sshd revision 231653 
178344Sobrien#!/bin/sh
278344Sobrien#
398184Sgordon# $FreeBSD: stable/9/etc/rc.d/sshd 231653 2012-02-14 10:16:56Z dougb $
478344Sobrien#
578344Sobrien
678344Sobrien# PROVIDE: sshd
7140339Sobrien# REQUIRE: LOGIN cleanvar
8180564Sdougb# KEYWORD: shutdown
978344Sobrien
1078344Sobrien. /etc/rc.subr
1178344Sobrien
1278344Sobrienname="sshd"
13231653Sdougbrcvar="sshd_enable"
14151586Syarcommand="/usr/sbin/${name}"
1598184Sgordonkeygen_cmd="sshd_keygen"
1698184Sgordonstart_precmd="sshd_precmd"
1778344Sobrienpidfile="/var/run/${name}.pid"
1878344Sobrienextra_commands="keygen reload"
1978344Sobrien
20133110Smarkmtimeout=300
21133110Smarkm
22133110Smarkmuser_reseed()
23133110Smarkm{
24133110Smarkm	(
25133110Smarkm	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
26157655Sflz	if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
27133110Smarkm		warn "Setting entropy source to blocking mode."
28133110Smarkm		echo "===================================================="
29133110Smarkm		echo "Type a full screenful of random junk to unblock"
30133110Smarkm		echo "it and remember to finish with <enter>. This will"
31133110Smarkm		echo "timeout in ${timeout} seconds, but waiting for"
32133110Smarkm		echo "the timeout without typing junk may make the"
33133110Smarkm		echo "entropy source deliver predictable output."
34133110Smarkm		echo ""
35133110Smarkm		echo "Just hit <enter> for fast+insecure startup."
36133110Smarkm		echo "===================================================="
37133110Smarkm		sysctl kern.random.sys.seeded=0 2>/dev/null
38133110Smarkm		read -t ${timeout} junk
39133110Smarkm		echo "${junk}" `sysctl -a` `date` > /dev/random
40133110Smarkm	fi
41133110Smarkm	)
42133110Smarkm}
43133110Smarkm
4478344Sobriensshd_keygen()
4578344Sobrien{
4698184Sgordon	(
4798184Sgordon	umask 022
4898184Sgordon
4998184Sgordon	# Can't do anything if ssh is not installed
50161530Sflz	[ -x /usr/bin/ssh-keygen ] || {
51161530Sflz		warn "/usr/bin/ssh-keygen does not exist."
5298184Sgordon		return 1
5398184Sgordon	}
5498184Sgordon
55161530Sflz	if [ -f /etc/ssh/ssh_host_key ]; then
5698184Sgordon		echo "You already have an RSA host key" \
57161530Sflz		    "in /etc/ssh/ssh_host_key"
5898184Sgordon		echo "Skipping protocol version 1 RSA Key Generation"
5978344Sobrien	else
60161530Sflz		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
61161530Sflz		    -f /etc/ssh/ssh_host_key -N ''
6278344Sobrien	fi
6378344Sobrien
64161530Sflz	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
6598184Sgordon		echo "You already have a DSA host key" \
66161530Sflz		    "in /etc/ssh/ssh_host_dsa_key"
6798184Sgordon		echo "Skipping protocol version 2 DSA Key Generation"
6878344Sobrien	else
69161530Sflz		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
7078344Sobrien	fi
7198184Sgordon
72161530Sflz	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
73221420Sdes		echo "You already have an RSA host key" \
74161530Sflz		    "in /etc/ssh/ssh_host_rsa_key"
7598184Sgordon		echo "Skipping protocol version 2 RSA Key Generation"
7698184Sgordon	else
77161530Sflz		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
7898184Sgordon	fi
79221420Sdes
80221420Sdes	if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
81221420Sdes		echo "You already have an ECDSA host key" \
82221420Sdes		    "in /etc/ssh/ssh_host_ecdsa_key"
83221420Sdes		echo "Skipping protocol version 2 ECDSA Key Generation"
84221420Sdes	else
85221420Sdes		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
86221420Sdes	fi
8798184Sgordon	)
8878344Sobrien}
8978344Sobrien
9078344Sobriensshd_precmd()
9178344Sobrien{
92161530Sflz	if [ ! -f /etc/ssh/ssh_host_key -o \
93161530Sflz	    ! -f /etc/ssh/ssh_host_dsa_key -o \
94221420Sdes	    ! -f /etc/ssh/ssh_host_ecdsa_key -o \
95161530Sflz	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
96133110Smarkm		user_reseed
9798184Sgordon		run_rc_command keygen
9878344Sobrien	fi
9978344Sobrien}
10078344Sobrien
101161530Sflzload_rc_config $name
10278344Sobrienrun_rc_command "$1"
103