Intranet Scolastiche Integrate
script setup-ssh-secondaria.sh¶
#!/bin/bash
#### Setup SSH multiple (testato su ubuntu 8.04.04)
#
[ -f /root/.cfg-multi-ssh-ready ] && echo "multi ssh gia' configurata" && exit 0
## Creazione configurazione
cat << 'EOF' > /etc/ssh/ssh_config-external
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
EOF
cat << 'EOF' > /etc/ssh/sshd_config-external
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 23
# Use these options to restrict which interfaces/protocols sshd will bind to
# ListenAddress ::
# ListenAddress 192.168.10.234
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
PidFile /var/run/sshd-external.pid
EOF
cat << 'EOF' > /etc/default/ssh-external
# Default settings for openssh-server. This file is sourced by /bin/sh from
# /etc/init.d/ssh.
# Options to pass to sshd
SSHD_OPTS="-f /etc/ssh/sshd_config-external -p 23"
# OOM-killer adjustment for sshd (see
# linux/Documentation/filesystems/proc.txt; lower values reduce likelihood
# of being killed, -17 = disable)
SSHD_OOM_ADJUST=-17
EOF
cat << 'EOF' > /etc/init.d/ssh-external
#! /bin/sh
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $network $local_fs $remote_fs
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: OpenBSD Secure Shell server
### END INIT INFO
set -e
# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
test -x /usr/sbin/sshd-external || exit 0
( /usr/sbin/sshd-external -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
SSHD_OOM_ADJUST=-17
if test -f /etc/default/ssh-external; then
. /etc/default/ssh-external
fi
. /lib/lsb/init-functions
if [ -n "$2" ]; then
SSHD_OPTS="$SSHD_OPTS $2"
fi
# Are we running from init?
run_by_init() {
([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
}
check_for_no_start() {
# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
if [ -e /etc/ssh/sshd_not_to_be_run ]; then
if [ "$1" = log_end_msg ]; then
log_end_msg 0
fi
if ! run_by_init; then
log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
fi
exit 0
fi
}
check_dev_null() {
if [ ! -c /dev/null ]; then
if [ "$1" = log_end_msg ]; then
log_end_msg 1 || true
fi
if ! run_by_init; then
log_action_msg "/dev/null is not a character device!"
fi
exit 1
fi
}
check_privsep_dir() {
# Create the PrivSep empty dir if necessary
if [ ! -d /var/run/sshd ]; then
mkdir /var/run/sshd
chmod 0755 /var/run/sshd
fi
}
check_config() {
if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
/usr/sbin/sshd-external -t || exit 1
fi
}
adjust_oom() {
if [ -e /var/run/sshd-external.pid ]; then
PID="$(head -n1 /var/run/sshd-external.pid)"
if [ -e "/proc/$PID/oom_adj" ]; then
printf '%s' "$SSHD_OOM_ADJUST" >"/proc/$PID/oom_adj" || true
fi
fi
}
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in
start)
check_privsep_dir
check_for_no_start
check_dev_null
log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd-external"
if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
log_end_msg 0
adjust_oom
else
log_end_msg 1
fi
;;
stop)
log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd-external"
if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd-external.pid; then
log_end_msg 0
else
log_end_msg 1
fi
;;
reload|force-reload)
check_for_no_start
check_config
log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd-external"
if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external; then
log_end_msg 0
else
log_end_msg 1
fi
;;
restart)
check_privsep_dir
check_config
log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd-external"
start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd-external.pid
check_for_no_start log_end_msg
check_dev_null log_end_msg
if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
log_end_msg 0
adjust_oom
else
log_end_msg 1
fi
;;
try-restart)
check_privsep_dir
check_config
log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd-external"
set +e
start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd-external.pid
RET="$?"
set -e
case $RET in
0)
# old daemon stopped
check_for_no_start log_end_msg
check_dev_null log_end_msg
if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
1)
# daemon not running
log_progress_msg "(not running)"
log_end_msg 0
;;
*)
# failed to stop
log_progress_msg "(failed to stop)"
log_end_msg 1
;;
esac
;;
*)
log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart}"
exit 1
esac
exit 0
EOF
chmod 755 /etc/init.d/ssh-external
## creo link a binario principale ssh
rm -f /usr/sbin/sshd-external 2>/dev/null ; ln -s /usr/sbin/sshd /usr/sbin/sshd-external
# ricreo link nei runlevel
update-rc.d -f ssh-external remove &>/dev/null; update-rc.d ssh-external defaults
/etc/init.d/ssh restart ; /etc/init.d/ssh-external restart
touch /root/.cfg-multi-ssh-ready