#!/bin/sh
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
#egan@us.ibm.com
#(C)IBM Corp
#
# For Linux only
if [ -r /etc/ssh/sshd_config ]
then
logger -t xcat "Install: setup /etc/ssh/sshd_config"
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
sed -i 's/^X11Forwarding .*$/X11Forwarding yes/' /etc/ssh/sshd_config
sed -i 's/^KeyRegenerationInterval .*$/KeyRegenerationInterval 0/' /etc/ssh/sshd_config
sed -i 's/\(.*MaxStartups.*\)/#\1/' /etc/ssh/sshd_config
echo "MaxStartups 1024" >>/etc/ssh/sshd_config
#echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
fi
if [ -r /etc/ssh/sshd_config ]
then
echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config
fi
if [ -d /xcatpost/_ssh ]
then
logger -t xcat "Install: setup root .ssh"
cd /xcatpost/_ssh
mkdir -p /root/.ssh
cp -f * /root/.ssh
cd - >/dev/null
chmod 700 /root/.ssh
chmod 600 /root/.ssh/*
fi
#if [ -d /xcatpost/hostkeys ]
#then
# logger -t xcat "Install: using server provided host key for convenience."
# cp /xcatpost/hostkeys/*_key /etc/ssh/
#fi
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
fi
allowcred.awk &
CREDPID=$!
sleep 1
getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_dsa_key
MYCONT=`cat /etc/ssh/ssh_host_dsa_key`
while [ -z "$MYCONT" ]; do
let SLI=$RANDOM%10
let SLI=SLI+10
sleep $SLI
getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_dsa_key
MYCONT=`cat /etc/ssh/ssh_host_dsa_key`
done
chmod 600 /etc/ssh/ssh_host_dsa_key
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then
rm /etc/ssh/ssh_host_dsa_key
fi
getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_rsa_key
MYCONT=`cat /etc/ssh/ssh_host_rsa_key`
while [ -z "$MYCONT" ]; do
let SLI=$RANDOM%10
let SLI=SLI+10
sleep $SLI
getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_rsa_key
MYCONT=`cat /etc/ssh/ssh_host_rsa_key`
done
chmod 600 /etc/ssh/ssh_host_rsa_key
if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then
rm /etc/ssh/ssh_host_rsa_key
fi
if [ -r /etc/xCATSN ] ; then
mkdir /etc/xcat/hostkeys
cp /etc/ssh/ssh* /etc/xcat/hostkeys/.
fi
umask 0077
mkdir -p /root/.ssh/
sleep 1
getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa
MYCONT=`cat /root/.ssh/id_rsa`
while [ -z "$MYCONT" ]; do
let SLI=$RANDOM%10
let SLI=SLI+10
sleep $SLI
getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/</</' -e 's/>/>/' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa
MYCONT=`cat /root/.ssh/id_rsa`
done
if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then
rm /root/.ssh/id_rsa
fi
if [ -r /root/.ssh/id_rsa ]; then
ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub
fi
kill -9 $CREDPID