7 # REQUIRE: LOGIN FILESYSTEMS
14 command="/usr/sbin/${name}"
15 keygen_cmd="sshd_keygen"
16 start_precmd="sshd_precmd"
17 reload_precmd="sshd_precmd"
18 restart_precmd="sshd_precmd"
19 configtest_cmd="sshd_configtest"
20 pidfile="/var/run/${name}.pid"
21 extra_commands="configtest keygen reload"
28 seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
29 if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
30 warn "Setting entropy source to blocking mode."
31 echo "===================================================="
32 echo "Type a full screenful of random junk to unblock"
33 echo "it and remember to finish with <enter>. This will"
34 echo "timeout in ${timeout} seconds, but waiting for"
35 echo "the timeout without typing junk may make the"
36 echo "entropy source deliver predictable output."
38 echo "Just hit <enter> for fast+insecure startup."
39 echo "===================================================="
40 sysctl kern.random.sys.seeded=0 2>/dev/null
41 read -t ${timeout} junk
42 echo "${junk}" `sysctl -a` `date` > /dev/random
52 # Can't do anything if ssh is not installed
53 [ -x /usr/bin/ssh-keygen ] || {
54 warn "/usr/bin/ssh-keygen does not exist."
58 if [ -f /etc/ssh/ssh_host_key ]; then
59 echo "You already have an RSA host key" \
60 "in /etc/ssh/ssh_host_key"
61 echo "Skipping protocol version 1 RSA Key Generation"
63 /usr/bin/ssh-keygen -t rsa1 -b 1024 \
64 -f /etc/ssh/ssh_host_key -N ''
67 if [ -f /etc/ssh/ssh_host_dsa_key ]; then
68 echo "You already have a DSA host key" \
69 "in /etc/ssh/ssh_host_dsa_key"
70 echo "Skipping protocol version 2 DSA Key Generation"
72 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
75 if [ -f /etc/ssh/ssh_host_rsa_key ]; then
76 echo "You already have an RSA host key" \
77 "in /etc/ssh/ssh_host_rsa_key"
78 echo "Skipping protocol version 2 RSA Key Generation"
80 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
83 if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
84 echo "You already have an ECDSA host key" \
85 "in /etc/ssh/ssh_host_ecdsa_key"
86 echo "Skipping protocol version 2 ECDSA Key Generation"
88 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
95 echo "Performing sanity check on ${name} configuration."
96 eval ${command} ${sshd_flags} -t
101 if [ ! -f /etc/ssh/ssh_host_key -o \
102 ! -f /etc/ssh/ssh_host_dsa_key -o \
103 ! -f /etc/ssh/ssh_host_ecdsa_key -o \
104 ! -f /etc/ssh/ssh_host_rsa_key ]; then
106 run_rc_command keygen