sshd revision 249489
1156230Smux#!/bin/sh 2156230Smux# 3156230Smux# $FreeBSD: head/etc/rc.d/sshd 249489 2013-04-14 21:11:19Z bdrewery $ 4156230Smux# 5156230Smux 6156230Smux# PROVIDE: sshd 7156230Smux# REQUIRE: LOGIN FILESYSTEMS 8156230Smux# KEYWORD: shutdown 9156230Smux 10156230Smux. /etc/rc.subr 11156230Smux 12156230Smuxname="sshd" 13156230Smuxrcvar="sshd_enable" 14156230Smuxcommand="/usr/sbin/${name}" 15156230Smuxkeygen_cmd="sshd_keygen" 16156230Smuxstart_precmd="sshd_precmd" 17156230Smuxrestart_precmd="sshd_configtest" 18156230Smuxconfigtest_cmd="sshd_configtest" 19156230Smuxpidfile="/var/run/${name}.pid" 20156230Smuxextra_commands="configtest keygen reload" 21156230Smux 22156230Smuxtimeout=300 23156230Smux 24156230Smuxuser_reseed() 25156230Smux{ 26156230Smux ( 27156230Smux seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 28156230Smux if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 29216370Sjoel warn "Setting entropy source to blocking mode." 30216370Sjoel echo "====================================================" 31156230Smux echo "Type a full screenful of random junk to unblock" 32156230Smux echo "it and remember to finish with <enter>. This will" 33156230Smux echo "timeout in ${timeout} seconds, but waiting for" 34156230Smux echo "the timeout without typing junk may make the" 35156230Smux echo "entropy source deliver predictable output." 36156230Smux echo "" 37156230Smux echo "Just hit <enter> for fast+insecure startup." 38156230Smux echo "====================================================" 39156230Smux sysctl kern.random.sys.seeded=0 2>/dev/null 40156230Smux read -t ${timeout} junk 41156230Smux echo "${junk}" `sysctl -a` `date` > /dev/random 42156230Smux fi 43156230Smux ) 44156230Smux} 45156230Smux 46156230Smuxsshd_keygen() 47156230Smux{ 48156230Smux ( 49156230Smux umask 022 50156230Smux 51156230Smux # Can't do anything if ssh is not installed 52156230Smux [ -x /usr/bin/ssh-keygen ] || { 53156230Smux warn "/usr/bin/ssh-keygen does not exist." 54156230Smux return 1 55156230Smux } 56156230Smux 57 if [ -f /etc/ssh/ssh_host_key ]; then 58 echo "You already have an RSA host key" \ 59 "in /etc/ssh/ssh_host_key" 60 echo "Skipping protocol version 1 RSA Key Generation" 61 else 62 /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 63 -f /etc/ssh/ssh_host_key -N '' 64 fi 65 66 if [ -f /etc/ssh/ssh_host_dsa_key ]; then 67 echo "You already have a DSA host key" \ 68 "in /etc/ssh/ssh_host_dsa_key" 69 echo "Skipping protocol version 2 DSA Key Generation" 70 else 71 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 72 fi 73 74 if [ -f /etc/ssh/ssh_host_rsa_key ]; then 75 echo "You already have an RSA host key" \ 76 "in /etc/ssh/ssh_host_rsa_key" 77 echo "Skipping protocol version 2 RSA Key Generation" 78 else 79 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 80 fi 81 82 if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 83 echo "You already have an ECDSA host key" \ 84 "in /etc/ssh/ssh_host_ecdsa_key" 85 echo "Skipping protocol version 2 ECDSA Key Generation" 86 else 87 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 88 fi 89 ) 90} 91 92sshd_configtest() 93{ 94 echo "Performing sanity check on ${name} configuration." 95 eval ${command} ${sshd_flags} -t 96} 97 98sshd_precmd() 99{ 100 if [ ! -f /etc/ssh/ssh_host_key -o \ 101 ! -f /etc/ssh/ssh_host_dsa_key -o \ 102 ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 103 ! -f /etc/ssh/ssh_host_rsa_key ]; then 104 user_reseed 105 run_rc_command keygen 106 fi 107 sshd_configtest 108} 109 110load_rc_config $name 111run_rc_command "$1" 112