etc/rc.d/sshd

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: sshd
   7 # REQUIRE: LOGIN FILESYSTEMS
   8 # KEYWORD: shutdown
   9
  10 . /etc/rc.subr
  11
  12 name="sshd"
  13 rcvar="sshd_enable"
  14 command="/usr/sbin/${name}"
  15 keygen_cmd="sshd_keygen"
  16 start_precmd="sshd_precmd"
  17 reload_precmd="sshd_precmd"
  18 restart_precmd="sshd_precmd"
  19 configtest_cmd="sshd_configtest"
  20 pidfile="/var/run/${name}.pid"
  21 extra_commands="configtest keygen reload"
  22
  23 timeout=300
  24
  25 user_reseed()
  26 {
  27         (
  28         seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
  29         if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
  30                 warn "Setting entropy source to blocking mode."
  31                 echo "===================================================="
  32                 echo "Type a full screenful of random junk to unblock"
  33                 echo "it and remember to finish with <enter>. This will"
  34                 echo "timeout in ${timeout} seconds, but waiting for"
  35                 echo "the timeout without typing junk may make the"
  36                 echo "entropy source deliver predictable output."
  37                 echo ""
  38                 echo "Just hit <enter> for fast+insecure startup."
  39                 echo "===================================================="
  40                 sysctl kern.random.sys.seeded=0 2>/dev/null
  41                 read -t ${timeout} junk
  42                 echo "${junk}" `sysctl -a` `date` > /dev/random
  43         fi
  44         )
  45 }
  46
  47 sshd_keygen()
  48 {
  49         (
  50         umask 022
  51
  52         # Can't do anything if ssh is not installed
  53         [ -x /usr/bin/ssh-keygen ] || {
  54                 warn "/usr/bin/ssh-keygen does not exist."
  55                 return 1
  56         }
  57
  58         if [ -f /etc/ssh/ssh_host_key ]; then
  59                 echo "You already have an RSA host key" \
  60                     "in /etc/ssh/ssh_host_key"
  61                 echo "Skipping protocol version 1 RSA Key Generation"
  62         else
  63                 /usr/bin/ssh-keygen -t rsa1 -b 1024 \
  64                     -f /etc/ssh/ssh_host_key -N ''
  65         fi
  66
  67         if [ -f /etc/ssh/ssh_host_dsa_key ]; then
  68                 echo "You already have a DSA host key" \
  69                     "in /etc/ssh/ssh_host_dsa_key"
  70                 echo "Skipping protocol version 2 DSA Key Generation"
  71         else
  72                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
  73         fi
  74
  75         if [ -f /etc/ssh/ssh_host_rsa_key ]; then
  76                 echo "You already have an RSA host key" \
  77                     "in /etc/ssh/ssh_host_rsa_key"
  78                 echo "Skipping protocol version 2 RSA Key Generation"
  79         else
  80                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
  81         fi
  82
  83         if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
  84                 echo "You already have an ECDSA host key" \
  85                     "in /etc/ssh/ssh_host_ecdsa_key"
  86                 echo "Skipping protocol version 2 ECDSA Key Generation"
  87         else
  88                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
  89         fi
  90         )
  91 }
  92
  93 sshd_configtest()
  94 {
  95         echo "Performing sanity check on ${name} configuration."
  96         eval ${command} ${sshd_flags} -t
  97 }
  98
  99 sshd_precmd()
 100 {
 101         if [ ! -f /etc/ssh/ssh_host_key -o \
 102             ! -f /etc/ssh/ssh_host_dsa_key -o \
 103             ! -f /etc/ssh/ssh_host_ecdsa_key -o \
 104             ! -f /etc/ssh/ssh_host_rsa_key ]; then
 105                 user_reseed
 106                 run_rc_command keygen
 107         fi
 108         sshd_configtest
 109 }
 110
 111 load_rc_config $name
 112 run_rc_command "$1"