sshd revision 231653
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD: stable/9/etc/rc.d/sshd 231653 2012-02-14 10:16:56Z dougb $ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: sshd 7140339Sobrien# REQUIRE: LOGIN cleanvar 8180564Sdougb# KEYWORD: shutdown 978344Sobrien 1078344Sobrien. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="sshd" 13231653Sdougbrcvar="sshd_enable" 14151586Syarcommand="/usr/sbin/${name}" 1598184Sgordonkeygen_cmd="sshd_keygen" 1698184Sgordonstart_precmd="sshd_precmd" 1778344Sobrienpidfile="/var/run/${name}.pid" 1878344Sobrienextra_commands="keygen reload" 1978344Sobrien 20133110Smarkmtimeout=300 21133110Smarkm 22133110Smarkmuser_reseed() 23133110Smarkm{ 24133110Smarkm ( 25133110Smarkm seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 26157655Sflz if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 27133110Smarkm warn "Setting entropy source to blocking mode." 28133110Smarkm echo "====================================================" 29133110Smarkm echo "Type a full screenful of random junk to unblock" 30133110Smarkm echo "it and remember to finish with <enter>. This will" 31133110Smarkm echo "timeout in ${timeout} seconds, but waiting for" 32133110Smarkm echo "the timeout without typing junk may make the" 33133110Smarkm echo "entropy source deliver predictable output." 34133110Smarkm echo "" 35133110Smarkm echo "Just hit <enter> for fast+insecure startup." 36133110Smarkm echo "====================================================" 37133110Smarkm sysctl kern.random.sys.seeded=0 2>/dev/null 38133110Smarkm read -t ${timeout} junk 39133110Smarkm echo "${junk}" `sysctl -a` `date` > /dev/random 40133110Smarkm fi 41133110Smarkm ) 42133110Smarkm} 43133110Smarkm 4478344Sobriensshd_keygen() 4578344Sobrien{ 4698184Sgordon ( 4798184Sgordon umask 022 4898184Sgordon 4998184Sgordon # Can't do anything if ssh is not installed 50161530Sflz [ -x /usr/bin/ssh-keygen ] || { 51161530Sflz warn "/usr/bin/ssh-keygen does not exist." 5298184Sgordon return 1 5398184Sgordon } 5498184Sgordon 55161530Sflz if [ -f /etc/ssh/ssh_host_key ]; then 5698184Sgordon echo "You already have an RSA host key" \ 57161530Sflz "in /etc/ssh/ssh_host_key" 5898184Sgordon echo "Skipping protocol version 1 RSA Key Generation" 5978344Sobrien else 60161530Sflz /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 61161530Sflz -f /etc/ssh/ssh_host_key -N '' 6278344Sobrien fi 6378344Sobrien 64161530Sflz if [ -f /etc/ssh/ssh_host_dsa_key ]; then 6598184Sgordon echo "You already have a DSA host key" \ 66161530Sflz "in /etc/ssh/ssh_host_dsa_key" 6798184Sgordon echo "Skipping protocol version 2 DSA Key Generation" 6878344Sobrien else 69161530Sflz /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 7078344Sobrien fi 7198184Sgordon 72161530Sflz if [ -f /etc/ssh/ssh_host_rsa_key ]; then 73221420Sdes echo "You already have an RSA host key" \ 74161530Sflz "in /etc/ssh/ssh_host_rsa_key" 7598184Sgordon echo "Skipping protocol version 2 RSA Key Generation" 7698184Sgordon else 77161530Sflz /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 7898184Sgordon fi 79221420Sdes 80221420Sdes if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 81221420Sdes echo "You already have an ECDSA host key" \ 82221420Sdes "in /etc/ssh/ssh_host_ecdsa_key" 83221420Sdes echo "Skipping protocol version 2 ECDSA Key Generation" 84221420Sdes else 85221420Sdes /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 86221420Sdes fi 8798184Sgordon ) 8878344Sobrien} 8978344Sobrien 9078344Sobriensshd_precmd() 9178344Sobrien{ 92161530Sflz if [ ! -f /etc/ssh/ssh_host_key -o \ 93161530Sflz ! -f /etc/ssh/ssh_host_dsa_key -o \ 94221420Sdes ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 95161530Sflz ! -f /etc/ssh/ssh_host_rsa_key ]; then 96133110Smarkm user_reseed 9798184Sgordon run_rc_command keygen 9878344Sobrien fi 9978344Sobrien} 10078344Sobrien 101161530Sflzload_rc_config $name 10278344Sobrienrun_rc_command "$1" 103