summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/contrib/cygwin
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2013-09-21 22:24:10 +0000
committerdes <des@FreeBSD.org>2013-09-21 22:24:10 +0000
commitb32fed86db62816ab222f56c1f859a444ac8648b (patch)
treefb81eca65d09d841e542cd6af66ff14c5004dbd8 /crypto/openssh/contrib/cygwin
parenteaecb3d1ae60457bac557fd719cacb819f801159 (diff)
parentff2597d3eebc3da3f7cf2a638607274cad9b199e (diff)
downloadFreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.zip
FreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.tar.gz
Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them. This will make future merges from the vendor tree much easier. Approved by: re (gjb)
Diffstat (limited to 'crypto/openssh/contrib/cygwin')
-rw-r--r--crypto/openssh/contrib/cygwin/Makefile77
-rw-r--r--crypto/openssh/contrib/cygwin/README91
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-host-config758
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-user-config266
-rw-r--r--crypto/openssh/contrib/cygwin/sshd-inetd4
5 files changed, 1196 insertions, 0 deletions
diff --git a/crypto/openssh/contrib/cygwin/Makefile b/crypto/openssh/contrib/cygwin/Makefile
new file mode 100644
index 0000000..a0261f4
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/Makefile
@@ -0,0 +1,77 @@
+srcdir=../..
+copyidsrcdir=..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+mandir=$(datadir)/man
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+inetdefdir=$(defaultsdir)/inetd.d
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+ @echo
+ @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+ @echo "Be sure having DESTDIR set correctly!"
+ @echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+ rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-inetd-config:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir)
+ $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd
+
+install-sshdoc:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+ -$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+ -$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+ -$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+ -$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux
+ -$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+ -$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+ -$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
+ -$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+ -$(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun
+ -$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+
+install-cygwindoc: README
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+ $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+ $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+install-copy-id: $(copyidsrcdir)/ssh-copy-id $(copyidsrcdir)/ssh-copy-id.1
+ $(INSTALL) -m 755 $(copyidsrcdir)/ssh-copy-id $(DESTDIR)$(bindir)/ssh-copy-id
+ $(INSTALL) -m 644 $(copyidsrcdir)/ssh-copy-id.1 $(DESTDIR)$(mandir)/man1/ssh-copy-id.1
+
+gzip-man-pages:
+ rm $(DESTDIR)$(mandir)/man1/slogin.1
+ gzip $(DESTDIR)$(mandir)/man1/*.1
+ gzip $(DESTDIR)$(mandir)/man5/*.5
+ gzip $(DESTDIR)$(mandir)/man8/*.8
+ cd $(DESTDIR)$(mandir)/man1 && ln -s ssh.1.gz slogin.1.gz
+
+cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts install-copy-id gzip-man-pages
+ @echo "Cygwin specific configuration finished."
diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README
new file mode 100644
index 0000000..2562b61
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/README
@@ -0,0 +1,91 @@
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions. Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+==================
+Host configuration
+==================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys, as well as installing sshd as a service, by running
+
+ /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --cygwin -c <options> Use "options" as value for CYGWIN environment var.
+ --port -p <n> sshd listens on port n.
+ --user -u <account> privileged user for service, default 'cyg_server'.
+ --pwd -w <passwd> Use "pwd" as password for privileged user.
+ --privileged On Windows XP, require privileged user
+ instead of LocalSystem for sshd service.
+
+Installing sshd as daemon via ssh-host-config is recommended.
+
+Alternatively you can start sshd via inetd, if you have the inetutils
+package installed. Just run ssh-host-config, but answer "no" when asked
+to install sshd as service. The ssh-host-config script also adds the
+required lines to /etc/inetd.conf and /etc/services.
+
+==================
+User configuration
+==================
+
+Any user can simplify creating the own private and public keys by running
+
+ /usr/bin/ssh-user-config
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --passphrase -p word Use "word" as passphrase automatically.
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+================
+Building OpenSSH
+================
+
+Building from source is easy. Just unpack the source archive, cd to that
+directory, and call cygport:
+
+ cygport openssh.cygport almostall
+
+You must have installed the following packages to be able to build OpenSSH
+with the aforementioned cygport script:
+
+ zlib
+ crypt
+ openssl-devel
+ libwrap-devel
+ libedit-devel
+ libkrb5-devel
+
+Please send requests, error reports etc. to cygwin@cygwin.com.
+
+
+Have fun,
+
+Corinna Vinschen
+Cygwin Developer
+Red Hat Inc.
diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config
new file mode 100644
index 0000000..c542d5c
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-host-config
@@ -0,0 +1,758 @@
+#!/bin/bash
+#
+# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# List of apps used. This is checkad for existance in csih_sanity_check
+# Don't use *any* transient commands before sourcing the csih helper script,
+# otherwise the sanity checks are short-circuited.
+declare -a csih_required_commands=(
+ /usr/bin/basename coreutils
+ /usr/bin/cat coreutils
+ /usr/bin/chmod coreutils
+ /usr/bin/dirname coreutils
+ /usr/bin/id coreutils
+ /usr/bin/mv coreutils
+ /usr/bin/rm coreutils
+ /usr/bin/cygpath cygwin
+ /usr/bin/mount cygwin
+ /usr/bin/ps cygwin
+ /usr/bin/setfacl cygwin
+ /usr/bin/umount cygwin
+ /usr/bin/cmp diffutils
+ /usr/bin/grep grep
+ /usr/bin/awk gawk
+ /usr/bin/ssh-keygen openssh
+ /usr/sbin/sshd openssh
+ /usr/bin/sed sed
+)
+csih_sanity_check_server=yes
+source ${CSIH_SCRIPT}
+
+PROGNAME=$(/usr/bin/basename $0)
+_tdir=$(/usr/bin/dirname $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+LOCALSTATEDIR=/var
+
+port_number=22
+privsep_configured=no
+privsep_used=yes
+cygwin_value=""
+user_account=
+password_value=
+opt_force=no
+
+# ======================================================================
+# Routine: create_host_keys
+# ======================================================================
+create_host_keys() {
+ local ret=0
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
+ if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+ if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+ if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
+ if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of create_host_keys --- #
+
+# ======================================================================
+# Routine: update_services_file
+# ======================================================================
+update_services_file() {
+ local _my_etcdir="/ssh-host-config.$$"
+ local _win_etcdir
+ local _services
+ local _spaces
+ local _serv_tmp
+ local _wservices
+ local ret=0
+
+ _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+ _services="${_my_etcdir}/services"
+ _spaces=" #"
+ _serv_tmp="${_my_etcdir}/srv.out.$$"
+
+ /usr/bin/mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+
+ # Remove sshd 22/port from services
+ if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+ if [ -f "${_serv_tmp}" ]
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Removing sshd from ${_wservices}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh 22/tcp and ssh 22/udp to services
+ if [ `/usr/bin/grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+ then
+ if /usr/bin/awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Added ssh to ${_wservices}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+ /usr/bin/umount "${_my_etcdir}"
+ return $ret
+} # --- End of update_services_file --- #
+
+# ======================================================================
+# Routine: sshd_privsep
+# MODIFIES: privsep_configured privsep_used
+# ======================================================================
+sshd_privsep() {
+ local sshdconfig_tmp
+ local ret=0
+
+ if [ "${privsep_configured}" != "yes" ]
+ then
+ csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3."
+ csih_inform "However, this requires a non-privileged account called 'sshd'."
+ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
+ if csih_request "Should privilege separation be used?"
+ then
+ privsep_used=yes
+ if ! csih_create_unprivileged_user sshd
+ then
+ csih_error_recoverable "Couldn't create user 'sshd'!"
+ csih_error_recoverable "Privilege separation set to 'no' again!"
+ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ privsep_used=no
+ fi
+ else
+ privsep_used=no
+ fi
+ fi
+
+ # Create default sshd_config from skeleton files in /etc/defaults/etc or
+ # modify to add the missing privsep configuration option
+ if /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+ csih_inform "Updating ${SYSCONFDIR}/sshd_config file"
+ sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$
+ /usr/bin/sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+ s/^#Port 22/Port ${port_number}/
+ s/^#StrictModes yes/StrictModes no/" \
+ < ${SYSCONFDIR}/sshd_config \
+ > "${sshdconfig_tmp}"
+ if ! /usr/bin/mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ elif [ "${privsep_configured}" != "yes" ]
+ then
+ echo >> ${SYSCONFDIR}/sshd_config
+ if ! echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of sshd_privsep --- #
+
+# ======================================================================
+# Routine: update_inetd_conf
+# ======================================================================
+update_inetd_conf() {
+ local _inetcnf="${SYSCONFDIR}/inetd.conf"
+ local _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
+ local _inetcnf_dir="${SYSCONFDIR}/inetd.d"
+ local _sshd_inetd_conf="${_inetcnf_dir}/sshd-inetd"
+ local _sshd_inetd_conf_tmp="${_inetcnf_dir}/sshd-inetd.$$"
+ local _with_comment=1
+ local ret=0
+
+ if [ -d "${_inetcnf_dir}" ]
+ then
+ # we have inetutils-1.5 inetd.d support
+ if [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd OR ssh in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed ssh[d] from ${_inetcnf}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+
+ csih_install_config "${_sshd_inetd_conf}" "${SYSCONFDIR}/defaults"
+ if /usr/bin/cmp "${SYSCONFDIR}/defaults${_sshd_inetd_conf}" "${_sshd_inetd_conf}" >/dev/null 2>&1
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ else
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ fi
+ if /usr/bin/mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
+ then
+ csih_inform "Updated ${_sshd_inetd_conf}"
+ else
+ csih_warning "Updating ${_sshd_inetd_conf} failed!"
+ let ++ret
+ fi
+ fi
+
+ elif [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed sshd from ${_inetcnf}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh line to inetd.conf
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ else
+ echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ fi
+ if [ $? -eq 0 ]
+ then
+ csih_inform "Added ssh to ${_inetcnf}"
+ else
+ csih_warning "Adding ssh to ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+ return $ret
+} # --- End of update_inetd_conf --- #
+
+# ======================================================================
+# Routine: check_service_files_ownership
+# Checks that the files in /etc and /var belong to the right owner
+# ======================================================================
+check_service_files_ownership() {
+ local run_service_as=$1
+ local ret=0
+
+ if [ -z "${run_service_as}" ]
+ then
+ accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | /usr/bin/sed -ne 's/^Account *: *//gp')
+ if [ "${accnt_name}" = "LocalSystem" ]
+ then
+ # Convert "LocalSystem" to "SYSTEM" as is the correct account name
+ accnt_name="SYSTEM:"
+ elif [[ "${accnt_name}" =~ ^\.\\ ]]
+ then
+ # Convert "." domain to local machine name
+ accnt_name="U-${COMPUTERNAME}${accnt_name#.},"
+ fi
+ run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}')
+ if [ -z "${run_service_as}" ]
+ then
+ csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
+ csih_warning "As a result, this script cannot make sure that the files used"
+ csih_warning "by the sshd service belong to the user running the service."
+ csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
+ csih_warning "file is in a good shape."
+ return 1
+ fi
+ fi
+ for i in "${SYSCONFDIR}"/ssh_config "${SYSCONFDIR}"/sshd_config "${SYSCONFDIR}"/ssh_host_*key "${SYSCONFDIR}"/ssh_host_*key.pub
+ do
+ if [ -f "$i" ]
+ then
+ if ! chown "${run_service_as}".544 "$i" >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of $i!"
+ let ++ret
+ fi
+ fi
+ done
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/empty!"
+ let ++ret
+ fi
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/lastlog!"
+ let ++ret
+ fi
+ if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+ then
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/sshd.log!"
+ let ++ret
+ fi
+ fi
+ if [ $ret -ne 0 ]
+ then
+ csih_warning "Couldn't change owner of important files to ${run_service_as}!"
+ csih_warning "This may cause the sshd service to fail! Please make sure that"
+ csih_warning "you have suufficient permissions to change the ownership of files"
+ csih_warning "and try to run the ssh-host-config script again."
+ fi
+ return $ret
+} # --- End of check_service_files_ownership --- #
+
+# ======================================================================
+# Routine: install_service
+# Install sshd as a service
+# ======================================================================
+install_service() {
+ local run_service_as
+ local password
+ local ret=0
+
+ echo
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ csih_inform "Sshd service is already installed."
+ check_service_files_ownership "" || let ret+=$?
+ else
+ echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
+ if csih_request "(Say \"no\" if it is already installed as a service)"
+ then
+ csih_get_cygenv "${cygwin_value}"
+
+ if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ then
+ csih_inform "On Windows Server 2003, Windows Vista, and above, the"
+ csih_inform "SYSTEM account cannot setuid to other users -- a capability"
+ csih_inform "sshd requires. You need to have or to create a privileged"
+ csih_inform "account. This script will help you do so."
+ echo
+
+ [ "${opt_force}" = "yes" ] && opt_f=-f
+ [ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
+ csih_select_privileged_username ${opt_f} ${opt_u} sshd
+
+ if ! csih_create_privileged_user "${password_value}"
+ then
+ csih_error_recoverable "There was a serious problem creating a privileged user."
+ csih_request "Do you want to proceed anyway?" || exit 1
+ let ++ret
+ fi
+ fi
+
+ # Never returns empty if NT or above
+ run_service_as=$(csih_service_should_run_as)
+
+ if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
+ then
+ password="${csih_PRIVILEGED_PASSWORD}"
+ if [ -z "${password}" ]
+ then
+ csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
+ password="${csih_value}"
+ fi
+ fi
+
+ # At this point, we either have $run_service_as = "system" and
+ # $password is empty, or $run_service_as is some privileged user and
+ # (hopefully) $password contains the correct password. So, from here
+ # out, we use '-z "${password}"' to discriminate the two cases.
+
+ csih_check_user "${run_service_as}"
+
+ if [ -n "${csih_cygenv}" ]
+ then
+ cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
+ fi
+ if [ -z "${password}" ]
+ then
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}"
+ then
+ echo
+ csih_inform "The sshd service has been installed under the LocalSystem"
+ csih_inform "account (also known as SYSTEM). To start the service now, call"
+ csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
+ csih_inform "will start automatically after the next reboot."
+ fi
+ else
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}" \
+ -u "${run_service_as}" -w "${password}"
+ then
+ /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
+ echo
+ csih_inform "The sshd service has been installed under the '${run_service_as}'"
+ csih_inform "account. To start the service now, call \`net start sshd' or"
+ csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
+ csih_inform "after the next reboot."
+ fi
+ fi
+
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ check_service_files_ownership "${run_service_as}" || let ret+=$?
+ else
+ csih_error_recoverable "Installing sshd as a service failed!"
+ let ++ret
+ fi
+ fi # user allowed us to install as service
+ fi # service not yet installed
+ return $ret
+} # --- End of install_service --- #
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_HOST_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "${option}" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ opt_force=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ opt_force=yes
+ ;;
+
+ -c | --cygwin )
+ cygwin_value="$1"
+ shift
+ ;;
+
+ -p | --port )
+ port_number=$1
+ shift
+ ;;
+
+ -u | --user )
+ user_account="$1"
+ shift
+ ;;
+
+ -w | --pwd )
+ password_value="$1"
+ shift
+ ;;
+
+ --privileged )
+ csih_FORCE_PRIVILEGED_USER=yes
+ ;;
+
+ *)
+ echo "usage: ${progname} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH host configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
+ echo " --port -p <n> sshd listens on port n."
+ echo " --user -u <account> privileged user for service, default 'cyg_server'."
+ echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
+ echo " --privileged On Windows XP, require privileged user"
+ echo " instead of LocalSystem for sshd service."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+if /usr/bin/ps -ef | /usr/bin/grep -q '/sshd\?$'
+then
+ echo
+ csih_error "There are still ssh processes running. Please shut them down first."
+fi
+
+# Make sure the user is running in an administrative context
+admin=$(/usr/bin/id -G | /usr/bin/grep -Eq '\<544\>' && echo yes || echo no)
+if [ "${admin}" != "yes" ]
+then
+ echo
+ csih_warning "Running this script typically requires administrator privileges!"
+ csih_warning "However, it seems your account does not have these privileges."
+ csih_warning "Here's the list of groups in your user token:"
+ echo
+ for i in $(/usr/bin/id -G)
+ do
+ /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group
+ done
+ echo
+ csih_warning "This usually means you're running this script from a non-admin"
+ csih_warning "desktop session, or in a non-elevated shell under UAC control."
+ echo
+ csih_warning "Make sure you have the appropriate privileges right now,"
+ csih_warning "otherwise parts of this script will probably fail!"
+ echo
+ echo -e "${_csih_QUERY_STR} Are you sure you want to continue? (Say \"no\" if you're not sure"
+ if ! csih_request "you have the required privileges)"
+ then
+ echo
+ csih_inform "Ok. Exiting. Make sure to switch to an administrative account"
+ csih_inform "or to start this script from an elevated shell."
+ exit 1
+ fi
+fi
+
+echo
+
+warning_cnt=0
+
+# Check for ${SYSCONFDIR} directory
+csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files."
+if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+
+# Check for /var/log directory
+csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
+if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+
+# Create /var/log/lastlog if not already exists
+if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
+then
+ echo
+ csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
+ "Cannot create ssh host configuration."
+fi
+if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
+then
+ /usr/bin/cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+ if ! /usr/bin/chmod 644 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log/lastlog!"
+ let ++warning_cnt
+ fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create ${LOCALSTATEDIR}/empty directory."
+if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+
+# host keys
+create_host_keys || let warning_cnt+=$?
+
+# handle ssh_config
+csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if /usr/bin/cmp "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/ssh_config" >/dev/null 2>&1
+then
+ if [ "${port_number}" != "22" ]
+ then
+ csih_inform "Updating ${SYSCONFDIR}/ssh_config file with requested port"
+ echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
+ echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
+ fi
+fi
+
+# handle sshd_config (and privsep)
+csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+then
+ /usr/bin/grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
+fi
+sshd_privsep || let warning_cnt+=$?
+
+update_services_file || let warning_cnt+=$?
+update_inetd_conf || let warning_cnt+=$?
+install_service || let warning_cnt+=$?
+
+echo
+if [ $warning_cnt -eq 0 ]
+then
+ csih_inform "Host configuration finished. Have fun!"
+else
+ csih_warning "Host configuration exited with ${warning_cnt} errors or warnings!"
+ csih_warning "Make sure that all problems reported are fixed,"
+ csih_warning "then re-run ssh-host-config."
+fi
+exit $warning_cnt
diff --git a/crypto/openssh/contrib/cygwin/ssh-user-config b/crypto/openssh/contrib/cygwin/ssh-user-config
new file mode 100644
index 0000000..8708b7a
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-user-config
@@ -0,0 +1,266 @@
+#!/bin/bash
+#
+# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+source ${CSIH_SCRIPT}
+
+auto_passphrase="no"
+passphrase=""
+pwdhome=
+with_passphrase=
+
+# ======================================================================
+# Routine: create_identity
+# optionally create identity of type argument in ~/.ssh
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_identity() {
+ local file="$1"
+ local type="$2"
+ local name="$3"
+ if [ ! -f "${pwdhome}/.ssh/${file}" ]
+ then
+ if csih_request "Shall I create a ${name} identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/${file}"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ else
+ ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
+ fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_identity
+
+# ======================================================================
+# Routine: check_user_homedir
+# Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+# pwdhome
+# ======================================================================
+check_user_homedir() {
+ local uid=$(id -u)
+ pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+ if [ "X${pwdhome}" = "X" ]
+ then
+ csih_error_multi \
+ "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+ 'Setting $HOME is not sufficient!'
+ fi
+
+ if [ ! -d "${pwdhome}" ]
+ then
+ csih_error_multi \
+ "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+ 'but it is not a valid directory. Cannot create user identity files.'
+ fi
+
+ # If home is the root dir, set home to empty string to avoid error messages
+ # in subsequent parts of that script.
+ if [ "X${pwdhome}" = "X/" ]
+ then
+ # But first raise a warning!
+ csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+ if csih_request "Would you like to proceed anyway?"
+ then
+ pwdhome=''
+ else
+ csih_warning "Exiting. Configuration is not complete"
+ exit 1
+ fi
+ fi
+
+ if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+ then
+ echo
+ csih_warning 'group and other have been revoked write permission to your home'
+ csih_warning "directory ${pwdhome}."
+ csih_warning 'This is required by OpenSSH to allow public key authentication using'
+ csih_warning 'the key files stored in your .ssh subdirectory.'
+ csih_warning 'Revert this change ONLY if you know what you are doing!'
+ echo
+ fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
+
+# ======================================================================
+# Routine: check_user_dot_ssh_dir
+# Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+ if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+ then
+ csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+ fi
+
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ mkdir "${pwdhome}/.ssh"
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ csih_error "Creating users ${pwdhome}/.ssh directory failed"
+ fi
+ fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
+
+# ======================================================================
+# Routine: fix_authorized_keys_perms
+# Corrects the permissions of ~/.ssh/authorized_keys
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+fix_authorized_keys_perms() {
+ if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+ then
+ if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+ then
+ csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+ csih_warning "failed. Please care for the correct permissions. The minimum requirement"
+ csih_warning "is, the owner needs read permissions."
+ echo
+ fi
+ fi
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "$option" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ ;;
+
+ -p | --passphrase )
+ with_passphrase="yes"
+ passphrase=$1
+ shift
+ ;;
+
+ *)
+ echo "usage: ${PROGNAME} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH user configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --passphrase -p word Use \"word\" as passphrase automatically."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check passwd file
+if [ ! -f ${SYSCONFDIR}/passwd ]
+then
+ csih_error_multi \
+ "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
+ 'first using mkpasswd. Check if it contains an entry for you and' \
+ 'please care for the home directory in your entry as well.'
+fi
+
+check_user_homedir
+check_user_dot_ssh_dir
+create_identity id_rsa rsa "SSH2 RSA"
+create_identity id_dsa dsa "SSH2 DSA"
+create_identity id_ecdsa ecdsa "SSH2 ECDSA"
+create_identity identity rsa1 "(deprecated) SSH1 RSA"
+fix_authorized_keys_perms
+
+echo
+csih_inform "Configuration finished. Have fun!"
+
+
diff --git a/crypto/openssh/contrib/cygwin/sshd-inetd b/crypto/openssh/contrib/cygwin/sshd-inetd
new file mode 100644
index 0000000..aa6bf07
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/sshd-inetd
@@ -0,0 +1,4 @@
+# This file can be used to enable sshd as a slave of the inetd service
+# To do so, the line below should be uncommented.
+@COMMENT@ ssh stream tcp nowait root /usr/sbin/sshd sshd -i
+
OpenPOWER on IntegriCloud