d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71cfc6780e
freebsd-dev/etc/rc.d/sshd
David E. O'Brien 8801556beb Simply things so that "#REQUIRE: FILESYSTEMS" means the file 
systems are fully "ready to go".

'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting."  However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted.  Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing.  Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.
2012-09-11 05:04:59 +00:00

111 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: sshd
# REQUIRE: LOGIN FILESYSTEMS
# KEYWORD: shutdown
. /etc/rc.subr
name="sshd"
rcvar="sshd_enable"
command="/usr/sbin/${name}"
keygen_cmd="sshd_keygen"
start_precmd="sshd_precmd"
configtest_cmd="sshd_configtest"
pidfile="/var/run/${name}.pid"
extra_commands="configtest keygen reload"
timeout=300
user_reseed()
{
(
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
warn "Setting entropy source to blocking mode."
echo "===================================================="
echo "Type a full screenful of random junk to unblock"
echo "it and remember to finish with <enter>. This will"
echo "timeout in ${timeout} seconds, but waiting for"
echo "the timeout without typing junk may make the"
echo "entropy source deliver predictable output."
echo ""
echo "Just hit <enter> for fast+insecure startup."
echo "===================================================="
sysctl kern.random.sys.seeded=0 2>/dev/null
read -t ${timeout} junk
echo "${junk}" `sysctl -a` `date` > /dev/random
fi
)
}
sshd_keygen()
{
(
umask 022
# Can't do anything if ssh is not installed
[ -x /usr/bin/ssh-keygen ] || {
warn "/usr/bin/ssh-keygen does not exist."
return 1
}
if [ -f /etc/ssh/ssh_host_key ]; then
echo "You already have an RSA host key" \
"in /etc/ssh/ssh_host_key"
echo "Skipping protocol version 1 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
-f /etc/ssh/ssh_host_key -N ''
fi
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in /etc/ssh/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
else
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
echo "You already have an RSA host key" \
"in /etc/ssh/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
echo "You already have an ECDSA host key" \
"in /etc/ssh/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 ECDSA Key Generation"
else
/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
fi
)
}
sshd_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${sshd_flags} -t
}
sshd_precmd()
{
if [ ! -f /etc/ssh/ssh_host_key -o \
! -f /etc/ssh/ssh_host_dsa_key -o \
! -f /etc/ssh/ssh_host_ecdsa_key -o \
! -f /etc/ssh/ssh_host_rsa_key ]; then
user_reseed
run_rc_command keygen
fi
sshd_configtest
}
load_rc_config $name
run_rc_command "$1"
Reference in New Issue View Git Blame Copy Permalink