sshd revision 161530
1127474Stjr#!/bin/sh 2127474Stjr# 3127474Stjr# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $ 4127474Stjr# $FreeBSD: head/etc/rc.d/sshd 161530 2006-08-22 11:17:29Z flz $ 5127474Stjr# 6127474Stjr 7127474Stjr# PROVIDE: sshd 8127474Stjr# REQUIRE: LOGIN cleanvar 9127474Stjr 10127474Stjr. /etc/rc.subr 11127474Stjr 12127474Stjrname="sshd" 13127474Stjrrcvar=`set_rcvar` 14127474Stjrcommand="/usr/sbin/${name}" 15127474Stjrkeygen_cmd="sshd_keygen" 16127474Stjrstart_precmd="sshd_precmd" 17127474Stjrpidfile="/var/run/${name}.pid" 18127474Stjrextra_commands="keygen reload" 19127474Stjr 20127474Stjrtimeout=300 21127474Stjr 22127474Stjruser_reseed() 23127474Stjr{ 24127474Stjr ( 25127474Stjr seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 26127474Stjr if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 27127474Stjr warn "Setting entropy source to blocking mode." 28127474Stjr echo "====================================================" 29127474Stjr echo "Type a full screenful of random junk to unblock" 30127474Stjr echo "it and remember to finish with <enter>. This will" 31127474Stjr echo "timeout in ${timeout} seconds, but waiting for" 32127474Stjr echo "the timeout without typing junk may make the" 33127474Stjr echo "entropy source deliver predictable output." 34127474Stjr echo "" 35127474Stjr echo "Just hit <enter> for fast+insecure startup." 36127474Stjr echo "====================================================" 37127474Stjr sysctl kern.random.sys.seeded=0 2>/dev/null 38127474Stjr read -t ${timeout} junk 39127474Stjr echo "${junk}" `sysctl -a` `date` > /dev/random 40127474Stjr fi 41127474Stjr ) 42127474Stjr} 43127474Stjr 44127474Stjrsshd_keygen() 45127474Stjr{ 46127474Stjr ( 47127474Stjr umask 022 48127474Stjr 49127474Stjr # Can't do anything if ssh is not installed 50127474Stjr [ -x /usr/bin/ssh-keygen ] || { 51127474Stjr warn "/usr/bin/ssh-keygen does not exist." 52127474Stjr return 1 53127474Stjr } 54127474Stjr 55127474Stjr if [ -f /etc/ssh/ssh_host_key ]; then 56127474Stjr echo "You already have an RSA host key" \ 57127474Stjr "in /etc/ssh/ssh_host_key" 58127474Stjr echo "Skipping protocol version 1 RSA Key Generation" 59127474Stjr else 60127474Stjr /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 61127474Stjr -f /etc/ssh/ssh_host_key -N '' 62127474Stjr fi 63127474Stjr 64127474Stjr if [ -f /etc/ssh/ssh_host_dsa_key ]; then 65127474Stjr echo "You already have a DSA host key" \ 66127474Stjr "in /etc/ssh/ssh_host_dsa_key" 67127474Stjr echo "Skipping protocol version 2 DSA Key Generation" 68127474Stjr else 69127474Stjr /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 70127474Stjr fi 71127474Stjr 72127474Stjr if [ -f /etc/ssh/ssh_host_rsa_key ]; then 73127474Stjr echo "You already have a RSA host key" \ 74127474Stjr "in /etc/ssh/ssh_host_rsa_key" 75127474Stjr echo "Skipping protocol version 2 RSA Key Generation" 76127474Stjr else 77127474Stjr /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 78127474Stjr fi 79127474Stjr ) 80127474Stjr} 81127474Stjr 82127474Stjrsshd_precmd() 83127474Stjr{ 84127474Stjr if [ ! -f /etc/ssh/ssh_host_key -o \ 85127474Stjr ! -f /etc/ssh/ssh_host_dsa_key -o \ 86127474Stjr ! -f /etc/ssh/ssh_host_rsa_key ]; then 87127474Stjr user_reseed 88127474Stjr run_rc_command keygen 89127474Stjr fi 90127474Stjr} 91127474Stjr 92127474Stjrload_rc_config $name 93127474Stjrrun_rc_command "$1" 94127474Stjr