THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
No Format |
---|
if [ $# -ne 1 ]
then
echo "Usage: $0 '<root password>'"
exit 1
fi
PASSWORD=$1
echo Stopping sshd service if it is running
net stop sshd 2>/dev/null
echo ----------
echo Deleting sshd service if it already exists
$SYSTEMROOT/system32/sc.exe delete sshd
echo ----------
echo Deleting the sshd user if it already exists
net user sshd /DELETE
echo ----------
echo Deleting '/etc/ssh*'
rm -fv /etc/ssh*
echo ----------
echo Deleting /var/log/sshd.log if it exists
rm -fv /var/log/sshd.log
echo ----------
echo Setting root:Administrators as owner of '/etc' and '/var'
chown -R root:Administrators /etc /var
echo ----------
echo Adding ug+rwx permissions to '/etc' and '/var'
chmod -v ug+rwx /etc /var
echo ----------
echo Adding read permission on /etc/passwd and /etc/group
chmod -v +r /etc/passwd /etc/group
echo ----------
echo Adding ug+w permission on /etc/passwd and /etc/group
chmod -v ug+w /etc/passwd /etc/group
echo ----------
echo Recreating /etc/group
mkgroup -l > /etc/group
echo ----------
echo Recreating /etc/passwd
mkpasswd -l > /etc/passwd
echo ----------
echo Configuring mount points
umount -u /usr/bin 2>/dev/nul
mount -f -s -b C:/cygwin/bin /usr/bin
umount -u /usr/lib 2>/dev/nul
mount -f -s -b C:/cygwin/lib /usr/lib
umount -u / 2>/dev/nul
mount -f -s -b C:/cygwin /
echo ----------
echo Adding execute permission on /var
chmod -v +x /var
echo ----------
echo Running ssh-host-config
ssh-host-config -y
echo ----------
echo Creating /var/empty directory if it does not exist
mkdir /var/empty 2>/dev/NULL
echo ----------
echo Setting root:Administrators as owner of /var/empty
chown -Rv root:Administrators /var/empty
echo ----------
echo Setting permissions to 755 on /var/empty
chmod -Rv 755 /var/empty
echo ----------
echo Setting permissions to 775 on /var/log
chmod -Rv 775 /var/log
echo ----------
echo Creating /var/log/sshd.log file if it does not exist
touch /var/log/sshd.log
echo ----------
echo Setting root:Administrators as owner of '/etc/ssh*' and /var/log/sshd.log
chown -Rv root:Administrators /etc/ssh* /var/log/sshd.log
echo ----------
echo Setting permissions to ug+rw on '/etc/ssh*' and /var/log/sshd.log
chmod -Rv ug+rw /etc/ssh* /var/log/sshd.log
echo ----------
echo Setting permissions to 600 on '/etc/ssh*key'
chmod -v 600 /etc/ssh*key
echo ----------
echo Setting permissions to ug+rwx on /etc
chmod -v ug+rwx /etc
echo ----------
echo Configuring /etc/sshd_config
echo LogLevel VERBOSE
sed -i -r -e "s/.?(LogLevel).*/\1 VERBOSE/" /etc/sshd_config
echo PermitRootLogin yes
sed -i -r -e "s/.?(PermitRootLogin).*/\1 yes/" /etc/sshd_config
echo MaxAuthTries 15
sed -i -r -e "s/.?(MaxAuthTries).*/\1 15/" /etc/sshd_config
echo PasswordAuthentication yes
sed -i -r -e "s/.?(PasswordAuthentication).*/\1 yes/" /etc/sshd_config
echo Banner none
sed -i -r -e "s/.?(Banner).*/\1 none/" /etc/sshd_config
echo UsePrivilegeSeparation yes
sed -i -r -e "s/.?(UsePrivilegeSeparation).*/\1 yes/" /etc/sshd_config
echo StrictModes no
sed -i -r -e "s/.?(StrictModes).*/\1 no/" /etc/sshd_config
echo ----------
echo Configuring the sshd service to log to /var/log/sshd.log
reg.exe ADD "HKLM\SYSTEM\CurrentControlSet\Services\sshd\Parameters" /v AppArgs /d "-D -e" /t REG_SZ /f
echo ----------
echo Configuring the sshd service to use the root account: $PASSWORD
$SYSTEMROOT/system32/sc.exe config sshd obj= ".\root" password= "$PASSWORD"
echo ----------
echo Configuring firewall port 22 exception
netsh firewall set portopening name = "Cygwin SSHD" protocol = TCP port = 22 mode = ENABLE profile = ALL scope = ALL
echo ----------
echo Starting the sshd service
net start sshd
echo ----------
echo /var/log/sshd.log ending:
tail -n 10 /var/log/sshd.log
echo ----------
echo Done
|
Shell script to create an SSH key pair on the management node:
No Format |
---|
if [ $# -ne 1 ] then echo "Usage: $0 <node>" exit 1 fi NODE=$1echo$1 echo Creating /home/root/.ssh directory on $NODE ssh -o BatchMode=no $NODE 'mkdir /home/root/.ssh' echo ---------- echo Creating SSH keys on management node: '/etc/vcl/vcl.key(.pub)' ssh-keygen -t rsa -f /etc/vcl/vcl.key -N '' -b 1024 -C 'root on VCL management node' echo ---------- echo Copying public key to authorized_keys on $NODE scp -o BatchMode=no /etc/vcl/vcl.key.pub $NODE:/home/root/.ssh/authorized_keys echo ---------- echo Setting PermitRootLogin to no in sshd_config on $NODE ssh -i /etc/vcl/vcl.key root@$NODE 'sed -i -r -e "s/.?(PermitRootLogin).*/\1 no/" /etc/sshd_config' ssh -i /etc/vcl/vcl.key root@$NODE 'grep PermitRootLogin /etc/sshd_config' echo ---------- echo Setting PasswordAuthentication to no in sshd_config on $NODE ssh -i /etc/vcl/vcl.key root@$NODE 'sed -i -r -e "s/.?(PasswordAuthentication).*/\1 no/" /etc/sshd_config' ssh -i /etc/vcl/vcl.key root@$NODE 'grep PasswordAuthentication /etc/sshd_config' echo ---------- echo Done |