#!/bin/sh # # Script to install openssh on a Solaris (sparc) machine # author Stefano Turolla # ESO - European Southern Observatory # e-mail: sturolla@eso.org # #sub to install the patch to add /dev/random to solaris os install_random() { # cheking if /dev/random is present... echo "checking if random generator is present...." if test $ver = "5.6" then if /usr/bin/pkginfo -q SUNWski then echo "installed" else echo "not installed -> installing ... " /usr/sbin/pkgadd -d /tmp SUNWski << EndOfInstalling yes yes EndOfInstalling echo "done" fi fi if test "$ver" = "5.8" then if /usr/bin/pkginfo -q ANDIrand then echo "installed" else echo "not installed -> installing ... " echo y | /usr/sbin/pkgadd -d /tmp/ANDIrand-0.6-5.8-sparc-1.pkg all fi fi } # Create sshd user for Privilege Separation option create_ssh_user() { echo "creating new sshd User....." /bin/mkdir /var/empty /bin/chown root:sys /var/empty /bin/chmod 755 /var/empty /usr/sbin/groupadd -g 22222 sshd /usr/sbin/useradd -u 22222 -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd } #sub to delete old ssh installations delete_old() { echo "removing old installation ...." rm -f /usr/lib/libz.a rm -f /usr/bin/scp rm -f /usr/bin/slogin rm -f /usr/bin/sftp rm -f /usr/bin/ssh rm -f /usr/libexec/sftp-server rm -f /usr/bin/ssh-add rm -f /usr/bin/ssh-agent rm -f /usr/bin/ssh-keygen rm -f /usr/bin/ssh-keyscan rm -f /usr/sbin/sshd rm -f /usr/man/man1/scp.1 rm -f /usr/man/man1/sftp.1 rm -f /usr/man/man8/sftp-server.8 rm -f /usr/man/man1/slogin.1 rm -f /usr/man/man1/ssh-add.1 rm -f /usr/man/man1/ssh-keygen.1 rm -f /usr/man/man1/ssh-keyscan.1 rm -f /usr/man/man8/sshd.8 rm -f /usr/man/man1/ssh-agent.1 rm -f /usr/man/man1/ssh.1 find /etc/rc3.d -name "*ssh*" -exec rm -rf {} \; find /etc/init.d -name "*ssh*" -exec rm -rf {} \; echo "done..." } # subroutine to kill all sshd daemon running before installation kill_ssh() { if [ -x /etc/init.d/sshd ] then /etc/init.d/sshd stop fi id=`cat /etc/ssh/sshd.pid` echo "killing proces number $id" kill -9 $id } # main PATH=/usr/bin:/usr/bin:/bin:/usr/ucb clear machine=`/usr/bin/uname -n` os=`/usr/bin/uname -s` ver=`/usr/bin/uname -r` arch=`/usr/bin/uname -m` userid=`/usr/xpg4/bin/id -u` current_dir=`/usr/bin/pwd` if [ $userid != "0" ] then /bin/echo "You must be root, sorry..." exit 1 fi if [ $os != "SunOs" ] && [ $ver != "5.6" ] && [ $ver != "5.8" ] ; then echo "this script install openssh for Solaris 2.6 and 2.8 machines!" exit 1 fi if [ $arch != "sun4u" ] then echo "this script install openssh for Solaris 2.6, and 8 for sun4u machines !" exit 1 fi echo "Installing openssh version 3.7.p1 on machine $machine and os = $os" echo tarfile="openssh-$os-$ver-$arch.tar" if [ ! -f $tarfile ] then echo "the file $tarfile is missing in the current directory" exit 1 fi # copying tar file in /tmp echo "Copying tar file in /tmp" cp $tarfile /tmp echo "creating sshd priviledged user..." create_ssh_user echo "Killing ssh daemon running...." kill_ssh echo "Removing old version....." delete_old echo "Extracting OpenSSH distribution......"; cd / /usr/bin/tar xvf /tmp/$tarfile cd $current_dir /usr/bin/rm -f /tmp/$tarfile # install (if is not present the patch product to have /dev/urandom device.. install_random echo "Configuring openssh...." if [ -f "/etc/ssh/ssh_host_key" ] ; then echo "/etc/ssh/ssh_host_key already exists, skipping." ; else /usr/bin/ssh-keygen -b 1024 -t rsa1 -f /etc/ssh/ssh_host_key -N "" ; fi ; if [ -f /etc/ssh/ssh_host_dsa_key ] ; then echo "/etc/ssh/ssh_host_dsa_key already exists, skipping." ; else /usr/bin/ssh-keygen -b 1024 -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" ; fi ; if [ -f /etc/ssh/ssh_host_rsa_key ] ; then echo "/etc/ssh/ssh_host_rsa_key already exists, skipping." ; else /usr/bin/ssh-keygen -b 1024 -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" ; fi ; /etc/rc2.d/S99sshd start /bin/rm -f /tmp/ANDIrand-0.6-5.8-sparc-1.pkg echo done