sshd revision 180564
1104615Stjr#!/bin/sh 2104615Stjr# 3104615Stjr# $FreeBSD: head/etc/rc.d/sshd 180564 2008-07-16 19:50:29Z dougb $ 4104615Stjr# 5104615Stjr 6104615Stjr# PROVIDE: sshd 7104615Stjr# REQUIRE: LOGIN cleanvar 8104615Stjr# KEYWORD: shutdown 9104615Stjr 10104615Stjr. /etc/rc.subr 11104615Stjr 12104615Stjrname="sshd" 13104615Stjrrcvar=`set_rcvar` 14104615Stjrcommand="/usr/sbin/${name}" 15104615Stjrkeygen_cmd="sshd_keygen" 16104615Stjrstart_precmd="sshd_precmd" 17104615Stjrpidfile="/var/run/${name}.pid" 18104615Stjrextra_commands="keygen reload" 19104615Stjr 20104615Stjrtimeout=300 21104615Stjr 22104615Stjruser_reseed() 23104615Stjr{ 24104615Stjr ( 25104615Stjr seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 26167410Sru if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 27104615Stjr warn "Setting entropy source to blocking mode." 28104615Stjr echo "====================================================" 29285718Sbrueffer echo "Type a full screenful of random junk to unblock" 30206622Suqs echo "it and remember to finish with <enter>. This will" 31104615Stjr echo "timeout in ${timeout} seconds, but waiting for" 32104615Stjr echo "the timeout without typing junk may make the" 33104615Stjr echo "entropy source deliver predictable output." 34104615Stjr echo "" 35104615Stjr echo "Just hit <enter> for fast+insecure startup." 36104615Stjr echo "====================================================" 37104615Stjr sysctl kern.random.sys.seeded=0 2>/dev/null 38146466Sru read -t ${timeout} junk 39146466Sru echo "${junk}" `sysctl -a` `date` > /dev/random 40146466Sru fi 41104615Stjr ) 42104615Stjr} 43146466Sru 44104615Stjrsshd_keygen() 45104615Stjr{ 46104615Stjr ( 47104615Stjr umask 022 48104615Stjr 49104615Stjr # Can't do anything if ssh is not installed 50104615Stjr [ -x /usr/bin/ssh-keygen ] || { 51104615Stjr warn "/usr/bin/ssh-keygen does not exist." 52104615Stjr return 1 53104615Stjr } 54104615Stjr 55104615Stjr if [ -f /etc/ssh/ssh_host_key ]; then 56104615Stjr echo "You already have an RSA host key" \ 57104615Stjr "in /etc/ssh/ssh_host_key" 58104615Stjr echo "Skipping protocol version 1 RSA Key Generation" 59104615Stjr else 60107750Sru /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 61107750Sru -f /etc/ssh/ssh_host_key -N '' 62104615Stjr fi 63104615Stjr 64104615Stjr if [ -f /etc/ssh/ssh_host_dsa_key ]; then 65104615Stjr echo "You already have a DSA host key" \ 66107750Sru "in /etc/ssh/ssh_host_dsa_key" 67104615Stjr echo "Skipping protocol version 2 DSA Key Generation" 68104615Stjr else 69107750Sru /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 70107750Sru fi 71104615Stjr 72104615Stjr if [ -f /etc/ssh/ssh_host_rsa_key ]; then 73104615Stjr echo "You already have a RSA host key" \ 74107750Sru "in /etc/ssh/ssh_host_rsa_key" 75107750Sru echo "Skipping protocol version 2 RSA Key Generation" 76104615Stjr else 77104615Stjr /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 78104615Stjr fi 79104615Stjr ) 80104615Stjr} 81104615Stjr 82104615Stjrsshd_precmd() 83107750Sru{ 84107750Sru if [ ! -f /etc/ssh/ssh_host_key -o \ 85104615Stjr ! -f /etc/ssh/ssh_host_dsa_key -o \ 86104615Stjr ! -f /etc/ssh/ssh_host_rsa_key ]; then 87104615Stjr user_reseed 88104615Stjr run_rc_command keygen 89104615Stjr fi 90104615Stjr} 91104615Stjr 92104615Stjrload_rc_config $name 93104615Stjrrun_rc_command "$1" 94104615Stjr