sshd revision 180564 
1104615Stjr#!/bin/sh
2104615Stjr#
3104615Stjr# $FreeBSD: head/etc/rc.d/sshd 180564 2008-07-16 19:50:29Z dougb $
4104615Stjr#
5104615Stjr
6104615Stjr# PROVIDE: sshd
7104615Stjr# REQUIRE: LOGIN cleanvar
8104615Stjr# KEYWORD: shutdown
9104615Stjr
10104615Stjr. /etc/rc.subr
11104615Stjr
12104615Stjrname="sshd"
13104615Stjrrcvar=`set_rcvar`
14104615Stjrcommand="/usr/sbin/${name}"
15104615Stjrkeygen_cmd="sshd_keygen"
16104615Stjrstart_precmd="sshd_precmd"
17104615Stjrpidfile="/var/run/${name}.pid"
18104615Stjrextra_commands="keygen reload"
19104615Stjr
20104615Stjrtimeout=300
21104615Stjr
22104615Stjruser_reseed()
23104615Stjr{
24104615Stjr	(
25104615Stjr	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
26167410Sru	if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
27104615Stjr		warn "Setting entropy source to blocking mode."
28104615Stjr		echo "===================================================="
29285718Sbrueffer		echo "Type a full screenful of random junk to unblock"
30206622Suqs		echo "it and remember to finish with <enter>. This will"
31104615Stjr		echo "timeout in ${timeout} seconds, but waiting for"
32104615Stjr		echo "the timeout without typing junk may make the"
33104615Stjr		echo "entropy source deliver predictable output."
34104615Stjr		echo ""
35104615Stjr		echo "Just hit <enter> for fast+insecure startup."
36104615Stjr		echo "===================================================="
37104615Stjr		sysctl kern.random.sys.seeded=0 2>/dev/null
38146466Sru		read -t ${timeout} junk
39146466Sru		echo "${junk}" `sysctl -a` `date` > /dev/random
40146466Sru	fi
41104615Stjr	)
42104615Stjr}
43146466Sru
44104615Stjrsshd_keygen()
45104615Stjr{
46104615Stjr	(
47104615Stjr	umask 022
48104615Stjr
49104615Stjr	# Can't do anything if ssh is not installed
50104615Stjr	[ -x /usr/bin/ssh-keygen ] || {
51104615Stjr		warn "/usr/bin/ssh-keygen does not exist."
52104615Stjr		return 1
53104615Stjr	}
54104615Stjr
55104615Stjr	if [ -f /etc/ssh/ssh_host_key ]; then
56104615Stjr		echo "You already have an RSA host key" \
57104615Stjr		    "in /etc/ssh/ssh_host_key"
58104615Stjr		echo "Skipping protocol version 1 RSA Key Generation"
59104615Stjr	else
60107750Sru		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
61107750Sru		    -f /etc/ssh/ssh_host_key -N ''
62104615Stjr	fi
63104615Stjr
64104615Stjr	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
65104615Stjr		echo "You already have a DSA host key" \
66107750Sru		    "in /etc/ssh/ssh_host_dsa_key"
67104615Stjr		echo "Skipping protocol version 2 DSA Key Generation"
68104615Stjr	else
69107750Sru		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
70107750Sru	fi
71104615Stjr
72104615Stjr	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
73104615Stjr		echo "You already have a RSA host key" \
74107750Sru		    "in /etc/ssh/ssh_host_rsa_key"
75107750Sru		echo "Skipping protocol version 2 RSA Key Generation"
76104615Stjr	else
77104615Stjr		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
78104615Stjr	fi
79104615Stjr	)
80104615Stjr}
81104615Stjr
82104615Stjrsshd_precmd()
83107750Sru{
84107750Sru	if [ ! -f /etc/ssh/ssh_host_key -o \
85104615Stjr	    ! -f /etc/ssh/ssh_host_dsa_key -o \
86104615Stjr	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
87104615Stjr		user_reseed
88104615Stjr		run_rc_command keygen
89104615Stjr	fi
90104615Stjr}
91104615Stjr
92104615Stjrload_rc_config $name
93104615Stjrrun_rc_command "$1"
94104615Stjr