sshd revision 140339 
1#!/bin/sh
2#
3# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $
4# $FreeBSD: head/etc/rc.d/sshd 140339 2005-01-16 03:12:03Z obrien $
5#
6
7# PROVIDE: sshd
8# REQUIRE: LOGIN cleanvar
9
10. /etc/rc.subr
11
12name="sshd"
13rcvar=`set_rcvar`
14keygen_cmd="sshd_keygen"
15start_precmd="sshd_precmd"
16pidfile="/var/run/${name}.pid"
17extra_commands="keygen reload"
18
19timeout=300
20
21user_reseed()
22{
23	(
24	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
25	if [ "${seeded}" != "" ] ; then
26		warn "Setting entropy source to blocking mode."
27		echo "===================================================="
28		echo "Type a full screenful of random junk to unblock"
29		echo "it and remember to finish with <enter>. This will"
30		echo "timeout in ${timeout} seconds, but waiting for"
31		echo "the timeout without typing junk may make the"
32		echo "entropy source deliver predictable output."
33		echo ""
34		echo "Just hit <enter> for fast+insecure startup."
35		echo "===================================================="
36		sysctl kern.random.sys.seeded=0 2>/dev/null
37		read -t ${timeout} junk
38		echo "${junk}" `sysctl -a` `date` > /dev/random
39	fi
40	)
41}
42
43sshd_keygen()
44{
45	(
46	umask 022
47
48	# Can't do anything if ssh is not installed
49	[ -x /usr/bin/ssh-keygen ] || {
50		warn "/usr/bin/ssh-keygen does not exist."
51		return 1
52	}
53
54	if [ -f /etc/ssh/ssh_host_key ]; then
55		echo "You already have an RSA host key" \
56		    "in /etc/ssh/ssh_host_key"
57		echo "Skipping protocol version 1 RSA Key Generation"
58	else
59		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
60		    -f /etc/ssh/ssh_host_key -N ''
61	fi
62
63	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
64		echo "You already have a DSA host key" \
65		    "in /etc/ssh/ssh_host_dsa_key"
66		echo "Skipping protocol version 2 DSA Key Generation"
67	else
68		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
69	fi
70
71	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
72		echo "You already have a RSA host key" \
73		    "in /etc/ssh/ssh_host_rsa_key"
74		echo "Skipping protocol version 2 RSA Key Generation"
75	else
76		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
77	fi
78	)
79}
80
81sshd_precmd()
82{
83	if [ ! -f /etc/ssh/ssh_host_key -o \
84	    ! -f /etc/ssh/ssh_host_dsa_key -o \
85	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
86		user_reseed
87		run_rc_command keygen
88	fi
89}
90
91load_rc_config $name
92run_rc_command "$1"
93