sshd revision 157653
1102227Smike#!/bin/sh 2102227Smike# 3102227Smike# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $ 4102227Smike# $FreeBSD: head/etc/rc.d/sshd 157653 2006-04-11 08:55:27Z flz $ 5102227Smike# 6102227Smike 7102227Smike# PROVIDE: sshd 8102227Smike# REQUIRE: LOGIN cleanvar 9102227Smike 10102227Smike. /etc/rc.subr 11102227Smike 12102227Smikename="sshd" 13102227Smikercvar=`set_rcvar` 14102227Smikecommand="/usr/sbin/${name}" 15102227Smikekeygen_cmd="sshd_keygen" 16102227Smikestart_precmd="sshd_precmd" 17102227Smikepidfile="/var/run/${name}.pid" 18102227Smikeextra_commands="keygen reload" 19102227Smike 20102227Smiketimeout=300 21102227Smike 22102227Smikeload_rc_config $name 23102227Smike 24102227Smikeuser_reseed() 25102227Smike{ 26102227Smike ( 27102227Smike seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 28102227Smike if [ "${seeded}" != "" ] ; then 29102227Smike warn "Setting entropy source to blocking mode." 30102227Smike echo "====================================================" 31102227Smike echo "Type a full screenful of random junk to unblock" 32102227Smike echo "it and remember to finish with <enter>. This will" 33102227Smike echo "timeout in ${timeout} seconds, but waiting for" 34102227Smike echo "the timeout without typing junk may make the" 35102227Smike echo "entropy source deliver predictable output." 36102227Smike echo "" 37102227Smike echo "Just hit <enter> for fast+insecure startup." 38102227Smike echo "====================================================" 39102227Smike sysctl kern.random.sys.seeded=0 2>/dev/null 40102227Smike read -t ${timeout} junk 41102227Smike echo "${junk}" `sysctl -a` `date` > /dev/random 42102227Smike fi 43102227Smike ) 44102227Smike} 45102227Smike 46102227Smikesshd_keygen() 47102227Smike{ 48102227Smike ( 49102227Smike umask 022 50102227Smike 51102227Smike # Can't do anything if ssh is not installed 52102227Smike [ -x ${prefix}/bin/ssh-keygen ] || { 53102227Smike warn "${prefix}/bin/ssh-keygen does not exist." 54102227Smike return 1 55102227Smike } 56102227Smike 57102227Smike if [ -f ${etcdir}/ssh/ssh_host_key ]; then 58102227Smike echo "You already have an RSA host key" \ 59102227Smike "in ${etcdir}/ssh/ssh_host_key" 60102227Smike echo "Skipping protocol version 1 RSA Key Generation" 61102227Smike else 62102227Smike ${prefix}/bin/ssh-keygen -t rsa1 -b 1024 \ 63102227Smike -f ${etcdir}/ssh/ssh_host_key -N '' 64102227Smike fi 65102227Smike 66102227Smike if [ -f ${etcdir}/ssh/ssh_host_dsa_key ]; then 67102227Smike echo "You already have a DSA host key" \ 68102227Smike "in ${etcdir}/ssh/ssh_host_dsa_key" 69102227Smike echo "Skipping protocol version 2 DSA Key Generation" 70102227Smike else 71102227Smike ${prefix}/bin/ssh-keygen -t dsa -f ${etcdir}/ssh/ssh_host_dsa_key -N '' 72102227Smike fi 73102227Smike 74102227Smike if [ -f ${etcdir}/ssh/ssh_host_rsa_key ]; then 75102227Smike echo "You already have a RSA host key" \ 76102227Smike "in ${etcdir}/ssh/ssh_host_rsa_key" 77102227Smike echo "Skipping protocol version 2 RSA Key Generation" 78102227Smike else 79102227Smike ${prefix}/bin/ssh-keygen -t rsa -f ${etcdir}/ssh/ssh_host_rsa_key -N '' 80102227Smike fi 81102227Smike ) 82102227Smike} 83102227Smike 84102227Smikesshd_precmd() 85102227Smike{ 86102227Smike if [ ! -f ${etcdir}/ssh/ssh_host_key -o \ 87102227Smike ! -f ${etcdir}/ssh/ssh_host_dsa_key -o \ 88102227Smike ! -f ${etcdir}/ssh/ssh_host_rsa_key ]; then 89102227Smike user_reseed 90102227Smike run_rc_command keygen 91102227Smike fi 92102227Smike} 93102227Smike 94102227Smikerun_rc_command "$1" 95102227Smike