etc/rc.d/sshd

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: sshd
   7 # REQUIRE: LOGIN FILESYSTEMS
   8 # KEYWORD: shutdown
   9
  10 . /etc/rc.subr
  11
  12 name="sshd"
  13 rcvar="sshd_enable"
  14 command="/usr/sbin/${name}"
  15 keygen_cmd="sshd_keygen"
  16 start_precmd="sshd_precmd"
  17 configtest_cmd="sshd_configtest"
  18 pidfile="/var/run/${name}.pid"
  19 extra_commands="configtest keygen reload"
  20
  21 timeout=300
  22
  23 user_reseed()
  24 {
  25         (
  26         seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
  27         if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
  28                 warn "Setting entropy source to blocking mode."
  29                 echo "===================================================="
  30                 echo "Type a full screenful of random junk to unblock"
  31                 echo "it and remember to finish with <enter>. This will"
  32                 echo "timeout in ${timeout} seconds, but waiting for"
  33                 echo "the timeout without typing junk may make the"
  34                 echo "entropy source deliver predictable output."
  35                 echo ""
  36                 echo "Just hit <enter> for fast+insecure startup."
  37                 echo "===================================================="
  38                 sysctl kern.random.sys.seeded=0 2>/dev/null
  39                 read -t ${timeout} junk
  40                 echo "${junk}" `sysctl -a` `date` > /dev/random
  41         fi
  42         )
  43 }
  44
  45 sshd_keygen()
  46 {
  47         (
  48         umask 022
  49
  50         # Can't do anything if ssh is not installed
  51         [ -x /usr/bin/ssh-keygen ] || {
  52                 warn "/usr/bin/ssh-keygen does not exist."
  53                 return 1
  54         }
  55
  56         if [ -f /etc/ssh/ssh_host_key ]; then
  57                 echo "You already have an RSA host key" \
  58                     "in /etc/ssh/ssh_host_key"
  59                 echo "Skipping protocol version 1 RSA Key Generation"
  60         else
  61                 /usr/bin/ssh-keygen -t rsa1 -b 1024 \
  62                     -f /etc/ssh/ssh_host_key -N ''
  63         fi
  64
  65         if [ -f /etc/ssh/ssh_host_dsa_key ]; then
  66                 echo "You already have a DSA host key" \
  67                     "in /etc/ssh/ssh_host_dsa_key"
  68                 echo "Skipping protocol version 2 DSA Key Generation"
  69         else
  70                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
  71         fi
  72
  73         if [ -f /etc/ssh/ssh_host_rsa_key ]; then
  74                 echo "You already have an RSA host key" \
  75                     "in /etc/ssh/ssh_host_rsa_key"
  76                 echo "Skipping protocol version 2 RSA Key Generation"
  77         else
  78                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
  79         fi
  80
  81         if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
  82                 echo "You already have an ECDSA host key" \
  83                     "in /etc/ssh/ssh_host_ecdsa_key"
  84                 echo "Skipping protocol version 2 ECDSA Key Generation"
  85         else
  86                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
  87         fi
  88         )
  89 }
  90
  91 sshd_configtest()
  92 {
  93         echo "Performing sanity check on ${name} configuration."
  94         eval ${command} ${sshd_flags} -t
  95 }
  96
  97 sshd_precmd()
  98 {
  99         if [ ! -f /etc/ssh/ssh_host_key -o \
 100             ! -f /etc/ssh/ssh_host_dsa_key -o \
 101             ! -f /etc/ssh/ssh_host_ecdsa_key -o \
 102             ! -f /etc/ssh/ssh_host_rsa_key ]; then
 103                 user_reseed
 104                 run_rc_command keygen
 105         fi
 106         sshd_configtest
 107 }
 108
 109 load_rc_config $name
 110 run_rc_command "$1"