#!/bin/sh
#
# Script to install openssh on a RedHat (intel) machine
# author Stefano Turolla
# ESO - European Southern Observatory
# e-mail: sturolla@eso.org
#

# Creating sshd account to have Privilege Separation
create_ssh_user()
{
        echo "creating new sshd User....."
	/bin/mkdir /var/empty
	/bin/chown root:sys /var/empty
	/bin/chmod 755 /var/empty
	/usr/sbin/groupadd -g 22222 sshd
	/usr/sbin/useradd -u 22222 -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
}

#sub to delete old ssh installations
delete_old()
{
        echo "removing old installation ...."
	rm -f "/etc/ssh*"
        rm -f /usr/libexec/sftp-server
        rm -f /usr/bin/scp
        rm -f /usr/bin/slogin
        rm -f /usr/bin/sftp
        rm -f /usr/bin/ssh
        rm -f /usr/bin/ssh-add
        rm -f /usr/bin/ssh-agent
        rm -f /usr/bin/ssh-keygen
        rm -f /usr/bin/ssh-keyscan
        rm -f /usr/sbin/sshd
        rm -f /usr/man/man1/sftp.1
        rm -f /usr/man/man1/scp.1
        rm -f /usr/man/man1/slogin.1
        rm -f /usr/man/man1/ssh-add.1
        rm -f /usr/man/man1/ssh-keygen.1
        rm -f /usr/man/man1/ssh-keyscan.1
        rm -f /usr/man/man8/sshd.8
        rm -f /usr/man/man8/sftp-server.8
        rm -f /usr/man/man1/ssh-agent.1
        rm -f /usr/man/man1/ssh.1

        find /etc/init.d -name "*ssh*" -exec rm -rf {} \;
        find /etc/init.d -name "*ssh*" -exec rm -rf {} \;
        find /etc/rc.d/init.d -name "*ssh*" -exec rm -rf {} \;
        find /etc/rc.d/rc3.d -name "*ssh*" -exec rm -rf {} \;

        echo "done..."
}


# main
PATH=/usr/bin:/usr/sbin:/bin:/sbin
machine=`/bin/uname -n`
os=`/bin/uname -s`
ver=`cat /etc/redhat-release | awk '{print $5}'`
user=`/usr/bin/whoami`
tarfile="openssh-$os-$ver.tar"
current_dir=`pwd`

if [ $user != "root" ] 
then
	echo "You must be root, sorry..."
	exit 1
fi

if [ $os != "Linux" ]  
then
	echo "this script install openssh for Linux - RedHat 7.3 and 9 machines!"
	exit 1
fi

if [ ! -e /etc/redhat-release ] 
then
	echo "This is not a redhat machine, sorry..."
	exit 1
fi

if [ "$ver" != '7.3' ] && ["$ver" != '9' ]    
then
	echo "The $ver redhat version is not supported, sorry..."
	exit 1
fi

echo "Installing openssh version 3.8p1 on machine $machine and os = $os - redhat $ver"

echo "Removing every rpm concerning ssh...."
/bin/rpm -e --nodeps   openssh  openssh-clients openssh-server >& /dev/null

if [ ! -f $tarfile ]
then
	echo "the file $tarfile is missing in the current directory"
	exit 1
fi

# copying tar file in /tmp

echo "copying tar file in /tmp"
cp $tarfile /tmp

# create sshd account for prioviledge separation
create_ssh_user

# deleting old installation
delete_old

echo "extracting openssh distribution....."
cd /
tar xvf /tmp/$tarfile
cd $current_dir
rm -f /tmp/$tarfile


echo "Configuring  openssh...."

if [ -f "/etc/ssh/ssh_host_key" ] ;
then
          echo "/etc/ssh/ssh_host_key already exists, skipping." ;
else
          /usr/bin/ssh-keygen -b 1024 -t rsa1 -f /etc/ssh/ssh_host_key -N "" ;
fi ;

if [ -f /etc/ssh/ssh_host_dsa_key ] ; then
          echo "/etc/ssh/ssh_host_dsa_key already exists, skipping." ;
else
          /usr/bin/ssh-keygen -b 1024 -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" ;
fi ;

if [ -f /etc/ssh/ssh_host_rsa_key ] ; then
          echo "/etc/ssh/ssh_host_rsa_key already exists, skipping." ;
else
        /usr/bin/ssh-keygen -b 1024 -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" ;
fi ;


/sbin/service sshd stop
/sbin/service sshd start
echo done