sshd revision 161530 
1127474Stjr#!/bin/sh
2127474Stjr#
3127474Stjr# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $
4127474Stjr# $FreeBSD: head/etc/rc.d/sshd 161530 2006-08-22 11:17:29Z flz $
5127474Stjr#
6127474Stjr
7127474Stjr# PROVIDE: sshd
8127474Stjr# REQUIRE: LOGIN cleanvar
9127474Stjr
10127474Stjr. /etc/rc.subr
11127474Stjr
12127474Stjrname="sshd"
13127474Stjrrcvar=`set_rcvar`
14127474Stjrcommand="/usr/sbin/${name}"
15127474Stjrkeygen_cmd="sshd_keygen"
16127474Stjrstart_precmd="sshd_precmd"
17127474Stjrpidfile="/var/run/${name}.pid"
18127474Stjrextra_commands="keygen reload"
19127474Stjr
20127474Stjrtimeout=300
21127474Stjr
22127474Stjruser_reseed()
23127474Stjr{
24127474Stjr	(
25127474Stjr	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
26127474Stjr	if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
27127474Stjr		warn "Setting entropy source to blocking mode."
28127474Stjr		echo "===================================================="
29127474Stjr		echo "Type a full screenful of random junk to unblock"
30127474Stjr		echo "it and remember to finish with <enter>. This will"
31127474Stjr		echo "timeout in ${timeout} seconds, but waiting for"
32127474Stjr		echo "the timeout without typing junk may make the"
33127474Stjr		echo "entropy source deliver predictable output."
34127474Stjr		echo ""
35127474Stjr		echo "Just hit <enter> for fast+insecure startup."
36127474Stjr		echo "===================================================="
37127474Stjr		sysctl kern.random.sys.seeded=0 2>/dev/null
38127474Stjr		read -t ${timeout} junk
39127474Stjr		echo "${junk}" `sysctl -a` `date` > /dev/random
40127474Stjr	fi
41127474Stjr	)
42127474Stjr}
43127474Stjr
44127474Stjrsshd_keygen()
45127474Stjr{
46127474Stjr	(
47127474Stjr	umask 022
48127474Stjr
49127474Stjr	# Can't do anything if ssh is not installed
50127474Stjr	[ -x /usr/bin/ssh-keygen ] || {
51127474Stjr		warn "/usr/bin/ssh-keygen does not exist."
52127474Stjr		return 1
53127474Stjr	}
54127474Stjr
55127474Stjr	if [ -f /etc/ssh/ssh_host_key ]; then
56127474Stjr		echo "You already have an RSA host key" \
57127474Stjr		    "in /etc/ssh/ssh_host_key"
58127474Stjr		echo "Skipping protocol version 1 RSA Key Generation"
59127474Stjr	else
60127474Stjr		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
61127474Stjr		    -f /etc/ssh/ssh_host_key -N ''
62127474Stjr	fi
63127474Stjr
64127474Stjr	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
65127474Stjr		echo "You already have a DSA host key" \
66127474Stjr		    "in /etc/ssh/ssh_host_dsa_key"
67127474Stjr		echo "Skipping protocol version 2 DSA Key Generation"
68127474Stjr	else
69127474Stjr		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
70127474Stjr	fi
71127474Stjr
72127474Stjr	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
73127474Stjr		echo "You already have a RSA host key" \
74127474Stjr		    "in /etc/ssh/ssh_host_rsa_key"
75127474Stjr		echo "Skipping protocol version 2 RSA Key Generation"
76127474Stjr	else
77127474Stjr		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
78127474Stjr	fi
79127474Stjr	)
80127474Stjr}
81127474Stjr
82127474Stjrsshd_precmd()
83127474Stjr{
84127474Stjr	if [ ! -f /etc/ssh/ssh_host_key -o \
85127474Stjr	    ! -f /etc/ssh/ssh_host_dsa_key -o \
86127474Stjr	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
87127474Stjr		user_reseed
88127474Stjr		run_rc_command keygen
89127474Stjr	fi
90127474Stjr}
91127474Stjr
92127474Stjrload_rc_config $name
93127474Stjrrun_rc_command "$1"
94127474Stjr