- Copy stable/10 (r259064) to releng/10.0 as part of the

[FreeBSD/releng/10.0.git] / etc / rc.d / sshd

#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: sshd
# REQUIRE: LOGIN FILESYSTEMS
# KEYWORD: shutdown

. /etc/rc.subr

name="sshd"
rcvar="sshd_enable"
command="/usr/sbin/${name}"
keygen_cmd="sshd_keygen"
start_precmd="sshd_precmd"
reload_precmd="sshd_configtest"
restart_precmd="sshd_configtest"
configtest_cmd="sshd_configtest"
pidfile="/var/run/${name}.pid"
extra_commands="configtest keygen reload"

: ${sshd_rsa1_enable:="yes"}
: ${sshd_rsa_enable:="yes"}
: ${sshd_dsa_enable:="yes"}
: ${sshd_ecdsa_enable:="yes"}

sshd_keygen_alg()
{
        local alg=$1
        local ALG="$(echo $alg | tr a-z A-Z)"
        local keyfile

        if ! checkyesno "sshd_${alg}_enable" ; then
                return 0
        fi

        case $alg in
        rsa1)
                keyfile="/etc/ssh/ssh_host_key"
                ;;
        rsa|dsa|ecdsa)
                keyfile="/etc/ssh/ssh_host_${alg}_key"
                ;;
        *)
                return 1
                ;;
        esac

        if [ ! -x /usr/bin/ssh-keygen ] ; then
                warn "/usr/bin/ssh-keygen does not exist."
                return 1
        fi

        if [ -f "${keyfile}" ] ; then
                info "$ALG host key exists."
        else
                echo "Generating $ALG host key."
                /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
                /usr/bin/ssh-keygen -l -f "$keyfile.pub"
        fi
}

sshd_keygen()
{
        sshd_keygen_alg rsa1
        sshd_keygen_alg rsa
        sshd_keygen_alg dsa
        sshd_keygen_alg ecdsa
}

sshd_configtest()
{
        echo "Performing sanity check on ${name} configuration."
        eval ${command} ${sshd_flags} -t
}

sshd_precmd()
{
        run_rc_command keygen
        run_rc_command configtest
}

load_rc_config $name
run_rc_command "$1"