sshd revision 249489 
1156230Smux#!/bin/sh
2156230Smux#
3156230Smux# $FreeBSD: head/etc/rc.d/sshd 249489 2013-04-14 21:11:19Z bdrewery $
4156230Smux#
5156230Smux
6156230Smux# PROVIDE: sshd
7156230Smux# REQUIRE: LOGIN FILESYSTEMS
8156230Smux# KEYWORD: shutdown
9156230Smux
10156230Smux. /etc/rc.subr
11156230Smux
12156230Smuxname="sshd"
13156230Smuxrcvar="sshd_enable"
14156230Smuxcommand="/usr/sbin/${name}"
15156230Smuxkeygen_cmd="sshd_keygen"
16156230Smuxstart_precmd="sshd_precmd"
17156230Smuxrestart_precmd="sshd_configtest"
18156230Smuxconfigtest_cmd="sshd_configtest"
19156230Smuxpidfile="/var/run/${name}.pid"
20156230Smuxextra_commands="configtest keygen reload"
21156230Smux
22156230Smuxtimeout=300
23156230Smux
24156230Smuxuser_reseed()
25156230Smux{
26156230Smux	(
27156230Smux	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
28156230Smux	if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
29216370Sjoel		warn "Setting entropy source to blocking mode."
30216370Sjoel		echo "===================================================="
31156230Smux		echo "Type a full screenful of random junk to unblock"
32156230Smux		echo "it and remember to finish with <enter>. This will"
33156230Smux		echo "timeout in ${timeout} seconds, but waiting for"
34156230Smux		echo "the timeout without typing junk may make the"
35156230Smux		echo "entropy source deliver predictable output."
36156230Smux		echo ""
37156230Smux		echo "Just hit <enter> for fast+insecure startup."
38156230Smux		echo "===================================================="
39156230Smux		sysctl kern.random.sys.seeded=0 2>/dev/null
40156230Smux		read -t ${timeout} junk
41156230Smux		echo "${junk}" `sysctl -a` `date` > /dev/random
42156230Smux	fi
43156230Smux	)
44156230Smux}
45156230Smux
46156230Smuxsshd_keygen()
47156230Smux{
48156230Smux	(
49156230Smux	umask 022
50156230Smux
51156230Smux	# Can't do anything if ssh is not installed
52156230Smux	[ -x /usr/bin/ssh-keygen ] || {
53156230Smux		warn "/usr/bin/ssh-keygen does not exist."
54156230Smux		return 1
55156230Smux	}
56156230Smux
57	if [ -f /etc/ssh/ssh_host_key ]; then
58		echo "You already have an RSA host key" \
59		    "in /etc/ssh/ssh_host_key"
60		echo "Skipping protocol version 1 RSA Key Generation"
61	else
62		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
63		    -f /etc/ssh/ssh_host_key -N ''
64	fi
65
66	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
67		echo "You already have a DSA host key" \
68		    "in /etc/ssh/ssh_host_dsa_key"
69		echo "Skipping protocol version 2 DSA Key Generation"
70	else
71		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
72	fi
73
74	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
75		echo "You already have an RSA host key" \
76		    "in /etc/ssh/ssh_host_rsa_key"
77		echo "Skipping protocol version 2 RSA Key Generation"
78	else
79		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
80	fi
81
82	if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
83		echo "You already have an ECDSA host key" \
84		    "in /etc/ssh/ssh_host_ecdsa_key"
85		echo "Skipping protocol version 2 ECDSA Key Generation"
86	else
87		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
88	fi
89	)
90}
91
92sshd_configtest()
93{
94	echo "Performing sanity check on ${name} configuration."
95	eval ${command} ${sshd_flags} -t
96}
97
98sshd_precmd()
99{
100	if [ ! -f /etc/ssh/ssh_host_key -o \
101	    ! -f /etc/ssh/ssh_host_dsa_key -o \
102	    ! -f /etc/ssh/ssh_host_ecdsa_key -o \
103	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
104		user_reseed
105		run_rc_command keygen
106	fi
107	sshd_configtest
108}
109
110load_rc_config $name
111run_rc_command "$1"
112