#!/bin/sh## ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.## This file is part of the Cygwin port of OpenSSH.# Directory where the config files are storedSYSCONFDIR=/etcprogname=$0auto_answer=""auto_passphrase="no"passphrase=""request(){  if [ "${auto_answer}" = "yes" ]  then    return 0  elif [ "${auto_answer}" = "no" ]  then    return 1  fi  answer=""  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]  do    echo -n "$1 (yes/no) "    read answer  done  if [ "X${answer}" = "Xyes" ]  then    return 0  else    return 1  fi}# Check if running on NT_sys="`uname -a`"_nt=`expr "$_sys" : "CYGWIN_NT"`# If running on NT, check if running under 2003 Server or laterif [ $_nt -gt 0 ]then  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`fi# Check optionswhile :do  case $# in  0)    break    ;;  esac  option=$1  shift  case "$option" in  -d | --debug )    set -x    ;;  -y | --yes )    auto_answer=yes    ;;  -n | --no )    auto_answer=no    ;;  -p | --passphrase )    with_passphrase="yes"    passphrase=$1    shift    ;;  *)    echo "usage: ${progname} [OPTION]..."    echo    echo "This script creates an OpenSSH user configuration."    echo    echo "Options:"    echo "    --debug      -d        Enable shell's debug output."    echo "    --yes        -y        Answer all questions with \"yes\" automatically."    echo "    --no         -n        Answer all questions with \"no\" automatically."    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."    echo    exit 1    ;;  esacdone# Ask user if user identity should be generatedif [ ! -f ${SYSCONFDIR}/passwd ]then  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"  echo 'first using mkpasswd. Check if it contains an entry for you and'  echo 'please care for the home directory in your entry as well.'  exit 1fiuid=`id -u`pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`if [ "X${pwdhome}" = "X" ]then  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."  echo 'Setting $HOME is not sufficient!'  exit 1fiif [ ! -d "${pwdhome}" ]then  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"  echo 'but it is not a valid directory. Cannot create user identity files.'  exit 1fi# If home is the root dir, set home to empty string to avoid error messages# in subsequent parts of that script.if [ "X${pwdhome}" = "X/" ]then  # But first raise a warning!  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"  if request "Would you like to proceed anyway?"  then    pwdhome=''  else    exit 1  fifiif [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]then  echo  echo 'WARNING: group and other have been revoked write permission to your home'  echo "         directory ${pwdhome}."  echo '         This is required by OpenSSH to allow public key authentication using'  echo '         the key files stored in your .ssh subdirectory.'  echo '         Revert this change ONLY if you know what you are doing!'  echofiif [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]then  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."  exit 1fiif [ ! -e "${pwdhome}/.ssh" ]then  mkdir "${pwdhome}/.ssh"  if [ ! -e "${pwdhome}/.ssh" ]  then    echo "Creating users ${pwdhome}/.ssh directory failed"    exit 1  fifiif [ $_nt -gt 0 ]then  _user="system"  if [ $_nt2003 -gt 0 ]  then    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"  fi  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"  then    echo "${pwdhome}/.ssh couldn't be given the correct permissions."    echo "Please try to solve this problem first."    exit 1  fifiif [ ! -f "${pwdhome}/.ssh/identity" ]then  if request "Shall I create an SSH1 RSA identity file for you?"  then    echo "Generating ${pwdhome}/.ssh/identity"    if [ "${with_passphrase}" = "yes" ]    then      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null    else      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null    fi    if request "Do you want to use this identity to login to this machine?"    then      echo "Adding to ${pwdhome}/.ssh/authorized_keys"      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"    fi  fifiif [ ! -f "${pwdhome}/.ssh/id_rsa" ]then  if request "Shall I create an SSH2 RSA identity file for you?"  then    echo "Generating ${pwdhome}/.ssh/id_rsa"    if [ "${with_passphrase}" = "yes" ]    then      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null    else      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null    fi    if request "Do you want to use this identity to login to this machine?"    then      echo "Adding to ${pwdhome}/.ssh/authorized_keys"      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"    fi  fifiif [ ! -f "${pwdhome}/.ssh/id_dsa" ]then  if request "Shall I create an SSH2 DSA identity file for you?"  then    echo "Generating ${pwdhome}/.ssh/id_dsa"    if [ "${with_passphrase}" = "yes" ]    then      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null    else      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null    fi    if request "Do you want to use this identity to login to this machine?"    then      echo "Adding to ${pwdhome}/.ssh/authorized_keys"      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"    fi  fifiif [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]then  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"  then    echo    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"    echo "failed.  Please care for the correct permissions.  The minimum requirement"    echo "is, the owner and ${_user} both need read permissions."    echo  fifiechoecho "Configuration finished. Have fun!"