Domande? Problemi?

Iscriviti al Google group:

script setup-ssh-secondaria.sh

#!/bin/bash

#### Setup SSH multiple (testato su ubuntu 8.04.04)
#

[ -f /root/.cfg-multi-ssh-ready ] && echo "multi ssh gia' configurata" && exit 0

## Creazione configurazione

cat << 'EOF' > /etc/ssh/ssh_config-external
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

EOF


cat << 'EOF' > /etc/ssh/sshd_config-external
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 23
# Use these options to restrict which interfaces/protocols sshd will bind to
# ListenAddress ::
# ListenAddress 192.168.10.234
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
PidFile /var/run/sshd-external.pid

EOF

cat << 'EOF' > /etc/default/ssh-external
# Default settings for openssh-server. This file is sourced by /bin/sh from
# /etc/init.d/ssh.

# Options to pass to sshd
SSHD_OPTS="-f /etc/ssh/sshd_config-external -p 23"

# OOM-killer adjustment for sshd (see
# linux/Documentation/filesystems/proc.txt; lower values reduce likelihood
# of being killed, -17 = disable)
SSHD_OOM_ADJUST=-17

EOF


cat << 'EOF' > /etc/init.d/ssh-external
#! /bin/sh

### BEGIN INIT INFO
# Provides:         sshd
# Required-Start:   $network $local_fs $remote_fs
# Required-Stop:
# Default-Start:    2 3 4 5
# Default-Stop:             0 1 6
# Short-Description:        OpenBSD Secure Shell server
### END INIT INFO

set -e

# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon

test -x /usr/sbin/sshd-external || exit 0
( /usr/sbin/sshd-external -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0

SSHD_OOM_ADJUST=-17
if test -f /etc/default/ssh-external; then
    . /etc/default/ssh-external
fi

. /lib/lsb/init-functions

if [ -n "$2" ]; then
    SSHD_OPTS="$SSHD_OPTS $2"
fi

# Are we running from init?
run_by_init() {
    ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
}

check_for_no_start() {
    # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
    if [ -e /etc/ssh/sshd_not_to_be_run ]; then
    if [ "$1" = log_end_msg ]; then
        log_end_msg 0
    fi
    if ! run_by_init; then
        log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
    fi
    exit 0
    fi
}

check_dev_null() {
    if [ ! -c /dev/null ]; then
    if [ "$1" = log_end_msg ]; then
        log_end_msg 1 || true
    fi
    if ! run_by_init; then
        log_action_msg "/dev/null is not a character device!"
    fi
    exit 1
    fi
}

check_privsep_dir() {
    # Create the PrivSep empty dir if necessary
    if [ ! -d /var/run/sshd ]; then
    mkdir /var/run/sshd
    chmod 0755 /var/run/sshd
    fi
}

check_config() {
    if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
    /usr/sbin/sshd-external -t || exit 1
    fi
}

adjust_oom() {
    if [ -e /var/run/sshd-external.pid ]; then
    PID="$(head -n1 /var/run/sshd-external.pid)"
    if [ -e "/proc/$PID/oom_adj" ]; then
        printf '%s' "$SSHD_OOM_ADJUST" >"/proc/$PID/oom_adj" || true
    fi
    fi
}

export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"

case "$1" in
  start)
    check_privsep_dir
    check_for_no_start
    check_dev_null
    log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd-external"
    if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
        log_end_msg 0
        adjust_oom
    else
        log_end_msg 1
    fi
    ;;
  stop)
    log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd-external"
    if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd-external.pid; then
        log_end_msg 0
    else
        log_end_msg 1
    fi
    ;;

  reload|force-reload)
    check_for_no_start
    check_config
    log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd-external"
    if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external; then
        log_end_msg 0
    else
        log_end_msg 1
    fi
    ;;

  restart)
    check_privsep_dir
    check_config
    log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd-external"
    start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd-external.pid
    check_for_no_start log_end_msg
    check_dev_null log_end_msg
    if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
        log_end_msg 0
        adjust_oom
    else
        log_end_msg 1
    fi
    ;;

  try-restart)
    check_privsep_dir
    check_config
    log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd-external"
    set +e
    start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd-external.pid
    RET="$?"
    set -e
    case $RET in
        0)
            # old daemon stopped
            check_for_no_start log_end_msg
            check_dev_null log_end_msg
            if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd-external.pid --exec /usr/sbin/sshd-external -- $SSHD_OPTS; then
                log_end_msg 0
            else
                log_end_msg 1
            fi
            ;;
        1)
            # daemon not running
            log_progress_msg "(not running)"
            log_end_msg 0
            ;;
        *)
            # failed to stop
            log_progress_msg "(failed to stop)"
            log_end_msg 1
            ;;
    esac
    ;;

  *)
    log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart}"
    exit 1
esac

exit 0

EOF

chmod 755 /etc/init.d/ssh-external

## creo link a binario principale ssh
rm -f /usr/sbin/sshd-external 2>/dev/null ; ln -s /usr/sbin/sshd /usr/sbin/sshd-external

# ricreo link nei runlevel
update-rc.d -f ssh-external remove &>/dev/null; update-rc.d ssh-external defaults
/etc/init.d/ssh restart ; /etc/init.d/ssh-external restart

touch /root/.cfg-multi-ssh-ready