sshd revision 231653
1254721Semaste#!/bin/sh 2254721Semaste# 3254721Semaste# $FreeBSD: stable/9/etc/rc.d/sshd 231653 2012-02-14 10:16:56Z dougb $ 4254721Semaste# 5254721Semaste 6254721Semaste# PROVIDE: sshd 7254721Semaste# REQUIRE: LOGIN cleanvar 8254721Semaste# KEYWORD: shutdown 9254721Semaste 10254721Semaste. /etc/rc.subr 11254721Semaste 12254721Semastename="sshd" 13254721Semastercvar="sshd_enable" 14254721Semastecommand="/usr/sbin/${name}" 15254721Semastekeygen_cmd="sshd_keygen" 16254721Semastestart_precmd="sshd_precmd" 17254721Semastepidfile="/var/run/${name}.pid" 18254721Semasteextra_commands="keygen reload" 19254721Semaste 20254721Semastetimeout=300 21254721Semaste 22254721Semasteuser_reseed() 23254721Semaste{ 24254721Semaste ( 25254721Semaste seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` 26254721Semaste if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then 27254721Semaste warn "Setting entropy source to blocking mode." 28254721Semaste echo "====================================================" 29254721Semaste echo "Type a full screenful of random junk to unblock" 30254721Semaste echo "it and remember to finish with <enter>. This will" 31254721Semaste echo "timeout in ${timeout} seconds, but waiting for" 32254721Semaste echo "the timeout without typing junk may make the" 33254721Semaste echo "entropy source deliver predictable output." 34254721Semaste echo "" 35254721Semaste echo "Just hit <enter> for fast+insecure startup." 36254721Semaste echo "====================================================" 37254721Semaste sysctl kern.random.sys.seeded=0 2>/dev/null 38254721Semaste read -t ${timeout} junk 39254721Semaste echo "${junk}" `sysctl -a` `date` > /dev/random 40254721Semaste fi 41254721Semaste ) 42254721Semaste} 43254721Semaste 44254721Semastesshd_keygen() 45254721Semaste{ 46254721Semaste ( 47254721Semaste umask 022 48254721Semaste 49254721Semaste # Can't do anything if ssh is not installed 50254721Semaste [ -x /usr/bin/ssh-keygen ] || { 51254721Semaste warn "/usr/bin/ssh-keygen does not exist." 52254721Semaste return 1 53254721Semaste } 54254721Semaste 55254721Semaste if [ -f /etc/ssh/ssh_host_key ]; then 56254721Semaste echo "You already have an RSA host key" \ 57254721Semaste "in /etc/ssh/ssh_host_key" 58254721Semaste echo "Skipping protocol version 1 RSA Key Generation" 59254721Semaste else 60254721Semaste /usr/bin/ssh-keygen -t rsa1 -b 1024 \ 61254721Semaste -f /etc/ssh/ssh_host_key -N '' 62254721Semaste fi 63254721Semaste 64254721Semaste if [ -f /etc/ssh/ssh_host_dsa_key ]; then 65254721Semaste echo "You already have a DSA host key" \ 66254721Semaste "in /etc/ssh/ssh_host_dsa_key" 67254721Semaste echo "Skipping protocol version 2 DSA Key Generation" 68254721Semaste else 69254721Semaste /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 70254721Semaste fi 71254721Semaste 72254721Semaste if [ -f /etc/ssh/ssh_host_rsa_key ]; then 73254721Semaste echo "You already have an RSA host key" \ 74254721Semaste "in /etc/ssh/ssh_host_rsa_key" 75254721Semaste echo "Skipping protocol version 2 RSA Key Generation" 76254721Semaste else 77254721Semaste /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 78254721Semaste fi 79254721Semaste 80254721Semaste if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then 81254721Semaste echo "You already have an ECDSA host key" \ 82254721Semaste "in /etc/ssh/ssh_host_ecdsa_key" 83254721Semaste echo "Skipping protocol version 2 ECDSA Key Generation" 84254721Semaste else 85254721Semaste /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 86254721Semaste fi 87254721Semaste ) 88254721Semaste} 89254721Semaste 90254721Semastesshd_precmd() 91254721Semaste{ 92254721Semaste if [ ! -f /etc/ssh/ssh_host_key -o \ 93254721Semaste ! -f /etc/ssh/ssh_host_dsa_key -o \ 94254721Semaste ! -f /etc/ssh/ssh_host_ecdsa_key -o \ 95254721Semaste ! -f /etc/ssh/ssh_host_rsa_key ]; then 96254721Semaste user_reseed 97254721Semaste run_rc_command keygen 98254721Semaste fi 99254721Semaste} 100254721Semaste 101254721Semasteload_rc_config $name 102254721Semasterun_rc_command "$1" 103254721Semaste