sshd revision 157655
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $ 498184Sgordon# $FreeBSD: head/etc/rc.d/sshd 157655 2006-04-11 09:08:15Z flz $ 578344Sobrien# 678344Sobrien 778344Sobrien# PROVIDE: sshd 8140339Sobrien# REQUIRE: LOGIN cleanvar 978344Sobrien 1078344Sobrien. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="sshd" 1398184Sgordonrcvar=`set_rcvar` 14151586Syarcommand="/usr/sbin/${name}" 1598184Sgordonkeygen_cmd="sshd_keygen" 1698184Sgordonstart_precmd="sshd_precmd" 1778344Sobrienpidfile="/var/run/${name}.pid" 1878344Sobrienextra_commands="keygen reload" 1978344Sobrien 20133110Smarkmtimeout=300 21133110Smarkm 22157653Sflzload_rc_config $name 23157653Sflz 24133110Smarkmuser_reseed() 25133110Smarkm{ 26133110Smarkm ( 27133110Smarkm seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 28157655Sflz if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 29133110Smarkm warn "Setting entropy source to blocking mode." 30133110Smarkm echo "====================================================" 31133110Smarkm echo "Type a full screenful of random junk to unblock" 32133110Smarkm echo "it and remember to finish with <enter>. This will" 33133110Smarkm echo "timeout in ${timeout} seconds, but waiting for" 34133110Smarkm echo "the timeout without typing junk may make the" 35133110Smarkm echo "entropy source deliver predictable output." 36133110Smarkm echo "" 37133110Smarkm echo "Just hit <enter> for fast+insecure startup." 38133110Smarkm echo "====================================================" 39133110Smarkm sysctl kern.random.sys.seeded=0 2>/dev/null 40133110Smarkm read -t ${timeout} junk 41133110Smarkm echo "${junk}" `sysctl -a` `date` > /dev/random 42133110Smarkm fi 43133110Smarkm ) 44133110Smarkm} 45133110Smarkm 4678344Sobriensshd_keygen() 4778344Sobrien{ 4898184Sgordon ( 4998184Sgordon umask 022 5098184Sgordon 5198184Sgordon # Can't do anything if ssh is not installed 52157653Sflz [ -x ${prefix}/bin/ssh-keygen ] || { 53157653Sflz warn "${prefix}/bin/ssh-keygen does not exist." 5498184Sgordon return 1 5598184Sgordon } 5698184Sgordon 57157653Sflz if [ -f ${etcdir}/ssh/ssh_host_key ]; then 5898184Sgordon echo "You already have an RSA host key" \ 59157653Sflz "in ${etcdir}/ssh/ssh_host_key" 6098184Sgordon echo "Skipping protocol version 1 RSA Key Generation" 6178344Sobrien else 62157653Sflz ${prefix}/bin/ssh-keygen -t rsa1 -b 1024 \ 63157653Sflz -f ${etcdir}/ssh/ssh_host_key -N '' 6478344Sobrien fi 6578344Sobrien 66157653Sflz if [ -f ${etcdir}/ssh/ssh_host_dsa_key ]; then 6798184Sgordon echo "You already have a DSA host key" \ 68157653Sflz "in ${etcdir}/ssh/ssh_host_dsa_key" 6998184Sgordon echo "Skipping protocol version 2 DSA Key Generation" 7078344Sobrien else 71157653Sflz ${prefix}/bin/ssh-keygen -t dsa -f ${etcdir}/ssh/ssh_host_dsa_key -N '' 7278344Sobrien fi 7398184Sgordon 74157653Sflz if [ -f ${etcdir}/ssh/ssh_host_rsa_key ]; then 7598184Sgordon echo "You already have a RSA host key" \ 76157653Sflz "in ${etcdir}/ssh/ssh_host_rsa_key" 7798184Sgordon echo "Skipping protocol version 2 RSA Key Generation" 7898184Sgordon else 79157653Sflz ${prefix}/bin/ssh-keygen -t rsa -f ${etcdir}/ssh/ssh_host_rsa_key -N '' 8098184Sgordon fi 8198184Sgordon ) 8278344Sobrien} 8378344Sobrien 8478344Sobriensshd_precmd() 8578344Sobrien{ 86157653Sflz if [ ! -f ${etcdir}/ssh/ssh_host_key -o \ 87157653Sflz ! -f ${etcdir}/ssh/ssh_host_dsa_key -o \ 88157653Sflz ! -f ${etcdir}/ssh/ssh_host_rsa_key ]; then 89133110Smarkm user_reseed 9098184Sgordon run_rc_command keygen 9178344Sobrien fi 9278344Sobrien} 9378344Sobrien 9478344Sobrienrun_rc_command "$1" 95