2001-06-16 07:16:14 +00:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
2002-06-13 22:14:37 +00:00
|
|
|
# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $
|
|
|
|
# $FreeBSD$
|
2001-06-16 07:16:14 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
# PROVIDE: sshd
|
|
|
|
# REQUIRE: LOGIN
|
|
|
|
|
|
|
|
. /etc/rc.subr
|
|
|
|
|
|
|
|
name="sshd"
|
2002-06-13 22:14:37 +00:00
|
|
|
rcvar=`set_rcvar`
|
|
|
|
keygen_cmd="sshd_keygen"
|
|
|
|
start_precmd="sshd_precmd"
|
2001-06-16 07:16:14 +00:00
|
|
|
pidfile="/var/run/${name}.pid"
|
|
|
|
extra_commands="keygen reload"
|
|
|
|
|
2004-08-04 08:10:37 +00:00
|
|
|
timeout=300
|
|
|
|
|
|
|
|
user_reseed()
|
|
|
|
{
|
|
|
|
(
|
|
|
|
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
|
|
|
|
if [ "${seeded}" != "" ] ; then
|
|
|
|
warn "Setting entropy source to blocking mode."
|
|
|
|
echo "===================================================="
|
|
|
|
echo "Type a full screenful of random junk to unblock"
|
|
|
|
echo "it and remember to finish with <enter>. This will"
|
|
|
|
echo "timeout in ${timeout} seconds, but waiting for"
|
|
|
|
echo "the timeout without typing junk may make the"
|
|
|
|
echo "entropy source deliver predictable output."
|
|
|
|
echo ""
|
|
|
|
echo "Just hit <enter> for fast+insecure startup."
|
|
|
|
echo "===================================================="
|
|
|
|
sysctl kern.random.sys.seeded=0 2>/dev/null
|
|
|
|
read -t ${timeout} junk
|
|
|
|
echo "${junk}" `sysctl -a` `date` > /dev/random
|
|
|
|
fi
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2001-06-16 07:16:14 +00:00
|
|
|
sshd_keygen()
|
|
|
|
{
|
2002-06-13 22:14:37 +00:00
|
|
|
(
|
|
|
|
umask 022
|
|
|
|
|
|
|
|
# Can't do anything if ssh is not installed
|
|
|
|
[ -x /usr/bin/ssh-keygen ] || {
|
|
|
|
warn "/usr/bin/ssh-keygen does not exist."
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
if [ -f /etc/ssh/ssh_host_key ]; then
|
|
|
|
echo "You already have an RSA host key" \
|
|
|
|
"in /etc/ssh/ssh_host_key"
|
|
|
|
echo "Skipping protocol version 1 RSA Key Generation"
|
|
|
|
else
|
|
|
|
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
|
|
|
|
-f /etc/ssh/ssh_host_key -N ''
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
|
|
|
|
echo "You already have a DSA host key" \
|
|
|
|
"in /etc/ssh/ssh_host_dsa_key"
|
|
|
|
echo "Skipping protocol version 2 DSA Key Generation"
|
2001-06-16 07:16:14 +00:00
|
|
|
else
|
2002-06-13 22:14:37 +00:00
|
|
|
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
|
2001-06-16 07:16:14 +00:00
|
|
|
fi
|
|
|
|
|
2002-06-13 22:14:37 +00:00
|
|
|
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
|
|
|
|
echo "You already have a RSA host key" \
|
|
|
|
"in /etc/ssh/ssh_host_rsa_key"
|
|
|
|
echo "Skipping protocol version 2 RSA Key Generation"
|
2001-06-16 07:16:14 +00:00
|
|
|
else
|
2002-06-13 22:14:37 +00:00
|
|
|
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
|
2001-06-16 07:16:14 +00:00
|
|
|
fi
|
2002-06-13 22:14:37 +00:00
|
|
|
)
|
2001-06-16 07:16:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sshd_precmd()
|
|
|
|
{
|
2002-06-13 22:14:37 +00:00
|
|
|
if [ ! -f /etc/ssh/ssh_host_key -o \
|
|
|
|
! -f /etc/ssh/ssh_host_dsa_key -o \
|
|
|
|
! -f /etc/ssh/ssh_host_rsa_key ]; then
|
2004-08-04 08:10:37 +00:00
|
|
|
user_reseed
|
2002-06-13 22:14:37 +00:00
|
|
|
run_rc_command keygen
|
2001-06-16 07:16:14 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
load_rc_config $name
|
|
|
|
run_rc_command "$1"
|