From 6dbf3001ece375d603b50d7e4b49c72ba80f5930 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 3 Jul 2002 23:33:19 +0000 Subject: [PATCH] - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com --- ChangeLog | 5 +- contrib/cygwin/README | 24 ++++ contrib/cygwin/ssh-host-config | 217 +++++++++++++++++++++++---------- 3 files changed, 182 insertions(+), 64 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4b67628c8..cd6b353e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20020703 + - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com + 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & friends consistently. Spotted by Solar Designer @@ -1205,4 +1208,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2313 2002/07/02 07:08:23 djm Exp $ +$Id: ChangeLog,v 1.2314 2002/07/03 23:33:19 mouring Exp $ diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 9021ba2b0..71ea3455f 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -1,5 +1,29 @@ This package is the actual port of OpenSSH to Cygwin 1.3. +=========================================================================== +Important change since 3.4p1-2: + +This version adds privilege separation as default setting, see +/usr/doc/openssh/README.privsep. According to that document the +privsep feature requires a non-privileged account called 'sshd'. + +The new ssh-host-config file which is part of this version asks +to create 'sshd' as local user if you want to use privilege +separation. If you confirm, it creates that NT user and adds +the necessary entry to /etc/passwd. + +On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" +since that feature doesn't make any sense on a system which doesn't +differ between privileged and unprivileged users. + +The new ssh-host-config script also adds the /var/empty directory +needed by privilege separation. When creating the /var/empty directory +by yourself, please note that in contrast to the README.privsep document +the owner sshould not be "root" but the user which is running sshd. So, +in the standard configuration this is SYSTEM. The ssh-host-config script +chowns /var/empty accordingly. +=========================================================================== + =========================================================================== Important change since 3.0.1p1-2: diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index da6011267..df8341c85 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -18,6 +18,11 @@ progname=$0 auto_answer="" port_number=22 +privsep_configured=no +privsep_used=yes +sshd_in_passwd=no +sshd_in_sam=no + request() { if [ "${auto_answer}" = "yes" ] @@ -90,6 +95,10 @@ do esac done +# Check if running on NT +_sys="`uname -a`" +_nt=`expr "$_sys" : "CYGWIN_NT"` + # Check for running ssh/sshd processes first. Refuse to do anything while # some ssh processes are still running @@ -126,6 +135,38 @@ then fi fi +# Create /var/log and /var/log/lastlog if not already existing + +if [ -f /var/log ] +then + echo "Creating /var/log failed\!" +else + if [ ! -d /var/log ] + then + mkdir -p /var/log + fi + if [ -d /var/log/lastlog ] + then + echo "Creating /var/log/lastlog failed\!" + elif [ ! -f /var/log/lastlog ] + then + cat /dev/null > /var/log/lastlog + fi +fi + +# Create /var/empty file used as chroot jail for privilege separation +if [ -f /var/empty ] +then + echo "Creating /var/empty failed\!" +else + mkdir -p /var/empty + # On NT change ownership of that dir to user "system" + if [ $_nt -gt 0 ] + then + chown system.system /var/empty + fi +fi + # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't # the same as ${PREFIX} @@ -219,9 +260,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ] then echo "Generating ${SYSCONFDIR}/ssh_config file" cat > ${SYSCONFDIR}/ssh_config << EOF -# This is ssh client systemwide configuration file. This file provides -# defaults for users, and the values can be changed in per-user configuration -# files or on the command line. +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. # Configuration data is parsed as follows: # 1. command line options @@ -237,20 +279,19 @@ then # ForwardAgent no # ForwardX11 no # RhostsAuthentication no -# RhostsRSAAuthentication yes +# RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes -# FallBackToRsh no -# UseRsh no # BatchMode no # CheckHostIP yes -# StrictHostKeyChecking yes +# StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_rsa # Port 22 # Protocol 2,1 -# Cipher blowfish +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ EOF if [ "$port_number" != "22" ] @@ -271,17 +312,75 @@ then then echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." fi + else + grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes fi fi -# Create default sshd_config from here script +# Prior to creating or modifying sshd_config, care for privilege separation + +if [ "$privsep_configured" != "yes" ] +then + if [ $_nt -gt 0 ] + then + echo "Privilege separation is set to yes by default since OpenSSH 3.3." + echo "However, this requires a non-privileged account called 'sshd'." + echo "For more info on privilege separation read /usr/doc/openssh/README.privsep." + echo + if request "Shall privilege separation be used?" + then + privsep_used=yes + grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes + net user sshd >/dev/null 2>&1 && sshd_in_sam=yes + if [ "$sshd_in_passwd" != "yes" ] + then + if [ "$sshd_in_sam" != "yes" ] + then + echo "Warning: The following function requires administrator privileges!" + if request "Shall this script create a local user 'sshd' on this machine?" + then + dos_var_empty=`cygpath -w /var/empty` + net user sshd /add /fullname:"sshd privsep" "/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 && sshd_in_sam=yes + if [ "$sshd_in_sam" != "yes" ] + then + echo "Warning: Creating the user 'sshd' failed!" + fi + fi + fi + if [ "$sshd_in_sam" != "yes" ] + then + echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" + echo " Privilege separation set to 'no' again!" + echo " Check your ${SYSCONFDIR}/sshd_config file!" + privsep_used=no + else + mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd + fi + fi + else + privsep_used=no + fi + else + # On 9x don't use privilege separation. Since security isn't + # available it just adds useless addtional processes. + privsep_used=no + fi +fi + +# Create default sshd_config from here script or modify to add the +# missing privsep configuration option if [ ! -f "${SYSCONFDIR}/sshd_config" ] then echo "Generating ${SYSCONFDIR}/sshd_config file" cat > ${SYSCONFDIR}/sshd_config << EOF -# This is the sshd server system-wide configuration file. See sshd(8) -# for more information. +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. Port $port_number #Protocol 2,1 @@ -289,66 +388,77 @@ Port $port_number #ListenAddress :: # HostKey for protocol version 1 -HostKey /etc/ssh_host_key +#HostKey ${SYSCONFDIR}/ssh_host_key # HostKeys for protocol version 2 -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key +#HostKey ${SYSCONFDIR}/ssh_host_rsa_key +#HostKey ${SYSCONFDIR}/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server ke -KeyRegenerationInterval 3600 -ServerKeyBits 768 +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO # Authentication: -LoginGraceTime 600 -PermitRootLogin yes +#LoginGraceTime 600 +#PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running # NT/W2K, NTFS and CYGWIN=ntsec. StrictModes no -RSAAuthentication yes -PubkeyAuthentication yes +#RSAAuthentication yes +#PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used -RhostsAuthentication no +#RhostsAuthentication no # Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +#IgnoreRhosts yes +# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts +#RhostsRSAAuthentication no # similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -PermitEmptyPasswords no +#PasswordAuthentication yes +#PermitEmptyPasswords no -X11Forwarding no -X11DisplayOffset 10 -PrintMotd yes -#PrintLastLog no -KeepAlive yes +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#KeepAlive yes #UseLogin no +UsePrivilegeSeparation $privsep_used +#Compression yes -#MaxStartups 10:30:60 -#Banner /etc/issue.net -#ReverseMappingCheck yes +#MaxStartups 10 +# no default banner path +#Banner /some/path +#VerifyReverseMapping no +# override default of no subsystems Subsystem sftp /usr/sbin/sftp-server EOF +elif [ "$privsep_configured" != "yes" ] +then + echo >> ${SYSCONFDIR}/sshd_config + echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config fi # Care for services file -_sys="`uname -a`" -_nt=`expr "$_sys" : "CYGWIN_NT"` if [ $_nt -gt 0 ] then _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" @@ -403,8 +513,8 @@ umount "${_services}" umount "${_serv_tmp}" # Care for inetd.conf file -_inetcnf="/etc/inetd.conf" -_inetcnf_tmp="/etc/inetd.conf.$$" +_inetcnf="${SYSCONFDIR}/inetd.conf" +_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" if [ -f "${_inetcnf}" ] then @@ -442,25 +552,6 @@ then fi fi -# Create /var/log and /var/log/lastlog if not already existing - -if [ -f /var/log ] -then - echo "Creating /var/log failed\!" -else - if [ ! -d /var/log ] - then - mkdir /var/log - fi - if [ -d /var/log/lastlog ] - then - echo "Creating /var/log/lastlog failed\!" - elif [ ! -f /var/log/lastlog ] - then - cat /dev/null > /var/log/lastlog - fi -fi - # On NT ask if sshd should be installed as service if [ $_nt -gt 0 ] then @@ -477,7 +568,7 @@ then [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" then - chown system /etc/ssh* + chown system /${SYSCONFDIR}/ssh* echo echo "The service has been installed under LocalSystem account." fi