180e996dfc
/etc/defaults/rc.conf will provide foo_program, too. By specifying "command" we explicitly say that we're going to rely on rc.subr(8) default methods, and rc.subr(8) will take advantage of this soon. The majority of our rc.d scripts already set "command" if appropriate, so fix just the non-compliant handful.
94 lines
2.2 KiB
Bash
Executable File
94 lines
2.2 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: sshd
|
|
# REQUIRE: LOGIN cleanvar
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="sshd"
|
|
rcvar=`set_rcvar`
|
|
command="/usr/sbin/${name}"
|
|
keygen_cmd="sshd_keygen"
|
|
start_precmd="sshd_precmd"
|
|
pidfile="/var/run/${name}.pid"
|
|
extra_commands="keygen reload"
|
|
|
|
timeout=300
|
|
|
|
user_reseed()
|
|
{
|
|
(
|
|
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
|
|
if [ "${seeded}" != "" ] ; then
|
|
warn "Setting entropy source to blocking mode."
|
|
echo "===================================================="
|
|
echo "Type a full screenful of random junk to unblock"
|
|
echo "it and remember to finish with <enter>. This will"
|
|
echo "timeout in ${timeout} seconds, but waiting for"
|
|
echo "the timeout without typing junk may make the"
|
|
echo "entropy source deliver predictable output."
|
|
echo ""
|
|
echo "Just hit <enter> for fast+insecure startup."
|
|
echo "===================================================="
|
|
sysctl kern.random.sys.seeded=0 2>/dev/null
|
|
read -t ${timeout} junk
|
|
echo "${junk}" `sysctl -a` `date` > /dev/random
|
|
fi
|
|
)
|
|
}
|
|
|
|
sshd_keygen()
|
|
{
|
|
(
|
|
umask 022
|
|
|
|
# Can't do anything if ssh is not installed
|
|
[ -x /usr/bin/ssh-keygen ] || {
|
|
warn "/usr/bin/ssh-keygen does not exist."
|
|
return 1
|
|
}
|
|
|
|
if [ -f /etc/ssh/ssh_host_key ]; then
|
|
echo "You already have an RSA host key" \
|
|
"in /etc/ssh/ssh_host_key"
|
|
echo "Skipping protocol version 1 RSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
|
|
-f /etc/ssh/ssh_host_key -N ''
|
|
fi
|
|
|
|
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
|
|
echo "You already have a DSA host key" \
|
|
"in /etc/ssh/ssh_host_dsa_key"
|
|
echo "Skipping protocol version 2 DSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
|
|
fi
|
|
|
|
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
|
|
echo "You already have a RSA host key" \
|
|
"in /etc/ssh/ssh_host_rsa_key"
|
|
echo "Skipping protocol version 2 RSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
|
|
fi
|
|
)
|
|
}
|
|
|
|
sshd_precmd()
|
|
{
|
|
if [ ! -f /etc/ssh/ssh_host_key -o \
|
|
! -f /etc/ssh/ssh_host_dsa_key -o \
|
|
! -f /etc/ssh/ssh_host_rsa_key ]; then
|
|
user_reseed
|
|
run_rc_command keygen
|
|
fi
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|