sshd revision 240109
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/sshd 240109 2012-09-04 21:56:16Z des $ 4# 5 6# PROVIDE: sshd 7# REQUIRE: LOGIN cleanvar 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="sshd" 13rcvar="sshd_enable" 14command="/usr/sbin/${name}" 15keygen_cmd="sshd_keygen" 16start_precmd="sshd_precmd" 17configtest_cmd="sshd_configtest" 18pidfile="/var/run/${name}.pid" 19extra_commands="configtest keygen reload" 20 21timeout=300 22 23user_reseed() 24{ 25 ( 26 seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 27 if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 28 warn "Setting entropy source to blocking mode." 29 echo "====================================================" 30 echo "Type a full screenful of random junk to unblock" 31 echo "it and remember to finish with <enter>. This will" 32 echo "timeout in ${timeout} seconds, but waiting for" 33 echo "the timeout without typing junk may make the" 34 echo "entropy source deliver predictable output." 35 echo "" 36 echo "Just hit <enter> for fast+insecure startup." 37 echo "====================================================" 38 sysctl kern.random.sys.seeded=0 2>/dev/null 39 read -t ${timeout} junk 40 echo "${junk}" `sysctl -a` `date` > /dev/random 41 fi 42 ) 43} 44 45sshd_keygen() 46{ 47 ( 48 umask 022 49 50 # Can't do anything if ssh is not installed 51 [ -x /usr/bin/ssh-keygen ] || { 52 warn "/usr/bin/ssh-keygen does not exist." 53 return 1 54 } 55 56 if [ -f /etc/ssh/ssh_host_key ]; then 57 echo "You already have an RSA host key" \ 58 "in /etc/ssh/ssh_host_key" 59 echo "Skipping protocol version 1 RSA Key Generation" 60 else 61 /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 62 -f /etc/ssh/ssh_host_key -N '' 63 fi 64 65 if [ -f /etc/ssh/ssh_host_dsa_key ]; then 66 echo "You already have a DSA host key" \ 67 "in /etc/ssh/ssh_host_dsa_key" 68 echo "Skipping protocol version 2 DSA Key Generation" 69 else 70 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 71 fi 72 73 if [ -f /etc/ssh/ssh_host_rsa_key ]; then 74 echo "You already have an RSA host key" \ 75 "in /etc/ssh/ssh_host_rsa_key" 76 echo "Skipping protocol version 2 RSA Key Generation" 77 else 78 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 79 fi 80 81 if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 82 echo "You already have an ECDSA host key" \ 83 "in /etc/ssh/ssh_host_ecdsa_key" 84 echo "Skipping protocol version 2 ECDSA Key Generation" 85 else 86 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 87 fi 88 ) 89} 90 91sshd_configtest() 92{ 93 echo "Performing sanity check on ${name} configuration." 94 eval ${command} ${sshd_flags} -t 95} 96 97sshd_precmd() 98{ 99 if [ ! -f /etc/ssh/ssh_host_key -o \ 100 ! -f /etc/ssh/ssh_host_dsa_key -o \ 101 ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 102 ! -f /etc/ssh/ssh_host_rsa_key ]; then 103 user_reseed 104 run_rc_command keygen 105 fi 106 sshd_configtest 107} 108 109load_rc_config $name 110run_rc_command "$1" 111