From 215db22123f6a7efab10d65c0ca40eee17a1cd01 Mon Sep 17 00:00:00 2001 From: Tzafrir Cohen Date: Sun, 3 Oct 2010 21:34:09 +0000 Subject: No more separate sshd No need for a separate sshd instance. Get rid of it. git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@8403 283159da-0705-0410-b60c-f2062b4bb6ad --- Makefile | 7 +- README | 2 - debian/rapid-tunneling-server.install | 1 - debian/rules | 9 -- rapid-tunneling.spec | 7 -- rtadm.config | 2 +- sshd_support | 182 ---------------------------------- sshd_support_config | 79 --------------- sshd_support_debian | 165 ------------------------------ 9 files changed, 3 insertions(+), 451 deletions(-) delete mode 100755 sshd_support delete mode 100644 sshd_support_config delete mode 100755 sshd_support_debian diff --git a/Makefile b/Makefile index 4375069..b0779f9 100644 --- a/Makefile +++ b/Makefile @@ -2,10 +2,9 @@ PACKAGE = rapid-tunneling SPEC = rapid-tunneling.spec SCRIPTS = rapid-tunneling rapid-tunneling-status rtadm rt-from-remote -CONFIGS = rtadm.config sshd_support_config support_env rapid-tunneling.conf gui.htpasswd rtadm.bash_completion -INIT_D = sshd_support +CONFIGS = rtadm.config support_env rapid-tunneling.conf gui.htpasswd rtadm.bash_completion GUI = gui -SOURCES = Makefile $(SPEC) $(SCRIPTS) $(CONFIGS) $(INIT_D) $(GUI) \ +SOURCES = Makefile $(SPEC) $(SCRIPTS) $(CONFIGS) $(GUI) \ .placeholder rapid-tunneling.8 rapid-tunneling-status.8 SBINDIR = /usr/sbin MANDIR = /usr/share/man/man8 @@ -59,8 +58,6 @@ install: install -m 755 -d $(DESTDIR)/etc/rapid-tunneling install -m 644 rtadm.config $(DESTDIR)/etc/rapid-tunneling/rtadm install -m 644 gui.htpasswd $(DESTDIR)/etc/rapid-tunneling/ - install -m 755 -d $(DESTDIR)/etc/ssh - install -m 644 sshd_support_config $(DESTDIR)/etc/ssh/ install -m 755 -d $(DESTDIR)/var/lib/rapid-tunneling install -m 644 .placeholder $(DESTDIR)/var/lib/rapid-tunneling/ install -m 755 -d $(DESTDIR)$(WWWHOME) diff --git a/README b/README index d41b6ba..b73da4b 100644 --- a/README +++ b/README @@ -30,8 +30,6 @@ to remote users. * Install the package rapid-tunneling-server * Edit the host (name/IP) and port in /etc/rapid-tunnelling/rtadm . This is where the client should connect to. -* Make sure that that sshd_support is running. E.g.: that it listens - on port 2222. * Provide a special way for the support user to login. It cannot login through ssh. One possible way is from another user account through sudo -i . diff --git a/debian/rapid-tunneling-server.install b/debian/rapid-tunneling-server.install index 8e3b9ab..fe40845 100644 --- a/debian/rapid-tunneling-server.install +++ b/debian/rapid-tunneling-server.install @@ -1,6 +1,5 @@ etc/bash_completion.d/rtadm etc/rapid-tunneling/rtadm -etc/ssh/sshd_support_config usr/share/rapid-tunneling/support_env usr/share/rapid-tunneling/bin/rtadm usr/share/rapid-tunneling/bin/rt-from-remote diff --git a/debian/rules b/debian/rules index 011fbf3..f843039 100755 --- a/debian/rules +++ b/debian/rules @@ -7,17 +7,8 @@ include /usr/share/cdbs/1/class/makefile.mk DEB_MAKE_BUILD_TARGET = dummy DEB_MAKE_INSTALL_TARGET = install DESTDIR=$(DEB_DESTDIR) WWWHOME=/usr/share/rapid-tunneling/www -clean:: - rm -f debian/rapid-tunneling-server.sshd_support.init - -build/rapid-tunneling-server:: - cp sshd_support_debian debian/rapid-tunneling-server.sshd_support.init - install/rapid-tunneling-gui:: # yikes, redhatism: mv $(CURDIR)/debian/tmp/etc/httpd/conf.d/rapid-tunneling.conf \ $(CURDIR)/debian/rapid-tunneling-gui/etc/rapid-tunneling/apache2-rapid-tunneling.conf -install/rapid-tunneling-server:: - dh_installinit -p rapid-tunneling-server --name=sshd_support - diff --git a/rapid-tunneling.spec b/rapid-tunneling.spec index 146dc0f..90c8f88 100644 --- a/rapid-tunneling.spec +++ b/rapid-tunneling.spec @@ -42,8 +42,6 @@ control tunnels to the server. %install %{__rm} -rf %{buildroot} %{__make} install DESTDIR=%{buildroot} -%{__install} -m 755 -d %{buildroot}/etc/init.d -%{__install} -m 755 sshd_support %{buildroot}/etc/init.d # The placeholder is needed for debs, but creates an unnecessary file # conflicts on rpm: %{__rm} -f %{buildroot}/var/lib/rapid-tunneling/.placeholder @@ -71,12 +69,9 @@ PROFILE=$HOME_DIR/.bash_profile if ! fgrep -q "$LINE" $PROFILE 2>/dev/null; then echo "$LINE" >> $PROFILE fi -/sbin/chkconfig --add sshd_support %preun server if [ "$1" = 0 ]; then - /sbin/service sshd_support stop > /dev/null 2>&1 || : - /sbin/chkconfig --del sshd_support userdel support || : fi @@ -115,8 +110,6 @@ service httpd reload %defattr(-, root, root, 0755) %config /etc/bash_completion.d/rtadm %config(noreplace) /etc/rapid-tunneling/rtadm -%config(noreplace) /etc/ssh/sshd_support_config -%config /etc/init.d/sshd_support %{_datadir}/rapid-tunneling/support_env %{_datadir}/rapid-tunneling/bin/rtadm %{_datadir}/rapid-tunneling/bin/rt-from-remote diff --git a/rtadm.config b/rtadm.config index e7734fb..5d2ad92 100644 --- a/rtadm.config +++ b/rtadm.config @@ -7,4 +7,4 @@ HOSTNAME= # Port number on which the local SSH server listens. # If you change it below, change it also in /etc/ssh/sshd_support_config -PORT=2222 +PORT=22 diff --git a/sshd_support b/sshd_support deleted file mode 100755 index 7120eaa..0000000 --- a/sshd_support +++ /dev/null @@ -1,182 +0,0 @@ -#!/bin/bash -# -# Init file for OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: OpenSSH server daemon -# -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_support_config -# pidfile: /var/run/sshd_support.pid - -# source function library -. /etc/rc.d/init.d/functions - -# pull in sysconfig settings -[ -f /etc/sysconfig/sshd_support ] && . /etc/sysconfig/sshd_support - -RETVAL=0 -prog="sshd_support" - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd -RSA1_KEY=/etc/ssh/ssh_host_key -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd_support.pid -PID_BASENAME=sshd_support -CONFIG_FILE=/etc/ssh/sshd_support_config - -runlevel=$(set -- $(runlevel); eval "echo \$$#" ) - -do_rsa1_keygen() { - if [ ! -s $RSA1_KEY ]; then - echo -n $"Generating SSH1 RSA host key: " - if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA1_KEY - chmod 644 $RSA1_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $RSA1_KEY.pub - fi - success $"RSA1 key generation" - echo - else - failure $"RSA1 key generation" - echo - exit 1 - fi - fi -} - -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n $"Generating SSH2 RSA host key: " - if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA_KEY - chmod 644 $RSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $RSA_KEY.pub - fi - success $"RSA key generation" - echo - else - failure $"RSA key generation" - echo - exit 1 - fi - fi -} - -do_dsa_keygen() { - if [ ! -s $DSA_KEY ]; then - echo -n $"Generating SSH2 DSA host key: " - if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $DSA_KEY - chmod 644 $DSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $DSA_KEY.pub - fi - success $"DSA key generation" - echo - else - failure $"DSA key generation" - echo - exit 1 - fi - fi -} - -do_restart_sanity_check() -{ - $SSHD -f $CONFIG_FILE -t - RETVAL=$? - if [ ! "$RETVAL" = 0 ]; then - failure $"Configuration file or keys are invalid" - echo - fi -} - -start() -{ - # Create keys if necessary - do_rsa1_keygen - do_rsa_keygen - do_dsa_keygen - - cp -af /etc/localtime /var/empty/sshd/etc - - echo -n $"Starting $prog: " - $SSHD -f $CONFIG_FILE -o "PidFile $PID_FILE" $OPTIONS && success || failure - RETVAL=$? - [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_support - echo -} - -stop() -{ - echo -n $"Stopping $prog: " - if [ -n "`pidfileofproc $PID_BASENAME`" ] ; then - killproc $PID_BASENAME - else - failure $"Stopping $prog" - fi - RETVAL=$? - # if we are in halt or reboot runlevel kill all running sessions - # so the TCP connections are closed cleanly - if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then - killall $prog 2>/dev/null - fi - [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_support - echo -} - -reload() -{ - echo -n $"Reloading $prog: " - if [ -n "`pidfileofproc $PID_BASENAME`" ] ; then - killproc $PID_BASENAME -HUP - else - failure $"Reloading $prog" - fi - RETVAL=$? - echo -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; - reload) - reload - ;; - condrestart) - if [ -f /var/lock/subsys/sshd_support ] ; then - do_restart_sanity_check - if [ "$RETVAL" = 0 ] ; then - stop - # avoid race - sleep 3 - start - fi - fi - ;; - status) - status $PID_BASENAME - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" - RETVAL=1 -esac -exit $RETVAL diff --git a/sshd_support_config b/sshd_support_config deleted file mode 100644 index 1659e76..0000000 --- a/sshd_support_config +++ /dev/null @@ -1,79 +0,0 @@ -# Package generated configuration file -# See the sshd(8) manpage for details - -# What ports, IPs and protocols we listen for -Port 2222 -# Use these options to restrict which interfaces/protocols sshd will bind to -#ListenAddress :: -#ListenAddress 0.0.0.0 -Protocol 2 -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation yes - -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 - -# Logging -SyslogFacility AUTH -LogLevel INFO - -# Authentication: -LoginGraceTime 120 -PermitRootLogin no -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys - -# Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no -# similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes - -# To enable empty passwords, change to yes (NOT RECOMMENDED) -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Change to no to disable tunnelled clear text passwords -PasswordAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosGetAFSToken no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -X11Forwarding no -X11DisplayOffset 10 -PrintMotd no -PrintLastLog no -TCPKeepAlive yes -#UseLogin no - -#MaxStartups 10:30:60 -#Banner /etc/issue.net - -# Allow client to pass locale environment variables -#AcceptEnv LANG LC_* - -#Subsystem sftp /usr/lib/openssh/sftp-server - -UsePAM yes - -AllowUsers support diff --git a/sshd_support_debian b/sshd_support_debian deleted file mode 100755 index 0cbcd4f..0000000 --- a/sshd_support_debian +++ /dev/null @@ -1,165 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: sshd_support -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 1 -# Short-Description: OpenBSD Secure Shell server for RapidTunneling (tm) -### END INIT INFO - -set -e - -# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon for RapidTunneling (tm) - -test -x /usr/sbin/sshd || exit 0 -( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 - -export SSHD_OOM_ADJUST=-17 -if test -f /etc/default/ssh; then - . /etc/default/ssh -fi - -. /lib/lsb/init-functions - -PID_FILE=/var/run/sshd_support.pid -SSHD_OPTS="$SSHD_OPTS -f /etc/ssh/sshd_support_config -o PidFile=$PID_FILE" -if [ -n "$2" ]; then - SSHD_OPTS="$SSHD_OPTS $2" -fi - -# Are we running from init? -run_by_init() { - ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ] -} - -check_for_no_start() { - # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists - if [ -e /etc/ssh/sshd_not_to_be_run ]; then - if [ "$1" = log_end_msg ]; then - log_end_msg 0 - fi - if ! run_by_init; then - log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" - fi - exit 0 - fi -} - -check_dev_null() { - if [ ! -c /dev/null ]; then - if [ "$1" = log_end_msg ]; then - log_end_msg 1 || true - fi - if ! run_by_init; then - log_action_msg "/dev/null is not a character device!" - fi - exit 1 - fi -} - -check_privsep_dir() { - # Create the PrivSep empty dir if necessary - if [ ! -d /var/run/sshd ]; then - mkdir /var/run/sshd - chmod 0755 /var/run/sshd - fi -} - -check_config() { - if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then - /usr/sbin/sshd -t || exit 1 - fi -} - -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" - -case "$1" in - start) - check_privsep_dir - check_for_no_start - check_dev_null - log_daemon_msg "Starting RapidTunneling server" "sshd_support" - if start-stop-daemon --start --quiet --oknodo --pidfile $PID_FILE --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - stop) - log_daemon_msg "Stopping RapidTunneling server" "sshd_support" - if start-stop-daemon --stop --quiet --oknodo --pidfile $PID_FILE; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - - reload|force-reload) - check_for_no_start - check_config - log_daemon_msg "Reloading RapidTunneling server's configuration" "sshd_support" - if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $PID_FILE --exec /usr/sbin/sshd; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - - restart) - check_privsep_dir - check_config - log_daemon_msg "Restarting RapidTunneling server" "sshd_support" - start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $PID_FILE - check_for_no_start log_end_msg - check_dev_null log_end_msg - if start-stop-daemon --start --quiet --oknodo --pidfile $PID_FILE --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - - try-restart) - check_privsep_dir - check_config - log_daemon_msg "Restarting RapidTunneling server" "sshd_support" - set +e - start-stop-daemon --stop --quiet --retry 30 --pidfile $PID_FILE - RET="$?" - set -e - case $RET in - 0) - # old daemon stopped - check_for_no_start log_end_msg - check_dev_null log_end_msg - if start-stop-daemon --start --quiet --oknodo --pidfile $PID_FILE --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - 1) - # daemon not running - log_progress_msg "(not running)" - log_end_msg 0 - ;; - *) - # failed to stop - log_progress_msg "(failed to stop)" - log_end_msg 1 - ;; - esac - ;; - - status) - status_of_proc -p $PID_FILE /usr/sbin/sshd sshd_support && exit 0 || exit $? - ;; - - *) - log_action_msg "Usage: /etc/init.d/sshd_support {start|stop|reload|force-reload|restart|try-restart|status}" - exit 1 -esac - -exit 0 -- cgit v1.2.3