#!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #egan@us.ibm.com #(C)IBM Corp # if [ -r /etc/ssh/sshd_config ] then logger -t xcat "Install: setup /etc/ssh/sshd_config" cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG perl -pi -e 's/^X11Forwarding .*$/X11Forwarding yes/' /etc/ssh/sshd_config perl -pi -e 's/^KeyRegenerationInterval .*$/KeyRegenerationInterval 0/' /etc/ssh/sshd_config perl -pi -e 's/(.*MaxStartups.*)/#\1/' /etc/ssh/sshd_config echo "MaxStartups 1024" >>/etc/ssh/sshd_config echo "PasswordAuthentication no" >>/etc/ssh/sshd_config fi if [ -r /etc/ssh/sshd_config ] then echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config fi if [ -d /xcatpost/.ssh ] then logger -t xcat "Install: setup root .ssh" cd /xcatpost/.ssh mkdir -p /root/.ssh cp -f * /root/.ssh cd - chmod 700 /root/.ssh chmod 600 /root/.ssh/* fi if [ -d /xcatpost/hostkeys ] then logger -t xcat "Install: using server provided host key for convenience." cp /xcatpost/hostkeys/*_key /etc/ssh/ fi if [ ! -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit exit 0 fi echo client=yes > /etc/stunnel/stunnel.conf echo foreground=yes >> /etc/stunnel/stunnel.conf echo output=/dev/null >> /etc/stunnel/stunnel.conf echo verify=0 >> /etc/stunnel/stunnel.conf echo '[xcatd]' >> /etc/stunnel/stunnel.conf echo accept=400 >> /etc/stunnel/stunnel.conf echo connect=$MASTER:3001 >> /etc/stunnel/stunnel.conf stunnel & STUN_PID=$! sleep 1 umask 0077 mkdir -p /root/.ssh/ allowcred.awk & sleep 1 getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then rm /root/.ssh/id_rsa fi kill $STUN_PID