freebsd-skq/etc/rc.d/sshd
dougb 127c69bf43 Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
2007-12-08 07:20:23 +00:00

93 lines
2.2 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: sshd
# REQUIRE: LOGIN cleanvar
. /etc/rc.subr
name="sshd"
rcvar=`set_rcvar`
command="/usr/sbin/${name}"
keygen_cmd="sshd_keygen"
start_precmd="sshd_precmd"
pidfile="/var/run/${name}.pid"
extra_commands="keygen reload"
timeout=300
user_reseed()
{
(
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
warn "Setting entropy source to blocking mode."
echo "===================================================="
echo "Type a full screenful of random junk to unblock"
echo "it and remember to finish with <enter>. This will"
echo "timeout in ${timeout} seconds, but waiting for"
echo "the timeout without typing junk may make the"
echo "entropy source deliver predictable output."
echo ""
echo "Just hit <enter> for fast+insecure startup."
echo "===================================================="
sysctl kern.random.sys.seeded=0 2>/dev/null
read -t ${timeout} junk
echo "${junk}" `sysctl -a` `date` > /dev/random
fi
)
}
sshd_keygen()
{
(
umask 022
# Can't do anything if ssh is not installed
[ -x /usr/bin/ssh-keygen ] || {
warn "/usr/bin/ssh-keygen does not exist."
return 1
}
if [ -f /etc/ssh/ssh_host_key ]; then
echo "You already have an RSA host key" \
"in /etc/ssh/ssh_host_key"
echo "Skipping protocol version 1 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
-f /etc/ssh/ssh_host_key -N ''
fi
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in /etc/ssh/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
else
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in /etc/ssh/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
)
}
sshd_precmd()
{
if [ ! -f /etc/ssh/ssh_host_key -o \
! -f /etc/ssh/ssh_host_dsa_key -o \
! -f /etc/ssh/ssh_host_rsa_key ]; then
user_reseed
run_rc_command keygen
fi
}
load_rc_config $name
run_rc_command "$1"