sshd revision 247461
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD: stable/9/etc/rc.d/sshd 247461 2013-02-28 12:03:17Z des $ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: sshd 7242153Sobrien# REQUIRE: LOGIN FILESYSTEMS 8180564Sdougb# KEYWORD: shutdown 978344Sobrien 1078344Sobrien. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="sshd" 13231653Sdougbrcvar="sshd_enable" 14151586Syarcommand="/usr/sbin/${name}" 1598184Sgordonkeygen_cmd="sshd_keygen" 1698184Sgordonstart_precmd="sshd_precmd" 17247461Sdesconfigtest_cmd="sshd_configtest" 1878344Sobrienpidfile="/var/run/${name}.pid" 19247461Sdesextra_commands="configtest keygen reload" 2078344Sobrien 21133110Smarkmtimeout=300 22133110Smarkm 23133110Smarkmuser_reseed() 24133110Smarkm{ 25133110Smarkm ( 26133110Smarkm seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 27157655Sflz if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 28133110Smarkm warn "Setting entropy source to blocking mode." 29133110Smarkm echo "====================================================" 30133110Smarkm echo "Type a full screenful of random junk to unblock" 31133110Smarkm echo "it and remember to finish with <enter>. This will" 32133110Smarkm echo "timeout in ${timeout} seconds, but waiting for" 33133110Smarkm echo "the timeout without typing junk may make the" 34133110Smarkm echo "entropy source deliver predictable output." 35133110Smarkm echo "" 36133110Smarkm echo "Just hit <enter> for fast+insecure startup." 37133110Smarkm echo "====================================================" 38133110Smarkm sysctl kern.random.sys.seeded=0 2>/dev/null 39133110Smarkm read -t ${timeout} junk 40133110Smarkm echo "${junk}" `sysctl -a` `date` > /dev/random 41133110Smarkm fi 42133110Smarkm ) 43133110Smarkm} 44133110Smarkm 4578344Sobriensshd_keygen() 4678344Sobrien{ 4798184Sgordon ( 4898184Sgordon umask 022 4998184Sgordon 5098184Sgordon # Can't do anything if ssh is not installed 51161530Sflz [ -x /usr/bin/ssh-keygen ] || { 52161530Sflz warn "/usr/bin/ssh-keygen does not exist." 5398184Sgordon return 1 5498184Sgordon } 5598184Sgordon 56161530Sflz if [ -f /etc/ssh/ssh_host_key ]; then 5798184Sgordon echo "You already have an RSA host key" \ 58161530Sflz "in /etc/ssh/ssh_host_key" 5998184Sgordon echo "Skipping protocol version 1 RSA Key Generation" 6078344Sobrien else 61161530Sflz /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 62161530Sflz -f /etc/ssh/ssh_host_key -N '' 6378344Sobrien fi 6478344Sobrien 65161530Sflz if [ -f /etc/ssh/ssh_host_dsa_key ]; then 6698184Sgordon echo "You already have a DSA host key" \ 67161530Sflz "in /etc/ssh/ssh_host_dsa_key" 6898184Sgordon echo "Skipping protocol version 2 DSA Key Generation" 6978344Sobrien else 70161530Sflz /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 7178344Sobrien fi 7298184Sgordon 73161530Sflz if [ -f /etc/ssh/ssh_host_rsa_key ]; then 74221420Sdes echo "You already have an RSA host key" \ 75161530Sflz "in /etc/ssh/ssh_host_rsa_key" 7698184Sgordon echo "Skipping protocol version 2 RSA Key Generation" 7798184Sgordon else 78161530Sflz /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 7998184Sgordon fi 80221420Sdes 81221420Sdes if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 82221420Sdes echo "You already have an ECDSA host key" \ 83221420Sdes "in /etc/ssh/ssh_host_ecdsa_key" 84221420Sdes echo "Skipping protocol version 2 ECDSA Key Generation" 85221420Sdes else 86221420Sdes /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 87221420Sdes fi 8898184Sgordon ) 8978344Sobrien} 9078344Sobrien 91247461Sdessshd_configtest() 92247461Sdes{ 93247461Sdes echo "Performing sanity check on ${name} configuration." 94247461Sdes eval ${command} ${sshd_flags} -t 95247461Sdes} 96247461Sdes 9778344Sobriensshd_precmd() 9878344Sobrien{ 99161530Sflz if [ ! -f /etc/ssh/ssh_host_key -o \ 100161530Sflz ! -f /etc/ssh/ssh_host_dsa_key -o \ 101221420Sdes ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 102161530Sflz ! -f /etc/ssh/ssh_host_rsa_key ]; then 103133110Smarkm user_reseed 10498184Sgordon run_rc_command keygen 10578344Sobrien fi 106247461Sdes sshd_configtest 10778344Sobrien} 10878344Sobrien 109161530Sflzload_rc_config $name 11078344Sobrienrun_rc_command "$1" 111