [ -f "${OLDPREFIX}/sbin/sshd" ] then echo echo "You seem to have an older installation in ${OLDPREFIX}." echo # Check if old global configuration files exist if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] then if request "Do you want to copy your config files to your new installation?" then cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} fi fi if request "Do you want to erase your old installation?" then rm -f ${OLDPREFIX}/bin/ssh.exe rm -f ${OLDPREFIX}/bin/ssh-config rm -f ${OLDPREFIX}/bin/scp.exe rm -f ${OLDPREFIX}/bin/ssh-add.exe rm -f ${OLDPREFIX}/bin/ssh-agent.exe rm -f ${OLDPREFIX}/bin/ssh-keygen.exe rm -f ${OLDPREFIX}/bin/slogin rm -f ${OLDSYSCONFDIR}/ssh_host_key rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub rm -f ${OLDSYSCONFDIR}/ssh_config rm -f ${OLDSYSCONFDIR}/sshd_config rm -f ${OLDPREFIX}/man/man1/ssh.1 rm -f ${OLDPREFIX}/man/man1/scp.1 rm -f ${OLDPREFIX}/man/man1/ssh-add.1 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 rm -f ${OLDPREFIX}/man/man1/slogin.1 rm -f ${OLDPREFIX}/man/man8/sshd.8 rm -f ${OLDPREFIX}/sbin/sshd.exe rm -f ${OLDPREFIX}/sbin/sftp-server.exe fi old_install=1 fifi# First generate host keys if not already existingif [ ! -f "${SYSCONFDIR}/ssh_host_key" ]then echo "Generating ${SYSCONFDIR}/ssh_host_key" ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/nullfiif [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]then echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/nullfiif [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]then echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/nullfi# Check if ssh_config exists. If yes, ask for overwritingif [ -f "${SYSCONFDIR}/ssh_config" ]then if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" then rm -f "${SYSCONFDIR}/ssh_config" if [ -f "${SYSCONFDIR}/ssh_config" ] then echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." fi fifi# Create default ssh_config from here scriptif [ ! -f "${SYSCONFDIR}/ssh_config" ]then echo "Generating ${SYSCONFDIR}/ssh_config file" cat > ${SYSCONFDIR}/ssh_config << EOF# This is ssh client systemwide configuration file. This file provides # defaults for users, and the values can be changed in per-user configuration# files or on the command line.# Configuration data is parsed as follows:# 1. command line options# 2. user-specific file# 3. system-wide file# Any configuration value is only changed the first time it is set.# Thus, host-specific definitions should be at the beginning of the# configuration file, and defaults at the end.# Site-wide defaults for various options# Host *# ForwardAgent no# ForwardX11 no# RhostsAuthentication no# RhostsRSAAuthentication yes# RSAAuthentication yes# PasswordAuthentication yes# FallBackToRsh no# UseRsh no# BatchMode no# CheckHostIP yes# StrictHostKeyChecking yes# IdentityFile ~/.ssh/identity# IdentityFile ~/.ssh/id_dsa# IdentityFile ~/.ssh/id_rsa# Port 22# Protocol 2,1# Cipher blowfish# EscapeChar ~EOF if [ "$port_number" != "22" ] then echo "Host localhost" >> ${SYSCONFDIR}/ssh_config echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config fifi# Check if sshd_config exists. If yes, ask for overwritingif [ -f "${SYSCONFDIR}/sshd_config" ]then if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" then rm -f "${SYSCONFDIR}/sshd_config" if [ -f "${SYSCONFDIR}/sshd_config" ] then echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." fi fifi# Create default sshd_config from here scriptif [ ! -f "${SYSCONFDIR}/sshd_config" ]then echo "Generating ${SYSCONFDIR}/sshd_config file" cat > ${SYSCONFDIR}/sshd_config << EOF# This is the sshd server system-wide configuration file. See sshd(8)# for more information.Port $port_number#Protocol 2,1#ListenAddress 0.0.0.0#ListenAddress ::# HostKey for protocol version 1HostKey /etc/ssh_host_key# HostKeys for protocol version 2HostKey /etc/ssh_host_rsa_keyHostKey /etc/ssh_host_dsa_key# Lifetime and size of ephemeral version 1 server keKeyRegenerationInterval 3600ServerKeyBits 768# LoggingSyslogFacility AUTHLogLevel INFO#obsoletes QuietMode and FascistLogging# Authentication:LoginGraceTime 600PermitRootLogin yes# The following setting overrides permission checks on host key files# and directories. For security reasons set this to "yes" when running# NT/W2K, NTFS and CYGWIN=ntsec.StrictModes noRSAAuthentication yesPubkeyAuthentication yes#AuthorizedKeysFile %h/.ssh/authorized_keys# rhosts authentication should not be usedRhostsAuthentication no# Don't read ~/.rhosts and ~/.shosts filesIgnoreRhosts yes# For this to work you will also need host keys in /etc/ssh_known_hostsRhostsRSAAuthentication no# similar for protocol version 2HostbasedAuthentication no# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication#IgnoreUserKnownHosts yes# To disable tunneled clear text passwords, change to no here!PasswordAuthentication yesPermitEmptyPasswords noX11Forwarding noX11DisplayOffset 10PrintMotd yes#PrintLastLog noKeepAlive yes#UseLogin no#MaxStartups 10:30:60#Banner /etc/issue.net#ReverseMappingCheck yesSubsystem sftp /usr/sbin/sftp-serverEOFfi# Care for services file_sys="`uname -a`"_nt=`expr "$_sys" : "CYGWIN_NT"`if [ $_nt -gt 0 ]then _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"else _wservices="${WINDIR}\\SERVICES" _wserv_tmp="${WINDIR}\\SERV.$$"fi_services=`cygpath -u "${_wservices}"`_serv_tmp=`cygpath -u "${_wserv_tmp}"`mount -t -f "${_wservices}" "${_services}"mount -t -f "${_wserv_tmp}" "${_serv_tmp}"# Remove sshd 22/port from servicesif [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]then grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" if [ -f "${_serv_tmp}" ] then if mv "${_serv_tmp}" "${_services}" then echo "Removing sshd from ${_services}" else echo "Removing sshd from ${_services} failed\!" fi rm -f "${_serv_tmp}" else echo "Removing sshd from ${_services} failed\!" fifi# Add ssh 22/tcp and ssh 22/udp to servicesif [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]then awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" if [ -f "${_serv_tmp}" ] then if mv "${_serv_tmp}" "${_services}" then echo "Added ssh to ${_services}" else echo "Adding ssh to ${_services} failed\!" fi rm -f "${_serv_tmp}" else echo "Adding ssh to ${_services} failed\!" fifiumount "${_services}"umount "${_serv_tmp}"# Care for inetd.conf file_inetcnf="/etc/inetd.conf"_inetcnf_tmp="/etc/inetd.conf.$$"if [ -f "${_inetcnf}" ]then # Check if ssh service is already in use as sshd with_comment=1 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0 # Remove sshd line from inetd.conf if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] then grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" if [ -f "${_inetcnf_tmp}" ] then if mv "${_inetcnf_tmp}" "${_inetcnf}" then echo "Removed sshd from ${_inetcnf}" else echo "Removing sshd from ${_inetcnf} failed\!" fi rm -f "${_inetcnf_tmp}" else echo "Removing sshd from ${_inetcnf} failed\!" fi fi # Add ssh line to inetd.conf if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] then if [ "${with_comment}" -eq 0 ] then echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" else echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" fi echo "Added ssh to ${_inetcnf}" fifi# Create /var/log and /var/log/lastlog if not already existingif [ -f /var/log ]then echo "Creating /var/log failed\!"else if [ ! -d /var/log ] then mkdir /var/log fi if [ -d /var/log/lastlog ] then echo "Creating /var/log/lastlog failed\!" elif [ ! -f /var/log/lastlog ] then cat /dev/null > /var/log/lastlog fifi# On NT ask if sshd should be installed as serviceif [ $_nt -gt 0 ]then echo echo "Do you want to install sshd as service?" if request "(Say \"no\" if it's already installed as service)" then echo echo "Which value should the environment variable CYGWIN have when" echo "sshd starts? It's recommended to set at least \"ntsec\" to be" echo "able to change user context without password." echo -n "Default is \"binmode ntsec tty\". CYGWIN=" read _cygwin [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" then chown system /etc/ssh* echo echo "The service has been installed under LocalSystem account." fi fifiif [ "${old_install}" = "1" ]then echo echo "Note: If you have used sshd as service or from inetd, don't forget to" echo " change the path to sshd.exe in the service entry or in inetd.conf."fiechoecho "Host configuration finished. Have fun!"⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -