3 # ssh-host-config, Copyright 2000-2011 Red Hat Inc.
5 # This file is part of the Cygwin port of OpenSSH.
7 # Permission to use, copy, modify, and distribute this software for any
8 # purpose with or without fee is hereby granted, provided that the above
9 # copyright notice and this permission notice appear in all copies.
11 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
13 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
14 # IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
15 # DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
16 # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
17 # THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19 # ======================================================================
21 # ======================================================================
23 CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
25 # List of apps used. This is checkad for existance in csih_sanity_check
26 # Don't use *any* transient commands before sourcing the csih helper script,
27 # otherwise the sanity checks are short-circuited.
28 declare -a csih_required_commands=(
29 /usr/bin/basename coreutils
30 /usr/bin/cat coreutils
31 /usr/bin/chmod coreutils
32 /usr/bin/dirname coreutils
36 /usr/bin/cygpath cygwin
39 /usr/bin/setfacl cygwin
40 /usr/bin/umount cygwin
41 /usr/bin/cmp diffutils
44 /usr/bin/ssh-keygen openssh
45 /usr/sbin/sshd openssh
48 csih_sanity_check_server=yes
51 PROGNAME=$(/usr/bin/basename $0)
52 _tdir=$(/usr/bin/dirname $0)
53 PROGDIR=$(cd $_tdir && pwd)
55 # Subdirectory where the new package is being installed
58 # Directory where the config files are stored
70 # ======================================================================
71 # Routine: create_host_keys
72 # ======================================================================
76 if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
78 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
79 if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
81 csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
86 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
88 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
89 if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
91 csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
96 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
98 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
99 if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
101 csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
106 if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
108 csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
109 if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
111 csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
116 } # --- End of create_host_keys --- #
118 # ======================================================================
119 # Routine: update_services_file
120 # ======================================================================
121 update_services_file() {
122 local _my_etcdir="/ssh-host-config.$$"
130 _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
131 _services="${_my_etcdir}/services"
133 _serv_tmp="${_my_etcdir}/srv.out.$$"
135 /usr/bin/mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
137 # Depends on the above mount
138 _wservices=`cygpath -w "${_services}"`
140 # Remove sshd 22/port from services
141 if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
143 /usr/bin/grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
144 if [ -f "${_serv_tmp}" ]
146 if /usr/bin/mv "${_serv_tmp}" "${_services}"
148 csih_inform "Removing sshd from ${_wservices}"
150 csih_warning "Removing sshd from ${_wservices} failed!"
153 /usr/bin/rm -f "${_serv_tmp}"
155 csih_warning "Removing sshd from ${_wservices} failed!"
160 # Add ssh 22/tcp and ssh 22/udp to services
161 if [ `/usr/bin/grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
163 if /usr/bin/awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
165 if /usr/bin/mv "${_serv_tmp}" "${_services}"
167 csih_inform "Added ssh to ${_wservices}"
169 csih_warning "Adding ssh to ${_wservices} failed!"
172 /usr/bin/rm -f "${_serv_tmp}"
174 csih_warning "Adding ssh to ${_wservices} failed!"
178 /usr/bin/umount "${_my_etcdir}"
180 } # --- End of update_services_file --- #
182 # ======================================================================
183 # Routine: sshd_privsep
184 # MODIFIES: privsep_configured privsep_used
185 # ======================================================================
190 if [ "${privsep_configured}" != "yes" ]
192 csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3."
193 csih_inform "However, this requires a non-privileged account called 'sshd'."
194 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
195 if csih_request "Should privilege separation be used?"
198 if ! csih_create_unprivileged_user sshd
200 csih_error_recoverable "Couldn't create user 'sshd'!"
201 csih_error_recoverable "Privilege separation set to 'no' again!"
202 csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
211 # Create default sshd_config from skeleton files in /etc/defaults/etc or
212 # modify to add the missing privsep configuration option
213 if /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
215 csih_inform "Updating ${SYSCONFDIR}/sshd_config file"
216 sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$
217 /usr/bin/sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
218 s/^#Port 22/Port ${port_number}/
219 s/^#StrictModes yes/StrictModes no/" \
220 < ${SYSCONFDIR}/sshd_config \
221 > "${sshdconfig_tmp}"
222 if ! /usr/bin/mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
224 csih_warning "Setting privilege separation to 'yes' failed!"
225 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
228 elif [ "${privsep_configured}" != "yes" ]
230 echo >> ${SYSCONFDIR}/sshd_config
231 if ! echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
233 csih_warning "Setting privilege separation to 'yes' failed!"
234 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
239 } # --- End of sshd_privsep --- #
241 # ======================================================================
242 # Routine: update_inetd_conf
243 # ======================================================================
244 update_inetd_conf() {
245 local _inetcnf="${SYSCONFDIR}/inetd.conf"
246 local _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
247 local _inetcnf_dir="${SYSCONFDIR}/inetd.d"
248 local _sshd_inetd_conf="${_inetcnf_dir}/sshd-inetd"
249 local _sshd_inetd_conf_tmp="${_inetcnf_dir}/sshd-inetd.$$"
250 local _with_comment=1
253 if [ -d "${_inetcnf_dir}" ]
255 # we have inetutils-1.5 inetd.d support
256 if [ -f "${_inetcnf}" ]
258 /usr/bin/grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0
260 # check for sshd OR ssh in top-level inetd.conf file, and remove
261 # will be replaced by a file in inetd.d/
262 if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
264 /usr/bin/grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
265 if [ -f "${_inetcnf_tmp}" ]
267 if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
269 csih_inform "Removed ssh[d] from ${_inetcnf}"
271 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
274 /usr/bin/rm -f "${_inetcnf_tmp}"
276 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
282 csih_install_config "${_sshd_inetd_conf}" "${SYSCONFDIR}/defaults"
283 if /usr/bin/cmp "${SYSCONFDIR}/defaults${_sshd_inetd_conf}" "${_sshd_inetd_conf}" >/dev/null 2>&1
285 if [ "${_with_comment}" -eq 0 ]
287 /usr/bin/sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
289 /usr/bin/sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
291 if /usr/bin/mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
293 csih_inform "Updated ${_sshd_inetd_conf}"
295 csih_warning "Updating ${_sshd_inetd_conf} failed!"
300 elif [ -f "${_inetcnf}" ]
302 /usr/bin/grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0
304 # check for sshd in top-level inetd.conf file, and remove
305 # will be replaced by a file in inetd.d/
306 if [ `/usr/bin/grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
308 /usr/bin/grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
309 if [ -f "${_inetcnf_tmp}" ]
311 if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
313 csih_inform "Removed sshd from ${_inetcnf}"
315 csih_warning "Removing sshd from ${_inetcnf} failed!"
318 /usr/bin/rm -f "${_inetcnf_tmp}"
320 csih_warning "Removing sshd from ${_inetcnf} failed!"
325 # Add ssh line to inetd.conf
326 if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
328 if [ "${_with_comment}" -eq 0 ]
330 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
332 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
336 csih_inform "Added ssh to ${_inetcnf}"
338 csih_warning "Adding ssh to ${_inetcnf} failed!"
344 } # --- End of update_inetd_conf --- #
346 # ======================================================================
347 # Routine: check_service_files_ownership
348 # Checks that the files in /etc and /var belong to the right owner
349 # ======================================================================
350 check_service_files_ownership() {
351 local run_service_as=$1
354 if [ -z "${run_service_as}" ]
356 accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | /usr/bin/sed -ne 's/^Account *: *//gp')
357 if [ "${accnt_name}" = "LocalSystem" ]
359 # Convert "LocalSystem" to "SYSTEM" as is the correct account name
361 elif [[ "${accnt_name}" =~ ^\.\\ ]]
363 # Convert "." domain to local machine name
364 accnt_name="U-${COMPUTERNAME}${accnt_name#.},"
366 run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}')
367 if [ -z "${run_service_as}" ]
369 csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
370 csih_warning "As a result, this script cannot make sure that the files used"
371 csih_warning "by the sshd service belong to the user running the service."
372 csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
373 csih_warning "file is in a good shape."
377 for i in "${SYSCONFDIR}"/ssh_config "${SYSCONFDIR}"/sshd_config "${SYSCONFDIR}"/ssh_host_*key "${SYSCONFDIR}"/ssh_host_*key.pub
381 if ! chown "${run_service_as}".544 "$i" >/dev/null 2>&1
383 csih_warning "Couldn't change owner of $i!"
388 if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty >/dev/null 2>&1
390 csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/empty!"
393 if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
395 csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/lastlog!"
398 if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
400 if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log >/dev/null 2>&1
402 csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/sshd.log!"
408 csih_warning "Couldn't change owner of important files to ${run_service_as}!"
409 csih_warning "This may cause the sshd service to fail! Please make sure that"
410 csih_warning "you have suufficient permissions to change the ownership of files"
411 csih_warning "and try to run the ssh-host-config script again."
414 } # --- End of check_service_files_ownership --- #
416 # ======================================================================
417 # Routine: install_service
418 # Install sshd as a service
419 # ======================================================================
426 if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
428 csih_inform "Sshd service is already installed."
429 check_service_files_ownership "" || let ret+=$?
431 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
432 if csih_request "(Say \"no\" if it is already installed as a service)"
434 csih_get_cygenv "${cygwin_value}"
436 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
438 csih_inform "On Windows Server 2003, Windows Vista, and above, the"
439 csih_inform "SYSTEM account cannot setuid to other users -- a capability"
440 csih_inform "sshd requires. You need to have or to create a privileged"
441 csih_inform "account. This script will help you do so."
444 [ "${opt_force}" = "yes" ] && opt_f=-f
445 [ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
446 csih_select_privileged_username ${opt_f} ${opt_u} sshd
448 if ! csih_create_privileged_user "${password_value}"
450 csih_error_recoverable "There was a serious problem creating a privileged user."
451 csih_request "Do you want to proceed anyway?" || exit 1
456 # Never returns empty if NT or above
457 run_service_as=$(csih_service_should_run_as)
459 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
461 password="${csih_PRIVILEGED_PASSWORD}"
462 if [ -z "${password}" ]
464 csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
465 password="${csih_value}"
469 # At this point, we either have $run_service_as = "system" and
470 # $password is empty, or $run_service_as is some privileged user and
471 # (hopefully) $password contains the correct password. So, from here
472 # out, we use '-z "${password}"' to discriminate the two cases.
474 csih_check_user "${run_service_as}"
476 if [ -n "${csih_cygenv}" ]
478 cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
480 if [ -z "${password}" ]
482 if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
483 -a "-D" -y tcpip "${cygwin_env[@]}"
486 csih_inform "The sshd service has been installed under the LocalSystem"
487 csih_inform "account (also known as SYSTEM). To start the service now, call"
488 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
489 csih_inform "will start automatically after the next reboot."
492 if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
493 -a "-D" -y tcpip "${cygwin_env[@]}" \
494 -u "${run_service_as}" -w "${password}"
496 /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
498 csih_inform "The sshd service has been installed under the '${run_service_as}'"
499 csih_inform "account. To start the service now, call \`net start sshd' or"
500 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
501 csih_inform "after the next reboot."
505 if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
507 check_service_files_ownership "${run_service_as}" || let ret+=$?
509 csih_error_recoverable "Installing sshd as a service failed!"
512 fi # user allowed us to install as service
513 fi # service not yet installed
515 } # --- End of install_service --- #
517 # ======================================================================
519 # ======================================================================
521 # Check how the script has been started. If
522 # (1) it has been started by giving the full path and
523 # that path is /etc/postinstall, OR
524 # (2) Otherwise, if the environment variable
525 # SSH_HOST_CONFIG_AUTO_ANSWER_NO is set
526 # then set auto_answer to "no". This allows automatic
527 # creation of the config files in /etc w/o overwriting
528 # them if they already exist. In both cases, color
529 # escape sequences are suppressed, so as to prevent
530 # cluttering setup's logfiles.
531 if [ "$PROGDIR" = "/etc/postinstall" ]
533 csih_auto_answer="no"
537 if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
539 csih_auto_answer="no"
544 # ======================================================================
546 # ======================================================================
595 csih_FORCE_PRIVILEGED_USER=yes
599 echo "usage: ${progname} [OPTION]..."
601 echo "This script creates an OpenSSH host configuration."
604 echo " --debug -d Enable shell's debug output."
605 echo " --yes -y Answer all questions with \"yes\" automatically."
606 echo " --no -n Answer all questions with \"no\" automatically."
607 echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
608 echo " --port -p <n> sshd listens on port n."
609 echo " --user -u <account> privileged user for service, default 'cyg_server'."
610 echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
611 echo " --privileged On Windows XP, require privileged user"
612 echo " instead of LocalSystem for sshd service."
620 # ======================================================================
622 # ======================================================================
624 # Check for running ssh/sshd processes first. Refuse to do anything while
625 # some ssh processes are still running
626 if /usr/bin/ps -ef | /usr/bin/grep -q '/sshd\?$'
629 csih_error "There are still ssh processes running. Please shut them down first."
632 # Make sure the user is running in an administrative context
633 admin=$(/usr/bin/id -G | /usr/bin/grep -Eq '\<544\>' && echo yes || echo no)
634 if [ "${admin}" != "yes" ]
637 csih_warning "Running this script typically requires administrator privileges!"
638 csih_warning "However, it seems your account does not have these privileges."
639 csih_warning "Here's the list of groups in your user token:"
641 for i in $(/usr/bin/id -G)
643 /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group
646 csih_warning "This usually means you're running this script from a non-admin"
647 csih_warning "desktop session, or in a non-elevated shell under UAC control."
649 csih_warning "Make sure you have the appropriate privileges right now,"
650 csih_warning "otherwise parts of this script will probably fail!"
652 echo -e "${_csih_QUERY_STR} Are you sure you want to continue? (Say \"no\" if you're not sure"
653 if ! csih_request "you have the required privileges)"
656 csih_inform "Ok. Exiting. Make sure to switch to an administrative account"
657 csih_inform "or to start this script from an elevated shell."
666 # Check for ${SYSCONFDIR} directory
667 csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files."
668 if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1
670 csih_warning "Can't set permissions on ${SYSCONFDIR}!"
673 if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1
675 csih_warning "Can't set extended permissions on ${SYSCONFDIR}!"
679 # Check for /var/log directory
680 csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
681 if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1
683 csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!"
686 if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1
688 csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!"
692 # Create /var/log/lastlog if not already exists
693 if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
696 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
697 "Cannot create ssh host configuration."
699 if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
701 /usr/bin/cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
702 if ! /usr/bin/chmod 644 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
704 csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log/lastlog!"
709 # Create /var/empty file used as chroot jail for privilege separation
710 csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create ${LOCALSTATEDIR}/empty directory."
711 if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
713 csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!"
716 if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
718 csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
723 create_host_keys || let warning_cnt+=$?
726 csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
727 if /usr/bin/cmp "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/ssh_config" >/dev/null 2>&1
729 if [ "${port_number}" != "22" ]
731 csih_inform "Updating ${SYSCONFDIR}/ssh_config file with requested port"
732 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
733 echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
737 # handle sshd_config (and privsep)
738 csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
739 if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
741 /usr/bin/grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
743 sshd_privsep || let warning_cnt+=$?
745 update_services_file || let warning_cnt+=$?
746 update_inetd_conf || let warning_cnt+=$?
747 install_service || let warning_cnt+=$?
750 if [ $warning_cnt -eq 0 ]
752 csih_inform "Host configuration finished. Have fun!"
754 csih_warning "Host configuration exited with ${warning_cnt} errors or warnings!"
755 csih_warning "Make sure that all problems reported are fixed,"
756 csih_warning "then re-run ssh-host-config."