1#!/bin/sh 2# 3# $NetBSD: sshd,v 1.37 2023/07/22 08:51:28 kim Exp $ 4# 5 6# PROVIDE: sshd 7# REQUIRE: LOGIN 8 9$_rc_subr_loaded . /etc/rc.subr 10 11name="sshd" 12rcvar=$name 13command="/usr/sbin/${name}" 14pidfile="/var/run/${name}.pid" 15required_files="/etc/ssh/sshd_config" 16extra_commands="check keygen keyregen reload" 17 18sshd_motd_unsafe_keys_warning() 19{ 20( 21 umask 022 22 T=/etc/_motd 23 sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T 24 if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then 25 cat >> $T << _EOF 26-- UNSAFE KEYS WARNING: 27 28 The ssh host keys on this machine have been generated with 29 not enough entropy configured, so they may be predictable. 30 31 To fix, follow the "Adding entropy" section in the entropy(7) 32 man page. After this machine has enough entropy, re-generate 33 the ssh host keys by running: 34 35 /etc/rc.d/sshd keyregen 36_EOF 37 fi 38 cmp -s $T /etc/motd || cp $T /etc/motd 39 rm -f $T 40) 41} 42 43sshd_keygen() 44{ 45( 46 keygen="/usr/bin/ssh-keygen" 47 umask 022 48 new_key_created=false 49 while read type bits filename; do 50 f="/etc/ssh/$filename" 51 if [ "$1" != "force" ] && [ -f "$f" ]; then 52 continue 53 fi 54 rm -f "$f" 55 case "${bits}" in 56 -1) bitarg=;; 57 0) bitarg="${ssh_keygen_flags}";; 58 *) bitarg="-b ${bits}";; 59 esac 60 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \ 61 printf "ssh-keygen: " && "${keygen}" -f "${f}" -l 62 new_key_created=true 63 done << _EOF 64ecdsa -1 ssh_host_ecdsa_key 65ed25519 -1 ssh_host_ed25519_key 66rsa 0 ssh_host_rsa_key 67_EOF 68 if "${new_key_created}"; then 69 sshd_motd_unsafe_keys_warning 70 fi 71) 72} 73 74sshd_precmd() 75{ 76 run_rc_command keygen 77} 78 79sshd_check() 80{ 81 sshd -t 82} 83 84sshd_reload_precmd() 85{ 86 run_rc_command check 87} 88 89check_cmd=sshd_check 90keygen_cmd=sshd_keygen 91keyregen_cmd="sshd_keygen force" 92reload_precmd=sshd_reload_precmd 93start_precmd=sshd_precmd 94 95load_rc_config $name 96run_rc_command "$1" 97