#!/usr/bin/ksh # # installs sshd and necessary packages # script located at http://www.prtdiag.net/scripts/install_ssd.ksh # mail@blesgen.de # echo "\n----------------------------------------------" echo "\ninstall sshd on a solaris-box (version 8 or 9)" echo "\n...looking for necessary packages\n" ### check installed packages and patches set -A check openssh openssl tcp_wrappers zlib libgcc prngd egd i=0 while [ ${check[i]} ]; do if [ x"`pkginfo |grep "^app" | grep "${check[i]}"`" != x ] ; then echo "${check[i]}...\talready installed" else echo "${check[i]}...\tnot installed" fi let "i=$i+1" done if [[ `uname -r` = "5.8" && x"`showrev -p |grep 112438`" != x ]] ; then echo "random patch...\talready installed" else echo "random patch (112438)...\tnot installed (solaris 8 only)" fi echo "\nplease download not installed packages or patches and place them in the same directory where this script locates:\n" ### start the script? while [[ ! $answer == [yYnN] ]] ; do read answer?"start the script? [y|n]" done case $answer in [yY]) continue ;; [nN]) exit 1 ;; esac ### unzip packages if [ -f *gz ] ; then gzip -d *sparc-local.gz continue else if [ ! -f *sparc-local ] ; then echo "\n!!! no packages found in current directory.\n" exit 1 fi fi ### install packages set -A install `ls -1 |egrep '(openssh|openssl|tcp_wrappers|zlib|libgcc|prngd|egd)'` i=0 while [ ${install[i]} ]; do pkgadd -d ${install[i]} let "i=$i+1" done if [ x"`echo ${install[*]}`" = x ] ; then echo "\n!!! no packages found in current directory.\n" exit 1 fi ### privilege separation for sshd if [ ! -d /var/empty ] ; then mkdir /var/empty chown root:sys /var/empty chmod 755 /var/empty fi if [ x"`cat /etc/group|grep sshd`" = x ] ; then groupadd sshd fi if [ x"`cat /etc/passwd|grep sshd`" = x ] ; then useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd fi ### unzip and install random patch for solaris 8 case `uname -r` in "5.8") if [[ x"`showrev -p |grep 112438`" = x && -f 112438* ]] ; then unzip 112438*zip patchadd 112438* else if [[ x"`showrev -p |grep 112438`" = x ]] ; then echo "\n!!! please download the solaris random patch \"112438\" at http://sunsolve.sun.com." fi fi ;; "5.9") continue ;; *) ;; esac ### reboot machine or generate keys case `uname -r` in "5.8") echo "\nyou are running solaris 8.\nthe machine must be rebooted, before changes take effect." echo "install the keys after the reboot:" echo "\nssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N \"\"" echo "ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N \"\"" echo "ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N \"\"\n" ;; "5.9") ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" echo "rsa key generated" ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" echo "rsa1 key generated" ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N "" echo "dsa key generated\n" ;; *) ;; esac ############################################################################## ### This script is submitted to BigAdmin by a user of the BigAdmin community. ### Sun Microsystems, Inc. is not responsible for the ### contents or the code enclosed. ### ### ### Copyright Sun Microsystems, Inc. ALL RIGHTS RESERVED ### Use of this software is authorized pursuant to the ### terms of the license found at ### http://www.sun.com/bigadmin/common/berkeley_license.jsp ##############################################################################