1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00
freebsd/etc/rc.d/sshd
Yaroslav Tykhiy 180e996dfc Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
2005-10-23 14:06:53 +00:00

94 lines
2.2 KiB
Bash
Executable File

#!/bin/sh
#
# $NetBSD: sshd,v 1.18 2002/04/29 08:23:34 lukem Exp $
# $FreeBSD$
#
# PROVIDE: sshd
# REQUIRE: LOGIN cleanvar
. /etc/rc.subr
name="sshd"
rcvar=`set_rcvar`
command="/usr/sbin/${name}"
keygen_cmd="sshd_keygen"
start_precmd="sshd_precmd"
pidfile="/var/run/${name}.pid"
extra_commands="keygen reload"
timeout=300
user_reseed()
{
(
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
if [ "${seeded}" != "" ] ; then
warn "Setting entropy source to blocking mode."
echo "===================================================="
echo "Type a full screenful of random junk to unblock"
echo "it and remember to finish with <enter>. This will"
echo "timeout in ${timeout} seconds, but waiting for"
echo "the timeout without typing junk may make the"
echo "entropy source deliver predictable output."
echo ""
echo "Just hit <enter> for fast+insecure startup."
echo "===================================================="
sysctl kern.random.sys.seeded=0 2>/dev/null
read -t ${timeout} junk
echo "${junk}" `sysctl -a` `date` > /dev/random
fi
)
}
sshd_keygen()
{
(
umask 022
# Can't do anything if ssh is not installed
[ -x /usr/bin/ssh-keygen ] || {
warn "/usr/bin/ssh-keygen does not exist."
return 1
}
if [ -f /etc/ssh/ssh_host_key ]; then
echo "You already have an RSA host key" \
"in /etc/ssh/ssh_host_key"
echo "Skipping protocol version 1 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
-f /etc/ssh/ssh_host_key -N ''
fi
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in /etc/ssh/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
else
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in /etc/ssh/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
else
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
)
}
sshd_precmd()
{
if [ ! -f /etc/ssh/ssh_host_key -o \
! -f /etc/ssh/ssh_host_dsa_key -o \
! -f /etc/ssh/ssh_host_rsa_key ]; then
user_reseed
run_rc_command keygen
fi
}
load_rc_config $name
run_rc_command "$1"