sshd revision 249555
164562Sgshapiro#!/bin/sh 264562Sgshapiro# 364562Sgshapiro# $FreeBSD: head/etc/rc.d/sshd 249555 2013-04-16 17:30:13Z bdrewery $ 464562Sgshapiro# 564562Sgshapiro 6261363Sgshapiro# PROVIDE: sshd 764562Sgshapiro# REQUIRE: LOGIN FILESYSTEMS 864562Sgshapiro# KEYWORD: shutdown 964562Sgshapiro 1064562Sgshapiro. /etc/rc.subr 1164562Sgshapiro 1264562Sgshapironame="sshd" 1364562Sgshapirorcvar="sshd_enable" 1464562Sgshapirocommand="/usr/sbin/${name}" 1564562Sgshapirokeygen_cmd="sshd_keygen" 1664562Sgshapirostart_precmd="sshd_precmd" 1764562Sgshapiroreload_precmd="sshd_configtest" 1864562Sgshapirorestart_precmd="sshd_configtest" 1990792Sgshapiroconfigtest_cmd="sshd_configtest" 2064562Sgshapiropidfile="/var/run/${name}.pid" 2164562Sgshapiroextra_commands="configtest keygen reload" 2264562Sgshapiro 2364562Sgshapirotimeout=300 2464562Sgshapiro 2564562Sgshapirouser_reseed() 2664562Sgshapiro{ 27266692Sgshapiro ( 2864562Sgshapiro seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 2964562Sgshapiro if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 3090792Sgshapiro warn "Setting entropy source to blocking mode." 3164562Sgshapiro echo "====================================================" 32 echo "Type a full screenful of random junk to unblock" 33 echo "it and remember to finish with <enter>. This will" 34 echo "timeout in ${timeout} seconds, but waiting for" 35 echo "the timeout without typing junk may make the" 36 echo "entropy source deliver predictable output." 37 echo "" 38 echo "Just hit <enter> for fast+insecure startup." 39 echo "====================================================" 40 sysctl kern.random.sys.seeded=0 2>/dev/null 41 read -t ${timeout} junk 42 echo "${junk}" `sysctl -a` `date` > /dev/random 43 fi 44 ) 45} 46 47sshd_keygen() 48{ 49 ( 50 umask 022 51 52 # Can't do anything if ssh is not installed 53 [ -x /usr/bin/ssh-keygen ] || { 54 warn "/usr/bin/ssh-keygen does not exist." 55 return 1 56 } 57 58 if [ -f /etc/ssh/ssh_host_key ]; then 59 echo "You already have an RSA host key" \ 60 "in /etc/ssh/ssh_host_key" 61 echo "Skipping protocol version 1 RSA Key Generation" 62 else 63 /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 64 -f /etc/ssh/ssh_host_key -N '' 65 fi 66 67 if [ -f /etc/ssh/ssh_host_dsa_key ]; then 68 echo "You already have a DSA host key" \ 69 "in /etc/ssh/ssh_host_dsa_key" 70 echo "Skipping protocol version 2 DSA Key Generation" 71 else 72 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 73 fi 74 75 if [ -f /etc/ssh/ssh_host_rsa_key ]; then 76 echo "You already have an RSA host key" \ 77 "in /etc/ssh/ssh_host_rsa_key" 78 echo "Skipping protocol version 2 RSA Key Generation" 79 else 80 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 81 fi 82 83 if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 84 echo "You already have an ECDSA host key" \ 85 "in /etc/ssh/ssh_host_ecdsa_key" 86 echo "Skipping protocol version 2 ECDSA Key Generation" 87 else 88 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 89 fi 90 ) 91} 92 93sshd_configtest() 94{ 95 echo "Performing sanity check on ${name} configuration." 96 eval ${command} ${sshd_flags} -t 97} 98 99sshd_precmd() 100{ 101 if [ ! -f /etc/ssh/ssh_host_key -o \ 102 ! -f /etc/ssh/ssh_host_dsa_key -o \ 103 ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 104 ! -f /etc/ssh/ssh_host_rsa_key ]; then 105 user_reseed 106 run_rc_command keygen 107 fi 108 sshd_configtest 109} 110 111load_rc_config $name 112run_rc_command "$1" 113