Versions Compared

Old Version 9

changes.mady.by.user Andy Kurth

Saved on

compared with

New Version 10

changes.mady.by.user Andy Kurth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

No Format
if [ $# -ne 1 ]
then
  echo "Usage: $0 '<root password>'"
  exit 1
fi
PASSWORD=$1

echo Stopping sshd service if it is running
net stop sshd 2>/dev/null
echo ----------

echo Deleting sshd service if it already exists
$SYSTEMROOT/system32/sc.exe delete sshd
echo ----------

echo Deleting the sshd user if it already exists
net user sshd /DELETE
echo ----------

echo Deleting '/etc/ssh*'
rm -fv /etc/ssh*
echo ----------

echo Deleting /var/log/sshd.log if it exists
rm -fv /var/log/sshd.log
echo ----------

echo Setting root:Administrators as owner of '/etc' and '/var'
chown -R root:Administrators /etc /var
echo ----------

echo Adding ug+rwx permissions to '/etc' and '/var'
chmod -v ug+rwx /etc /var
echo ----------

echo Adding read permission on /etc/passwd and /etc/group
chmod -v +r /etc/passwd /etc/group
echo ----------

echo Adding ug+w permission on /etc/passwd and /etc/group
chmod -v ug+w /etc/passwd /etc/group
echo ----------

echo Recreating /etc/group
mkgroup -l > /etc/group
echo ----------

echo Recreating /etc/passwd
mkpasswd -l > /etc/passwd
echo ----------

echo Configuring mount points
umount -u /usr/bin 2>/dev/nul
mount -f -s -b C:/cygwin/bin /usr/bin
umount -u /usr/lib 2>/dev/nul
mount -f -s -b C:/cygwin/lib /usr/lib
umount -u / 2>/dev/nul
mount -f -s -b C:/cygwin /
echo ----------

echo Adding execute permission on /var
chmod -v +x /var
echo ----------

echo Running ssh-host-config
ssh-host-config -y
echo ----------

echo Creating /var/empty directory if it does not exist
mkdir /var/empty 2>/dev/NULL
echo ----------

echo Setting root:Administrators as owner of /var/empty
chown -Rv root:Administrators /var/empty
echo ----------

echo Setting permissions to 755 on /var/empty
chmod -Rv 755 /var/empty
echo ----------

echo Setting permissions to 775 on /var/log
chmod -Rv 775 /var/log
echo ----------

echo Creating /var/log/sshd.log file if it does not exist
touch /var/log/sshd.log
echo ----------

echo Setting root:Administrators as owner of '/etc/ssh*' and /var/log/sshd.log
chown -Rv root:Administrators /etc/ssh* /var/log/sshd.log
echo ----------

echo Setting permissions to ug+rw on '/etc/ssh*' and /var/log/sshd.log
chmod -Rv ug+rw /etc/ssh* /var/log/sshd.log
echo ----------

echo Setting permissions to 600 on '/etc/ssh*key'
chmod -v 600 /etc/ssh*key
echo ----------

echo Setting permissions to ug+rwx on /etc
chmod -v ug+rwx /etc
echo ----------

echo Configuring /etc/sshd_config
echo LogLevel VERBOSE
sed -i -r -e "s/.?(LogLevel).*/\1 VERBOSE/" /etc/sshd_config
echo PermitRootLogin yes
sed -i -r -e "s/.?(PermitRootLogin).*/\1 yes/" /etc/sshd_config
echo MaxAuthTries 15
sed -i -r -e "s/.?(MaxAuthTries).*/\1 15/" /etc/sshd_config
echo PasswordAuthentication yes
sed -i -r -e "s/.?(PasswordAuthentication).*/\1 yes/" /etc/sshd_config
echo Banner none
sed -i -r -e "s/.?(Banner).*/\1 none/" /etc/sshd_config
echo UsePrivilegeSeparation yes
sed -i -r -e "s/.?(UsePrivilegeSeparation).*/\1 yes/" /etc/sshd_config
echo StrictModes no
sed -i -r -e "s/.?(StrictModes).*/\1 no/" /etc/sshd_config
echo ----------

echo Configuring the sshd service to log to /var/log/sshd.log
reg.exe ADD "HKLM\SYSTEM\CurrentControlSet\Services\sshd\Parameters" /v AppArgs /d "-D -e" /t REG_SZ /f
echo ----------

echo Configuring the sshd service to use the root account: $PASSWORD
$SYSTEMROOT/system32/sc.exe config sshd obj= ".\root" password= "$PASSWORD"
echo ----------

echo Configuring firewall port 22 exception
netsh firewall set portopening name = "Cygwin SSHD" protocol = TCP port = 22 mode = ENABLE profile = ALL scope = ALL
echo ----------

echo Starting the sshd service
net start sshd
echo ----------

echo /var/log/sshd.log ending:
tail -n 10 /var/log/sshd.log
echo ----------

echo Done

 Shell script to create an SSH key pair on the management node:

No Format
if [ $# -ne 1 ]
then
   echo "Usage: $0 <node>"
   exit 1
fi
NODE=$1echo$1

echo Creating /home/root/.ssh directory on $NODE
ssh -o BatchMode=no $NODE 'mkdir /home/root/.ssh'
echo ----------

echo Creating SSH keys on management node: '/etc/vcl/vcl.key(.pub)'
ssh-keygen -t rsa -f /etc/vcl/vcl.key -N '' -b 1024 -C 'root on VCL management node'
echo ----------

echo Copying public key to authorized_keys on $NODE
scp -o BatchMode=no /etc/vcl/vcl.key.pub $NODE:/home/root/.ssh/authorized_keys
echo ----------

echo Setting PermitRootLogin to no in sshd_config on $NODE
ssh -i /etc/vcl/vcl.key root@$NODE 'sed -i -r -e "s/.?(PermitRootLogin).*/\1 no/" /etc/sshd_config'
ssh -i /etc/vcl/vcl.key root@$NODE 'grep PermitRootLogin /etc/sshd_config'
echo ----------

echo Setting PasswordAuthentication to no in sshd_config on $NODE
ssh -i /etc/vcl/vcl.key root@$NODE 'sed -i -r -e "s/.?(PasswordAuthentication).*/\1 no/" /etc/sshd_config'
ssh -i /etc/vcl/vcl.key root@$NODE 'grep PasswordAuthentication /etc/sshd_config'
echo ----------

echo Done