178344Sobrien#!/bin/sh
278344Sobrien#
398184Sgordon# $FreeBSD$
478344Sobrien#
578344Sobrien
678344Sobrien# PROVIDE: sshd
7242153Sobrien# REQUIRE: LOGIN FILESYSTEMS
8180564Sdougb# KEYWORD: shutdown
978344Sobrien
1078344Sobrien. /etc/rc.subr
1178344Sobrien
1278344Sobrienname="sshd"
13231653Sdougbrcvar="sshd_enable"
14151586Syarcommand="/usr/sbin/${name}"
1598184Sgordonkeygen_cmd="sshd_keygen"
1698184Sgordonstart_precmd="sshd_precmd"
17263970Sdesreload_precmd="sshd_configtest"
18263970Sdesrestart_precmd="sshd_configtest"
19247461Sdesconfigtest_cmd="sshd_configtest"
2078344Sobrienpidfile="/var/run/${name}.pid"
21247461Sdesextra_commands="configtest keygen reload"
2278344Sobrien
23263970Sdes: ${sshd_rsa1_enable:="yes"}
24263970Sdes: ${sshd_rsa_enable:="yes"}
25263970Sdes: ${sshd_dsa_enable:="yes"}
26263970Sdes: ${sshd_ecdsa_enable:="yes"}
27263970Sdes: ${sshd_ed25519_enable:="yes"}
28133110Smarkm
29263970Sdessshd_keygen_alg()
30133110Smarkm{
31263970Sdes	local alg=$1
32263970Sdes	local ALG="$(echo $alg | tr a-z A-Z)"
33263970Sdes	local keyfile
34263970Sdes
35263970Sdes	if ! checkyesno "sshd_${alg}_enable" ; then
36263970Sdes		return 0
37133110Smarkm	fi
38133110Smarkm
39263970Sdes	case $alg in
40263970Sdes	rsa1)
41263970Sdes		keyfile="/etc/ssh/ssh_host_key"
42263970Sdes		;;
43263970Sdes	rsa|dsa|ecdsa|ed25519)
44263970Sdes		keyfile="/etc/ssh/ssh_host_${alg}_key"
45263970Sdes		;;
46263970Sdes	*)
47263970Sdes		return 1
48263970Sdes		;;
49263970Sdes	esac
5098184Sgordon
51263970Sdes	if [ ! -x /usr/bin/ssh-keygen ] ; then
52161530Sflz		warn "/usr/bin/ssh-keygen does not exist."
5398184Sgordon		return 1
5478344Sobrien	fi
5578344Sobrien
56263970Sdes	if [ -f "${keyfile}" ] ; then
57263970Sdes		info "$ALG host key exists."
5878344Sobrien	else
59263970Sdes		echo "Generating $ALG host key."
60263970Sdes		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
61263970Sdes		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
6278344Sobrien	fi
63263970Sdes}
6498184Sgordon
65263970Sdessshd_keygen()
66263970Sdes{
67263970Sdes	sshd_keygen_alg rsa1
68263970Sdes	sshd_keygen_alg rsa
69263970Sdes	sshd_keygen_alg dsa
70263970Sdes	sshd_keygen_alg ecdsa
71263970Sdes	sshd_keygen_alg ed25519
7278344Sobrien}
7378344Sobrien
74247461Sdessshd_configtest()
75247461Sdes{
76247461Sdes	echo "Performing sanity check on ${name} configuration."
77247461Sdes	eval ${command} ${sshd_flags} -t
78247461Sdes}
79247461Sdes
8078344Sobriensshd_precmd()
8178344Sobrien{
82263970Sdes	run_rc_command keygen
83263970Sdes	run_rc_command configtest
8478344Sobrien}
8578344Sobrien
86161530Sflzload_rc_config $name
8778344Sobrienrun_rc_command "$1"
88