contrib/cygwin/ssh-host-config - third_party/openssh-portable - Git at Google

 #!/bin/sh
 #
 # ssh-host-config, Copyright 2000, Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.

 # Subdirectory where the new package is being installed
 PREFIX=/usr

 # Directory where the config files are stored
 SYSCONFDIR=/etc

 # Subdirectory where an old package might be installed
 OLDPREFIX=/usr/local
 OLDSYSCONFDIR=${OLDPREFIX}/etc

 progname=$0
 auto_answer=""
 port_number=22

 privsep_configured=no
 privsep_used=yes
 sshd_in_passwd=no
 sshd_in_sam=no

 request()
 {
   if [ "${auto_answer}" = "yes" ]
   then
     return 0
   elif [ "${auto_answer}" = "no" ]
   then
     return 1
   fi

   answer=""
   while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
   do
     echo -n "$1 (yes/no) "
     read answer
   done
   if [ "X${answer}" = "Xyes" ]
   then
     return 0
   else
     return 1
   fi
 }

 # Check options

 while :
 do
   case $# in
   0)
     break
     ;;
   esac

   option=$1
   shift

   case "$option" in
   -d | --debug )
     set -x
     ;;

   -y | --yes )
     auto_answer=yes
     ;;

   -n | --no )
     auto_answer=no
     ;;

   -p | --port )
     port_number=$1
     shift
     ;;

   *)
     echo "usage: ${progname} [OPTION]..."
     echo
     echo "This script creates an OpenSSH host configuration."
     echo
     echo "Options:"
     echo "    --debug  -d     Enable shell's debug output."
     echo "    --yes    -y     Answer all questions with \"yes\" automatically."
     echo "    --no     -n     Answer all questions with \"no\" automatically."
     echo "    --port   -p <n> sshd listens on port n."
     echo
     exit 1
     ;;

   esac
 done

 # Check if running on NT
 _sys="`uname -a`"
 _nt=`expr "$_sys" : "CYGWIN_NT"`

 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running

 if ps -ef | grep -v grep | grep -q ssh
 then
   echo
   echo "There are still ssh processes running. Please shut them down first."
   echo
   exit 1
 fi

 # Check for ${SYSCONFDIR} directory

 if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
 then
   echo
   echo "${SYSCONFDIR} is existant but not a directory."
   echo "Cannot create global configuration files."
   echo
   exit 1
 fi

 # Create it if necessary

 if [ ! -e "${SYSCONFDIR}" ]
 then
   mkdir "${SYSCONFDIR}"
   if [ ! -e "${SYSCONFDIR}" ]
   then
     echo
     echo "Creating ${SYSCONFDIR} directory failed"
     echo
     exit 1
   fi
 fi

 # Create /var/log and /var/log/lastlog if not already existing

 if [ -f /var/log ]
 then
   echo "Creating /var/log failed\!"
 else
   if [ ! -d /var/log ]
   then
     mkdir -p /var/log
   fi
   if [ -d /var/log/lastlog ]
   then
     echo "Creating /var/log/lastlog failed\!"
   elif [ ! -f /var/log/lastlog ]
   then
     cat /dev/null > /var/log/lastlog
   fi
 fi

 # Create /var/empty file used as chroot jail for privilege separation
 if [ -f /var/empty ]
 then
   echo "Creating /var/empty failed\!"
 else
   mkdir -p /var/empty
   # On NT change ownership of that dir to user "system"
   if [ $_nt -gt 0 ]
   then
     chmod 755 /var/empty
     chown system.system /var/empty
   fi
 fi

 # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
 # the same as ${PREFIX}

 old_install=0
 if [ "${OLDPREFIX}" != "${PREFIX}" ]
 then
   if [ -f "${OLDPREFIX}/sbin/sshd" ]
   then
     echo
     echo "You seem to have an older installation in ${OLDPREFIX}."
     echo
     # Check if old global configuration files exist
     if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
     then
       if request "Do you want to copy your config files to your new installation?"
       then
         cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
         cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
         cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
         cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
         cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
         cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
       fi
     fi
     if request "Do you want to erase your old installation?"
     then
       rm -f ${OLDPREFIX}/bin/ssh.exe
       rm -f ${OLDPREFIX}/bin/ssh-config
       rm -f ${OLDPREFIX}/bin/scp.exe
       rm -f ${OLDPREFIX}/bin/ssh-add.exe
       rm -f ${OLDPREFIX}/bin/ssh-agent.exe
       rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
       rm -f ${OLDPREFIX}/bin/slogin
       rm -f ${OLDSYSCONFDIR}/ssh_host_key
       rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
       rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
       rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
       rm -f ${OLDSYSCONFDIR}/ssh_config
       rm -f ${OLDSYSCONFDIR}/sshd_config
       rm -f ${OLDPREFIX}/man/man1/ssh.1
       rm -f ${OLDPREFIX}/man/man1/scp.1
       rm -f ${OLDPREFIX}/man/man1/ssh-add.1
       rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
       rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
       rm -f ${OLDPREFIX}/man/man1/slogin.1
       rm -f ${OLDPREFIX}/man/man8/sshd.8
       rm -f ${OLDPREFIX}/sbin/sshd.exe
       rm -f ${OLDPREFIX}/sbin/sftp-server.exe
     fi
     old_install=1
   fi
 fi

 # First generate host keys if not already existing

 if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_host_key"
   ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
 fi

 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
   ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
 fi

 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
   ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
 fi

 # Check if ssh_config exists. If yes, ask for overwriting

 if [ -f "${SYSCONFDIR}/ssh_config" ]
 then
   if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
   then
     rm -f "${SYSCONFDIR}/ssh_config"
     if [ -f "${SYSCONFDIR}/ssh_config" ]
     then
       echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
     fi
   fi
 fi

 # Create default ssh_config from here script

 if [ ! -f "${SYSCONFDIR}/ssh_config" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_config file"
   cat > ${SYSCONFDIR}/ssh_config << EOF
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
 # users, and the values can be changed in per-user configuration files
 # or on the command line.

 # Configuration data is parsed as follows:
 #  1. command line options
 #  2. user-specific file
 #  3. system-wide file
 # Any configuration value is only changed the first time it is set.
 # Thus, host-specific definitions should be at the beginning of the
 # configuration file, and defaults at the end.

 # Site-wide defaults for various options

 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
 #   RhostsAuthentication no
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
 #   BatchMode no
 #   CheckHostIP yes
 #   StrictHostKeyChecking ask
 #   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_dsa
 #   IdentityFile ~/.ssh/id_rsa
 #   Port 22
 #   Protocol 2,1
 #   Cipher 3des
 #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
 EOF
   if [ "$port_number" != "22" ]
   then
     echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
     echo "    Port $port_number" >> ${SYSCONFDIR}/ssh_config
   fi
 fi

 # Check if sshd_config exists. If yes, ask for overwriting

 if [ -f "${SYSCONFDIR}/sshd_config" ]
 then
   if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
   then
     rm -f "${SYSCONFDIR}/sshd_config"
     if [ -f "${SYSCONFDIR}/sshd_config" ]
     then
       echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
     fi
   else
     grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
   fi
 fi

 # Prior to creating or modifying sshd_config, care for privilege separation

 if [ "$privsep_configured" != "yes" ]
 then
   if [ $_nt -gt 0 ]
   then
     echo "Privilege separation is set to yes by default since OpenSSH 3.3."
     echo "However, this requires a non-privileged account called 'sshd'."
     echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
     echo
     if request "Shall privilege separation be used?"
     then
       privsep_used=yes
       grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
       net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
       if [ "$sshd_in_passwd" != "yes" ]
       then
         if [ "$sshd_in_sam" != "yes" ]
 	then
 	  echo "Warning: The following function requires administrator privileges!"
 	  if request "Shall this script create a local user 'sshd' on this machine?"
 	  then
 	    dos_var_empty=`cygpath -w /var/empty`
 	    net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
 	    if [ "$sshd_in_sam" != "yes" ]
 	    then
 	      echo "Warning: Creating the user 'sshd' failed!"
 	    fi
 	  fi
 	fi
 	if [ "$sshd_in_sam" != "yes" ]
 	then
 	  echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
 	  echo "         Privilege separation set to 'no' again!"
 	  echo "         Check your ${SYSCONFDIR}/sshd_config file!"
 	  privsep_used=no
 	else
 	  mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
 	fi
       fi
     else
       privsep_used=no
     fi
   else
     # On 9x don't use privilege separation.  Since security isn't
     # available it just adds useless addtional processes.
     privsep_used=no
   fi
 fi

 # Create default sshd_config from here script or modify to add the
 # missing privsep configuration option

 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
   echo "Generating ${SYSCONFDIR}/sshd_config file"
   cat > ${SYSCONFDIR}/sshd_config << EOF
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.

 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options change a
 # default value.

 Port $port_number
 #Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::

 # HostKey for protocol version 1
 #HostKey ${SYSCONFDIR}/ssh_host_key
 # HostKeys for protocol version 2
 #HostKey ${SYSCONFDIR}/ssh_host_rsa_key
 #HostKey ${SYSCONFDIR}/ssh_host_dsa_key

 # Lifetime and size of ephemeral version 1 server ke
 #KeyRegenerationInterval 3600
 #ServerKeyBits 768

 # Logging
 #obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO

 # Authentication:

 #LoginGraceTime 600
 #PermitRootLogin yes
 # The following setting overrides permission checks on host key files
 # and directories. For security reasons set this to "yes" when running
 # NT/W2K, NTFS and CYGWIN=ntsec.
 StrictModes no

 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile     %h/.ssh/authorized_keys

 # rhosts authentication should not be used
 #RhostsAuthentication no
 # Don't read ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no

 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no

 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes

 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
 #PrintLastLog yes
 #KeepAlive yes
 #UseLogin no
 UsePrivilegeSeparation $privsep_used
 #Compression yes

 #MaxStartups 10
 # no default banner path
 #Banner /some/path
 #VerifyReverseMapping no

 # override default of no subsystems
 Subsystem      sftp    /usr/sbin/sftp-server
 EOF
 elif [ "$privsep_configured" != "yes" ]
 then
   echo >> ${SYSCONFDIR}/sshd_config
   echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
 fi

 # Care for services file
 if [ $_nt -gt 0 ]
 then
   _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
   _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
 else
   _wservices="${WINDIR}\\SERVICES"
   _wserv_tmp="${WINDIR}\\SERV.$$"
 fi
 _services=`cygpath -u "${_wservices}"`
 _serv_tmp=`cygpath -u "${_wserv_tmp}"`

 mount -t -f "${_wservices}" "${_services}"
 mount -t -f "${_wserv_tmp}" "${_serv_tmp}"

 # Remove sshd 22/port from services
 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
 then
   grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
   if [ -f "${_serv_tmp}" ]
   then
     if mv "${_serv_tmp}" "${_services}"
     then
       echo "Removing sshd from ${_services}"
     else
       echo "Removing sshd from ${_services} failed\!"
     fi
     rm -f "${_serv_tmp}"
   else
     echo "Removing sshd from ${_services} failed\!"
   fi
 fi

 # Add ssh 22/tcp  and ssh 22/udp to services
 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
 then
   awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp                           #SSH Remote Login Protocol\nssh                22/udp                           #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
   if [ -f "${_serv_tmp}" ]
   then
     if mv "${_serv_tmp}" "${_services}"
     then
       echo "Added ssh to ${_services}"
     else
       echo "Adding ssh to ${_services} failed\!"
     fi
     rm -f "${_serv_tmp}"
   else
     echo "Adding ssh to ${_services} failed\!"
   fi
 fi

 umount "${_services}"
 umount "${_serv_tmp}"

 # Care for inetd.conf file
 _inetcnf="${SYSCONFDIR}/inetd.conf"
 _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"

 if [ -f "${_inetcnf}" ]
 then
   # Check if ssh service is already in use as sshd
   with_comment=1
   grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
   # Remove sshd line from inetd.conf
   if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
   then
     grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
     if [ -f "${_inetcnf_tmp}" ]
     then
       if mv "${_inetcnf_tmp}" "${_inetcnf}"
       then
         echo "Removed sshd from ${_inetcnf}"
       else
         echo "Removing sshd from ${_inetcnf} failed\!"
       fi
       rm -f "${_inetcnf_tmp}"
     else
       echo "Removing sshd from ${_inetcnf} failed\!"
     fi
   fi

   # Add ssh line to inetd.conf
   if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
   then
     if [ "${with_comment}" -eq 0 ]
     then
       echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
     else
       echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
     fi
     echo "Added ssh to ${_inetcnf}"
   fi
 fi

 # On NT ask if sshd should be installed as service
 if [ $_nt -gt 0 ]
 then
   echo
   echo "Do you want to install sshd as service?"
   if request "(Say \"no\" if it's already installed as service)"
   then
     echo
     echo "Which value should the environment variable CYGWIN have when"
     echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
     echo "able to change user context without password."
     echo -n "Default is \"binmode ntsec tty\".  CYGWIN="
     read _cygwin
     [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
     if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
     then
       chown system ${SYSCONFDIR}/ssh*
       echo
       echo "The service has been installed under LocalSystem account."
     fi
   fi
 fi

 if [ "${old_install}" = "1" ]
 then
   echo
   echo "Note: If you have used sshd as service or from inetd, don't forget to"
   echo "      change the path to sshd.exe in the service entry or in inetd.conf."
 fi

 echo
 echo "Host configuration finished. Have fun!"
	#!/bin/sh
	#
	# ssh-host-config, Copyright 2000, Red Hat Inc.
	#
	# This file is part of the Cygwin port of OpenSSH.

	# Subdirectory where the new package is being installed
	PREFIX=/usr

	# Directory where the config files are stored
	SYSCONFDIR=/etc

	# Subdirectory where an old package might be installed
	OLDPREFIX=/usr/local
	OLDSYSCONFDIR=${OLDPREFIX}/etc

	progname=$0
	auto_answer=""
	port_number=22

	privsep_configured=no
	privsep_used=yes
	sshd_in_passwd=no
	sshd_in_sam=no

	request()
	{
	if [ "${auto_answer}" = "yes" ]
	then
	return 0
	elif [ "${auto_answer}" = "no" ]
	then
	return 1
	fi

	answer=""
	while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
	do
	echo -n "$1 (yes/no) "
	read answer
	done
	if [ "X${answer}" = "Xyes" ]
	then
	return 0
	else
	return 1
	fi
	}

	# Check options

	while :
	do
	case $# in
	0)
	break
	;;
	esac

	option=$1
	shift

	case "$option" in
	-d \| --debug )
	set -x
	;;

	-y \| --yes )
	auto_answer=yes
	;;

	-n \| --no )
	auto_answer=no
	;;

	-p \| --port )
	port_number=$1
	shift
	;;

	*)
	echo "usage: ${progname} [OPTION]..."
	echo
	echo "This script creates an OpenSSH host configuration."
	echo
	echo "Options:"
	echo " --debug -d Enable shell's debug output."
	echo " --yes -y Answer all questions with \"yes\" automatically."
	echo " --no -n Answer all questions with \"no\" automatically."
	echo " --port -p <n> sshd listens on port n."
	echo
	exit 1
	;;

	esac
	done

	# Check if running on NT
	_sys="`uname -a`"
	_nt=`expr "$_sys" : "CYGWIN_NT"`

	# Check for running ssh/sshd processes first. Refuse to do anything while
	# some ssh processes are still running

	if ps -ef \| grep -v grep \| grep -q ssh
	then
	echo
	echo "There are still ssh processes running. Please shut them down first."
	echo
	exit 1
	fi

	# Check for ${SYSCONFDIR} directory

	if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
	then
	echo
	echo "${SYSCONFDIR} is existant but not a directory."
	echo "Cannot create global configuration files."
	echo
	exit 1
	fi

	# Create it if necessary

	if [ ! -e "${SYSCONFDIR}" ]
	then
	mkdir "${SYSCONFDIR}"
	if [ ! -e "${SYSCONFDIR}" ]
	then
	echo
	echo "Creating ${SYSCONFDIR} directory failed"
	echo
	exit 1
	fi
	fi

	# Create /var/log and /var/log/lastlog if not already existing

	if [ -f /var/log ]
	then
	echo "Creating /var/log failed\!"
	else
	if [ ! -d /var/log ]
	then
	mkdir -p /var/log
	fi
	if [ -d /var/log/lastlog ]
	then
	echo "Creating /var/log/lastlog failed\!"
	elif [ ! -f /var/log/lastlog ]
	then
	cat /dev/null > /var/log/lastlog
	fi
	fi

	# Create /var/empty file used as chroot jail for privilege separation
	if [ -f /var/empty ]
	then
	echo "Creating /var/empty failed\!"
	else
	mkdir -p /var/empty
	# On NT change ownership of that dir to user "system"
	if [ $_nt -gt 0 ]
	then
	chmod 755 /var/empty
	chown system.system /var/empty
	fi
	fi

	# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
	# the same as ${PREFIX}

	old_install=0
	if [ "${OLDPREFIX}" != "${PREFIX}" ]
	then
	if [ -f "${OLDPREFIX}/sbin/sshd" ]
	then
	echo
	echo "You seem to have an older installation in ${OLDPREFIX}."
	echo
	# Check if old global configuration files exist
	if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
	then
	if request "Do you want to copy your config files to your new installation?"
	then
	cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
	cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
	cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
	cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
	cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
	cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
	fi
	fi
	if request "Do you want to erase your old installation?"
	then
	rm -f ${OLDPREFIX}/bin/ssh.exe
	rm -f ${OLDPREFIX}/bin/ssh-config
	rm -f ${OLDPREFIX}/bin/scp.exe
	rm -f ${OLDPREFIX}/bin/ssh-add.exe
	rm -f ${OLDPREFIX}/bin/ssh-agent.exe
	rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
	rm -f ${OLDPREFIX}/bin/slogin
	rm -f ${OLDSYSCONFDIR}/ssh_host_key
	rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
	rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
	rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
	rm -f ${OLDSYSCONFDIR}/ssh_config
	rm -f ${OLDSYSCONFDIR}/sshd_config
	rm -f ${OLDPREFIX}/man/man1/ssh.1
	rm -f ${OLDPREFIX}/man/man1/scp.1
	rm -f ${OLDPREFIX}/man/man1/ssh-add.1
	rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
	rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
	rm -f ${OLDPREFIX}/man/man1/slogin.1
	rm -f ${OLDPREFIX}/man/man8/sshd.8
	rm -f ${OLDPREFIX}/sbin/sshd.exe
	rm -f ${OLDPREFIX}/sbin/sftp-server.exe
	fi
	old_install=1
	fi
	fi

	# First generate host keys if not already existing

	if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
	then
	echo "Generating ${SYSCONFDIR}/ssh_host_key"
	ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
	fi

	if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
	then
	echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
	ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
	fi

	if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
	then
	echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
	ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
	fi

	# Check if ssh_config exists. If yes, ask for overwriting

	if [ -f "${SYSCONFDIR}/ssh_config" ]
	then
	if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
	then
	rm -f "${SYSCONFDIR}/ssh_config"
	if [ -f "${SYSCONFDIR}/ssh_config" ]
	then
	echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
	fi
	fi
	fi

	# Create default ssh_config from here script

	if [ ! -f "${SYSCONFDIR}/ssh_config" ]
	then
	echo "Generating ${SYSCONFDIR}/ssh_config file"
	cat > ${SYSCONFDIR}/ssh_config << EOF
	# This is the ssh client system-wide configuration file. See
	# ssh_config(5) for more information. This file provides defaults for
	# users, and the values can be changed in per-user configuration files
	# or on the command line.

	# Configuration data is parsed as follows:
	# 1. command line options
	# 2. user-specific file
	# 3. system-wide file
	# Any configuration value is only changed the first time it is set.
	# Thus, host-specific definitions should be at the beginning of the
	# configuration file, and defaults at the end.

	# Site-wide defaults for various options

	# Host *
	# ForwardAgent no
	# ForwardX11 no
	# RhostsAuthentication no
	# RhostsRSAAuthentication no
	# RSAAuthentication yes
	# PasswordAuthentication yes
	# BatchMode no
	# CheckHostIP yes
	# StrictHostKeyChecking ask
	# IdentityFile ~/.ssh/identity
	# IdentityFile ~/.ssh/id_dsa
	# IdentityFile ~/.ssh/id_rsa
	# Port 22
	# Protocol 2,1
	# Cipher 3des
	# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
	# EscapeChar ~
	EOF
	if [ "$port_number" != "22" ]
	then
	echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
	echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
	fi
	fi

	# Check if sshd_config exists. If yes, ask for overwriting

	if [ -f "${SYSCONFDIR}/sshd_config" ]
	then
	if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
	then
	rm -f "${SYSCONFDIR}/sshd_config"
	if [ -f "${SYSCONFDIR}/sshd_config" ]
	then
	echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
	fi
	else
	grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
	fi
	fi

	# Prior to creating or modifying sshd_config, care for privilege separation

	if [ "$privsep_configured" != "yes" ]
	then
	if [ $_nt -gt 0 ]
	then
	echo "Privilege separation is set to yes by default since OpenSSH 3.3."
	echo "However, this requires a non-privileged account called 'sshd'."
	echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
	echo
	if request "Shall privilege separation be used?"
	then
	privsep_used=yes
	grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
	net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
	if [ "$sshd_in_passwd" != "yes" ]
	then
	if [ "$sshd_in_sam" != "yes" ]
	then
	echo "Warning: The following function requires administrator privileges!"
	if request "Shall this script create a local user 'sshd' on this machine?"
	then
	dos_var_empty=`cygpath -w /var/empty`
	net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
	if [ "$sshd_in_sam" != "yes" ]
	then
	echo "Warning: Creating the user 'sshd' failed!"
	fi
	fi
	fi
	if [ "$sshd_in_sam" != "yes" ]
	then
	echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
	echo " Privilege separation set to 'no' again!"
	echo " Check your ${SYSCONFDIR}/sshd_config file!"
	privsep_used=no
	else
	mkpasswd -l -u sshd \| sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
	fi
	fi
	else
	privsep_used=no
	fi
	else
	# On 9x don't use privilege separation. Since security isn't
	# available it just adds useless addtional processes.
	privsep_used=no
	fi
	fi

	# Create default sshd_config from here script or modify to add the
	# missing privsep configuration option

	if [ ! -f "${SYSCONFDIR}/sshd_config" ]
	then
	echo "Generating ${SYSCONFDIR}/sshd_config file"
	cat > ${SYSCONFDIR}/sshd_config << EOF
	# This is the sshd server system-wide configuration file. See
	# sshd_config(5) for more information.

	# The strategy used for options in the default sshd_config shipped with
	# OpenSSH is to specify options with their default value where
	# possible, but leave them commented. Uncommented options change a
	# default value.

	Port $port_number
	#Protocol 2,1
	#ListenAddress 0.0.0.0
	#ListenAddress ::

	# HostKey for protocol version 1
	#HostKey ${SYSCONFDIR}/ssh_host_key
	# HostKeys for protocol version 2
	#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
	#HostKey ${SYSCONFDIR}/ssh_host_dsa_key

	# Lifetime and size of ephemeral version 1 server ke
	#KeyRegenerationInterval 3600
	#ServerKeyBits 768

	# Logging
	#obsoletes QuietMode and FascistLogging
	#SyslogFacility AUTH
	#LogLevel INFO

	# Authentication:

	#LoginGraceTime 600
	#PermitRootLogin yes
	# The following setting overrides permission checks on host key files
	# and directories. For security reasons set this to "yes" when running
	# NT/W2K, NTFS and CYGWIN=ntsec.
	StrictModes no

	#RSAAuthentication yes
	#PubkeyAuthentication yes
	#AuthorizedKeysFile %h/.ssh/authorized_keys

	# rhosts authentication should not be used
	#RhostsAuthentication no
	# Don't read ~/.rhosts and ~/.shosts files
	#IgnoreRhosts yes
	# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
	#RhostsRSAAuthentication no
	# similar for protocol version 2
	#HostbasedAuthentication no
	# Change to yes if you don't trust ~/.ssh/known_hosts for
	# RhostsRSAAuthentication and HostbasedAuthentication
	#IgnoreUserKnownHosts no

	# To disable tunneled clear text passwords, change to no here!
	#PasswordAuthentication yes
	#PermitEmptyPasswords no

	# Change to no to disable s/key passwords
	#ChallengeResponseAuthentication yes

	#X11Forwarding no
	#X11DisplayOffset 10
	#X11UseLocalhost yes
	#PrintMotd yes
	#PrintLastLog yes
	#KeepAlive yes
	#UseLogin no
	UsePrivilegeSeparation $privsep_used
	#Compression yes

	#MaxStartups 10
	# no default banner path
	#Banner /some/path
	#VerifyReverseMapping no

	# override default of no subsystems
	Subsystem sftp /usr/sbin/sftp-server
	EOF
	elif [ "$privsep_configured" != "yes" ]
	then
	echo >> ${SYSCONFDIR}/sshd_config
	echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
	fi

	# Care for services file
	if [ $_nt -gt 0 ]
	then
	_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
	_wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
	else
	_wservices="${WINDIR}\\SERVICES"
	_wserv_tmp="${WINDIR}\\SERV.$$"
	fi
	_services=`cygpath -u "${_wservices}"`
	_serv_tmp=`cygpath -u "${_wserv_tmp}"`

	mount -t -f "${_wservices}" "${_services}"
	mount -t -f "${_wserv_tmp}" "${_serv_tmp}"

	# Remove sshd 22/port from services
	if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
	then
	grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
	if [ -f "${_serv_tmp}" ]
	then
	if mv "${_serv_tmp}" "${_services}"
	then
	echo "Removing sshd from ${_services}"
	else
	echo "Removing sshd from ${_services} failed\!"
	fi
	rm -f "${_serv_tmp}"
	else
	echo "Removing sshd from ${_services} failed\!"
	fi
	fi

	# Add ssh 22/tcp and ssh 22/udp to services
	if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
	then
	awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
	if [ -f "${_serv_tmp}" ]
	then
	if mv "${_serv_tmp}" "${_services}"
	then
	echo "Added ssh to ${_services}"
	else
	echo "Adding ssh to ${_services} failed\!"
	fi
	rm -f "${_serv_tmp}"
	else
	echo "Adding ssh to ${_services} failed\!"
	fi
	fi

	umount "${_services}"
	umount "${_serv_tmp}"

	# Care for inetd.conf file
	_inetcnf="${SYSCONFDIR}/inetd.conf"
	_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"

	if [ -f "${_inetcnf}" ]
	then
	# Check if ssh service is already in use as sshd
	with_comment=1
	grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
	# Remove sshd line from inetd.conf
	if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
	then
	grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
	if [ -f "${_inetcnf_tmp}" ]
	then
	if mv "${_inetcnf_tmp}" "${_inetcnf}"
	then
	echo "Removed sshd from ${_inetcnf}"
	else
	echo "Removing sshd from ${_inetcnf} failed\!"
	fi
	rm -f "${_inetcnf_tmp}"
	else
	echo "Removing sshd from ${_inetcnf} failed\!"
	fi
	fi

	# Add ssh line to inetd.conf
	if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
	then
	if [ "${with_comment}" -eq 0 ]
	then
	echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
	else
	echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
	fi
	echo "Added ssh to ${_inetcnf}"
	fi
	fi

	# On NT ask if sshd should be installed as service
	if [ $_nt -gt 0 ]
	then
	echo
	echo "Do you want to install sshd as service?"
	if request "(Say \"no\" if it's already installed as service)"
	then
	echo
	echo "Which value should the environment variable CYGWIN have when"
	echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
	echo "able to change user context without password."
	echo -n "Default is \"binmode ntsec tty\". CYGWIN="
	read _cygwin
	[ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
	if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
	then
	chown system ${SYSCONFDIR}/ssh*
	echo
	echo "The service has been installed under LocalSystem account."
	fi
	fi
	fi

	if [ "${old_install}" = "1" ]
	then
	echo
	echo "Note: If you have used sshd as service or from inetd, don't forget to"
	echo " change the path to sshd.exe in the service entry or in inetd.conf."
	fi

	echo
	echo "Host configuration finished. Have fun!"