#!/bin/bash # # /usr/NX/bin/nxkeygen # Create a new client/server key pair # # Originally written for Gentoo Linux # # Author Stuart Herbert # (stuart@gentoo.org) # # Copyright (c) 2004 Gentoo Foundation # Released under v2 of the GNU GPL # # SVN: $Id: nxkeygen 512 2008-03-10 23:01:03Z fabianx $ # # ======================================================================== # Read the config file SHARED_CONFS="/usr/share/freenx-server" . $SHARED_CONFS/nxfuncs open_dbe $$ attach_db "$sq_settings_fn" ro || { echo "Unable to attach db file $sq_settings_fn"; exit 1; } set_vars_from_db [ -z "$NX_KEY_DIR" ] && NX_KEY_DIR="$NX_HOME_DIR/.ssh" DATE="`date '+%Y%m%d-%H%M%S'`" NX_CLIENT_KEY="${NX_KEY_DIR}/client.id_dsa.key" NX_SERVER_KEY="${NX_KEY_DIR}/server.id_dsa.pub.key" main () { # create a new key umask 177 $COMMAND_SSH_KEYGEN -q -t dsa -N '' -f ${NX_KEY_DIR}/local.id_dsa # backup the existing keys if [ -f "${NX_SERVER_KEY}" ]; then echo "Backing up existing server key to ${NX_SERVER_KEY}.${DATE}" mv -f "${NX_SERVER_KEY}" "${NX_SERVER_KEY}.${DATE}" fi if [ -f "${NX_CLIENT_KEY}" ]; then echo "Backing up existing client key to ${NX_CLIENT_KEY}.${DATE}" mv -f "${NX_CLIENT_KEY}" "${NX_CLIENT_KEY}.${DATE}" fi # put the new keys in place mv -f "${NX_KEY_DIR}/local.id_dsa" "${NX_CLIENT_KEY}" mv -f "${NX_KEY_DIR}/local.id_dsa.pub" "${NX_SERVER_KEY}" for x in ${NX_CLIENT_KEY} ${NX_SERVER_KEY} ; do chmod 600 $x chown nx:root $x done # copy the key to the authorized_keys2 file rm -f $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS echo -n "no-port-forwarding,no-agent-forwarding,command=\"$PATH_BIN/nxserver\" " >$NX_KEY_DIR/$SSH_AUTHORIZED_KEYS cat ${NX_SERVER_KEY} >> $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS # Fix ownership of $SSH_AUTHORIZED_KEYS, just in case nxkeygen is run without nxsetup. chown nx:root $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS # now tell the user what to do echo "Unique key generated; your users must install" echo echo " ${NX_CLIENT_KEY}" echo echo "on their computers." } if [ -f "${NX_SERVER_KEY}" -a -f "${NX_CLIENT_KEY}" -a \ ! -z "$NX_DONT_OVERRIDE" ]; then echo "Not overriding the existing key" exit fi main "$@" close_dbe $$