2008-02-05 01:16:40 +00:00
|
|
|
#!/bin/sh
|
2007-10-26 22:44:33 +00:00
|
|
|
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
|
|
|
|
|
#egan@us.ibm.com
|
|
|
|
|
#(C)IBM Corp
|
|
|
|
|
#
|
2009-02-11 13:30:21 +00:00
|
|
|
# For Linux only
|
2007-10-26 22:44:33 +00:00
|
|
|
|
2008-02-05 01:16:40 +00:00
|
|
|
if [ -r /etc/ssh/sshd_config ]
|
|
|
|
|
then
|
|
|
|
|
logger -t xcat "Install: setup /etc/ssh/sshd_config"
|
|
|
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
|
2008-05-07 19:11:13 +00:00
|
|
|
sed -i 's/^X11Forwarding .*$/X11Forwarding yes/' /etc/ssh/sshd_config
|
|
|
|
|
sed -i 's/^KeyRegenerationInterval .*$/KeyRegenerationInterval 0/' /etc/ssh/sshd_config
|
|
|
|
|
sed -i 's/\(.*MaxStartups.*\)/#\1/' /etc/ssh/sshd_config
|
2008-02-05 01:16:40 +00:00
|
|
|
echo "MaxStartups 1024" >>/etc/ssh/sshd_config
|
2009-04-30 14:54:59 +00:00
|
|
|
#echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
|
2008-02-05 01:16:40 +00:00
|
|
|
fi
|
2007-10-26 22:44:33 +00:00
|
|
|
|
2008-04-16 20:30:54 +00:00
|
|
|
if [ -r /etc/ssh/sshd_config ]
|
|
|
|
|
then
|
|
|
|
|
echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config
|
|
|
|
|
fi
|
|
|
|
|
|
2008-04-30 20:54:57 +00:00
|
|
|
if [ -d /xcatpost/_ssh ]
|
2008-02-05 01:16:40 +00:00
|
|
|
then
|
|
|
|
|
logger -t xcat "Install: setup root .ssh"
|
2008-04-30 20:54:57 +00:00
|
|
|
cd /xcatpost/_ssh
|
2008-02-05 01:16:40 +00:00
|
|
|
mkdir -p /root/.ssh
|
|
|
|
|
cp -f * /root/.ssh
|
2008-05-07 17:14:46 +00:00
|
|
|
cd - >/dev/null
|
2008-02-05 01:16:40 +00:00
|
|
|
chmod 700 /root/.ssh
|
|
|
|
|
chmod 600 /root/.ssh/*
|
|
|
|
|
fi
|
2008-04-30 20:54:57 +00:00
|
|
|
|
2008-05-05 20:04:06 +00:00
|
|
|
#if [ -d /xcatpost/hostkeys ]
|
|
|
|
|
#then
|
|
|
|
|
# logger -t xcat "Install: using server provided host key for convenience."
|
|
|
|
|
# cp /xcatpost/hostkeys/*_key /etc/ssh/
|
|
|
|
|
#fi
|
2008-05-14 20:16:32 +00:00
|
|
|
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
2009-04-08 14:44:16 +00:00
|
|
|
if [ -x /usr/bin/openssl ]; then
|
|
|
|
|
USEOPENSSLFORXCAT=1
|
|
|
|
|
export USEOPENSSLFORXCAT
|
|
|
|
|
else
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
2008-05-01 14:45:30 +00:00
|
|
|
fi
|
|
|
|
|
allowcred.awk &
|
|
|
|
|
CREDPID=$!
|
|
|
|
|
sleep 1
|
2007-10-26 22:44:33 +00:00
|
|
|
|
2009-05-11 02:39:34 +00:00
|
|
|
function cred_handler() {
|
|
|
|
|
getcredentials.awk $1 | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/$1
|
|
|
|
|
grep -E '<error>' /tmp/$1
|
|
|
|
|
if [ $? ]; then
|
|
|
|
|
cat /tmp/$1 | grep -E -v '</{0,1}data>|</{0,1}content>|</{0,1}desc>' >/etc/ssh/$1
|
|
|
|
|
chmod 600 /etc/ssh/$1
|
|
|
|
|
if ! grep "PRIVATE KEY" /etc/ssh/$1 > /dev/null 2>&1 ; then
|
|
|
|
|
logger -t xCAT $1 is PRIVATE KEY
|
|
|
|
|
rm /etc/ssh/$1
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
logger -t xCAT $1
|
|
|
|
|
rm /tmp/$1
|
|
|
|
|
else
|
|
|
|
|
ERR_MSG = `send -n 's%.*<error>\(.*\)</error>.*%\1%p' /tmp/$1`
|
|
|
|
|
logger -t xCAT $1 Error: $ERR_MSG
|
|
|
|
|
rm /tm/$1
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
MYCONT=`cat /etc/ssh/$1`
|
|
|
|
|
while [ -z "$MYCONT" ]; do
|
|
|
|
|
let SLI=$RANDOM%10
|
|
|
|
|
let SLI=SLI+10
|
|
|
|
|
sleep $SLI
|
|
|
|
|
getcredentials.awk $1 | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/$1
|
|
|
|
|
grep -E '<error>' /tmp/$1
|
|
|
|
|
if [ $? ]; then
|
|
|
|
|
cat /tmp/$1 | grep -E -v '</{0,1}data>|</{0,1}content>|</{0,1}desc>' >/etc/ssh/$1
|
|
|
|
|
chmod 600 /etc/ssh/$1
|
|
|
|
|
if ! grep "PRIVATE KEY" /etc/ssh/$1 > /dev/null 2>&1 ; then
|
|
|
|
|
logger -t xCAT $1 is PRIVATE KEY
|
|
|
|
|
rm /etc/ssh/$1
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
logger -t xCAT $1
|
|
|
|
|
rm /tmp/$1
|
|
|
|
|
else
|
|
|
|
|
ERR_MSG = `send -n 's%.*<error>\(.*\)</error>.*%\1%p' /tmp/$1`
|
|
|
|
|
logger -t xCAT $1 Error: $ERR_MSG
|
|
|
|
|
rm /tm/$1
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
MYCONT=`cat /etc/ssh/$1`
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
cred_handler ssh_dsa_hostkey
|
|
|
|
|
cred_handler ssh_rsa_hostkey
|
2008-02-05 01:16:40 +00:00
|
|
|
|
2009-02-12 13:46:13 +00:00
|
|
|
if [ -r /etc/xCATSN ] ; then
|
|
|
|
|
mkdir /etc/xcat/hostkeys
|
|
|
|
|
cp /etc/ssh/ssh* /etc/xcat/hostkeys/.
|
|
|
|
|
|
|
|
|
|
fi
|
2008-04-16 21:08:57 +00:00
|
|
|
|
2007-10-26 22:44:33 +00:00
|
|
|
|
2008-04-16 21:08:57 +00:00
|
|
|
umask 0077
|
|
|
|
|
|
|
|
|
|
mkdir -p /root/.ssh/
|
2008-04-29 13:57:57 +00:00
|
|
|
sleep 1
|
2008-04-16 21:08:57 +00:00
|
|
|
getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa
|
2008-05-13 23:33:16 +00:00
|
|
|
MYCONT=`cat /root/.ssh/id_rsa`
|
|
|
|
|
while [ -z "$MYCONT" ]; do
|
|
|
|
|
let SLI=$RANDOM%10
|
|
|
|
|
let SLI=SLI+10
|
|
|
|
|
sleep $SLI
|
|
|
|
|
getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa
|
|
|
|
|
MYCONT=`cat /root/.ssh/id_rsa`
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
2008-04-16 21:08:57 +00:00
|
|
|
if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then
|
|
|
|
|
rm /root/.ssh/id_rsa
|
|
|
|
|
fi
|
2008-05-05 14:39:07 +00:00
|
|
|
if [ -r /root/.ssh/id_rsa ]; then
|
|
|
|
|
ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub
|
|
|
|
|
fi
|
2008-05-01 14:45:30 +00:00
|
|
|
kill -9 $CREDPID
|
