#!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #(C)IBM Corp # # if on the Management Node, exit if [ -e /etc/xCATMN ]; then logger -t xcat -p local4.info "remoteshell:Running on the Management Node , exiting " exit 0 fi # if -p input, do special PCM setup if [ -n "$1" ]; then if [ $1 = "-p" ]; then SETUPFORPCM=1 fi fi # Linux or if AIX call aixremoteshell -d if [ "$(uname -s)" = "AIX" ]; then ./aixremoteshell -d 2>&1 logger -t xcat -p local4.info "Install: On AIX , remoteshell calling aixremoteshell -d " exit 0 fi if [ -r /etc/ssh/sshd_config ] then logger -t xcat -p local4.info "Install: setup /etc/ssh/sshd_config" cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG sed -i 's/^X11Forwarding .*$/X11Forwarding yes/' /etc/ssh/sshd_config sed -i 's/^KeyRegenerationInterval .*$/KeyRegenerationInterval 0/' /etc/ssh/sshd_config sed -i 's/\(.*MaxStartups.*\)/#\1/' /etc/ssh/sshd_config echo "MaxStartups 1024" >>/etc/ssh/sshd_config if [ "$SETUPFORPCM" = "1" ];then echo "PasswordAuthentication yes" >>/etc/ssh/sshd_config fi fi if [ -r /etc/ssh/sshd_config ] then echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config fi if [ -d /xcatpost/_ssh ] then logger -p local4.info -t xcat "Install: setup root .ssh" cd /xcatpost/_ssh mkdir -p /root/.ssh cp -f * /root/.ssh cd - >/dev/null chmod 700 /root/.ssh chmod 600 /root/.ssh/* fi #if [ -d /xcatpost/hostkeys ] #then # logger -t xcat "Install: using server provided host key for convenience." # cp /xcatpost/hostkeys/*_key /etc/ssh/ #fi if [ ! -x /usr/bin/openssl ]; then logger -t xcat -p local4.err "Install: /usr/bin/openssl is not executable." exit 0 fi allowcred.awk & CREDPID=$! sleep 1 if [ "$(uname -s)" = "AIX" ]; then AIX=1 export AIX logger -t xcat -p local4.info "remoteshell setting up AIX" fi getcredentials.awk ssh_dsa_hostkey | grep -E -v '|' | sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_dsa_hostkey #check the message is an error or not grep -E '' /tmp/ssh_dsa_hostkey if [ $? -ne 0 ]; then #the message received is the data cat /tmp/ssh_dsa_hostkey | grep -E -v '||' >/etc/ssh/ssh_host_dsa_key logger -t xCAT -p local4.info ssh_dsa_hostkey MYCONT=`cat /etc/ssh/ssh_host_dsa_key` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 sleep $SLI getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_dsa_key MYCONT=`cat /etc/ssh/ssh_host_dsa_key` done chmod 600 /etc/ssh/ssh_host_dsa_key if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then rm /etc/ssh/ssh_host_dsa_key else ssh-keygen -y -f /etc/ssh/ssh_host_dsa_key > /etc/ssh/ssh_host_dsa_key.pub chmod 644 /etc/ssh/ssh_host_dsa_key.pub chown root /etc/ssh/ssh_host_dsa_key.pub fi else #the message received is an error, so parse it ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_dsa_hostkey` logger -t xCAT -p local4.err Error: $ERR_MSG fi rm /tmp/ssh_dsa_hostkey getcredentials.awk ssh_rsa_hostkey | grep -E -v '|' | sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_rsa_hostkey #check whether the message is an error or not grep -E '' /tmp/ssh_rsa_hostkey if [ $? -ne 0 ]; then #the message received is the data we request cat /tmp/ssh_rsa_hostkey | grep -E -v '||' >/etc/ssh/ssh_host_rsa_key logger -t xCAT -p local4.info ssh_rsa_hostkey MYCONT=`cat /etc/ssh/ssh_host_rsa_key` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 sleep $SLI getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_rsa_key MYCONT=`cat /etc/ssh/ssh_host_rsa_key` done chmod 600 /etc/ssh/ssh_host_rsa_key if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then rm /etc/ssh/ssh_host_rsa_key else ssh-keygen -y -f /etc/ssh/ssh_host_rsa_key > /etc/ssh/ssh_host_rsa_key.pub chmod 644 /etc/ssh/ssh_host_rsa_key.pub chown root /etc/ssh/ssh_host_rsa_key.pub fi else #This is an error message ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_rsa_hostkey` logger -t xCAT -p local4.err Error: $ERR_MSG fi rm /tmp/ssh_rsa_hostkey if [[ $NTYPE = service ]]; then mkdir -p /etc/xcat/hostkeys cp /etc/ssh/ssh* /etc/xcat/hostkeys/. fi umask 0077 mkdir -p /root/.ssh/ sleep 1 if [ $ENABLESSHBETWEENNODES = "YES" ]; then getcredentials.awk ssh_root_key | grep -E -v '|'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_root_key #check whether the message is an error or not grep -E '' /tmp/ssh_root_key if [ $? -ne 0 ]; then #The message contains the data we request cat /tmp/ssh_root_key | grep -E -v '||' > /root/.ssh/id_rsa logger -t xCAT -p local4.info ssh_root_key MYCONT=`cat /root/.ssh/id_rsa` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 sleep $SLI getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa MYCONT=`cat /root/.ssh/id_rsa` done else #This is an error message ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_root_key` logger -t xCAT -p local4.err ssh_root_key Error: $ERR_MSG fi rm /tmp/ssh_root_key if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then rm /root/.ssh/id_rsa fi if [ -r /root/.ssh/id_rsa ]; then ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub fi fi # start up the sshd for syncfiles postscript to do the sync work logger -t xCAT -p local4.info "start up sshd" if [[ $OSVER == ubuntu* || $OSVER == debian* ]] then if [ ! -d /var/run/sshd ] then mkdir /var/run/sshd chmod 0755 /var/run/sshd /usr/sbin/sshd -f /etc/ssh/sshd_config else service ssh restart fi else service sshd start fi kill -9 $CREDPID