sshd revision 249555 
164562Sgshapiro#!/bin/sh
264562Sgshapiro#
364562Sgshapiro# $FreeBSD: head/etc/rc.d/sshd 249555 2013-04-16 17:30:13Z bdrewery $
464562Sgshapiro#
564562Sgshapiro
6261363Sgshapiro# PROVIDE: sshd
764562Sgshapiro# REQUIRE: LOGIN FILESYSTEMS
864562Sgshapiro# KEYWORD: shutdown
964562Sgshapiro
1064562Sgshapiro. /etc/rc.subr
1164562Sgshapiro
1264562Sgshapironame="sshd"
1364562Sgshapirorcvar="sshd_enable"
1464562Sgshapirocommand="/usr/sbin/${name}"
1564562Sgshapirokeygen_cmd="sshd_keygen"
1664562Sgshapirostart_precmd="sshd_precmd"
1764562Sgshapiroreload_precmd="sshd_configtest"
1864562Sgshapirorestart_precmd="sshd_configtest"
1990792Sgshapiroconfigtest_cmd="sshd_configtest"
2064562Sgshapiropidfile="/var/run/${name}.pid"
2164562Sgshapiroextra_commands="configtest keygen reload"
2264562Sgshapiro
2364562Sgshapirotimeout=300
2464562Sgshapiro
2564562Sgshapirouser_reseed()
2664562Sgshapiro{
27266692Sgshapiro	(
2864562Sgshapiro	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
2964562Sgshapiro	if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
3090792Sgshapiro		warn "Setting entropy source to blocking mode."
3164562Sgshapiro		echo "===================================================="
32		echo "Type a full screenful of random junk to unblock"
33		echo "it and remember to finish with <enter>. This will"
34		echo "timeout in ${timeout} seconds, but waiting for"
35		echo "the timeout without typing junk may make the"
36		echo "entropy source deliver predictable output."
37		echo ""
38		echo "Just hit <enter> for fast+insecure startup."
39		echo "===================================================="
40		sysctl kern.random.sys.seeded=0 2>/dev/null
41		read -t ${timeout} junk
42		echo "${junk}" `sysctl -a` `date` > /dev/random
43	fi
44	)
45}
46
47sshd_keygen()
48{
49	(
50	umask 022
51
52	# Can't do anything if ssh is not installed
53	[ -x /usr/bin/ssh-keygen ] || {
54		warn "/usr/bin/ssh-keygen does not exist."
55		return 1
56	}
57
58	if [ -f /etc/ssh/ssh_host_key ]; then
59		echo "You already have an RSA host key" \
60		    "in /etc/ssh/ssh_host_key"
61		echo "Skipping protocol version 1 RSA Key Generation"
62	else
63		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
64		    -f /etc/ssh/ssh_host_key -N ''
65	fi
66
67	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
68		echo "You already have a DSA host key" \
69		    "in /etc/ssh/ssh_host_dsa_key"
70		echo "Skipping protocol version 2 DSA Key Generation"
71	else
72		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
73	fi
74
75	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
76		echo "You already have an RSA host key" \
77		    "in /etc/ssh/ssh_host_rsa_key"
78		echo "Skipping protocol version 2 RSA Key Generation"
79	else
80		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
81	fi
82
83	if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
84		echo "You already have an ECDSA host key" \
85		    "in /etc/ssh/ssh_host_ecdsa_key"
86		echo "Skipping protocol version 2 ECDSA Key Generation"
87	else
88		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
89	fi
90	)
91}
92
93sshd_configtest()
94{
95	echo "Performing sanity check on ${name} configuration."
96	eval ${command} ${sshd_flags} -t
97}
98
99sshd_precmd()
100{
101	if [ ! -f /etc/ssh/ssh_host_key -o \
102	    ! -f /etc/ssh/ssh_host_dsa_key -o \
103	    ! -f /etc/ssh/ssh_host_ecdsa_key -o \
104	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
105		user_reseed
106		run_rc_command keygen
107	fi
108	sshd_configtest
109}
110
111load_rc_config $name
112run_rc_command "$1"
113