Add the capabilty to sushi to edit the /etc/sshd.conf file. The defaults

are taken from the manpage.

share/sushi/system/Makefile

@@ -1,7 +1,7 @@
-#	$NetBSD: Makefile,v 1.5 2001/04/29 04:53:05 garbled Exp $
+#	$NetBSD: Makefile,v 1.6 2001/08/02 05:41:18 garbled Exp $
 
 SUBDIR= rcconf dailyconf weeklyconf securityconf inetdconf mailerconf
-SUBDIR+= usermgmtconf sysctl localtime
+SUBDIR+= usermgmtconf sysctl localtime sshdconf
 
 FILES=	index help
 FILESDIR=${BINDIR}/sushi/system

share/sushi/system/sshdconf/Makefile

@@ -0,0 +1,10 @@
+#	$NetBSD: Makefile,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+FILES=	form help defaults
+FILESDIR=${BINDIR}/sushi/system/sshdconf
+SCRIPTS= script script1 script2 script3 script4 script5 script6
+SCRIPTSDIR=${BINDIR}/sushi/system/sshdconf
+MKOBJ=	no
+
+.include "../../../Makefile.inc"
+.include <bsd.prog.mk>

share/sushi/system/sshdconf/defaults

@@ -0,0 +1,50 @@
+AFSTokenPassing yes
+AllowGroups 
+AllowTcpForwarding yes
+AllowUsers 
+AuthorizedKeysFile %h/.ssh/authorized_keys
+Banner 
+ChallengeResponseAuthentication yes
+CheckMail no
+Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
+ClientAliveInterval 0
+ClientAliveCountMax 3
+DenyGroups 
+DenyUsers 
+GatewayPorts no
+HostbasedAuthentication no
+IgnoreRhosts yes
+IgnoreUserKnownHosts no
+KeepAlive yes
+KerberosAuthentication yes
+KerberosOrLocalPasswd yes
+KerberosTgtPassing no
+KerberosTicketCleanup yes
+KeyRegenerationInterval 3600
+LoginGraceTime 600
+LogLevel INFO
+MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+MaxStartups 10:100:10
+PasswordAuthentication yes
+PermitEmptyPasswords no
+PermitRootLogin yes
+PidFile /var/run/sshd.pid
+Port 22
+PrintLastLog yes
+PrintMotd yes
+Protocol 2,1
+PubkeyAuthentication yes
+ReverseMappingCheck no
+RhostsAuthentication no
+RhostsRSAAuthentication no
+RSAAuthentication yes
+ServerKeyBits 768
+StrictModes yes
+SyslogFacility AUTH
+UseLogin no
+X11DisplayOffset 10
+X11Forwarding no
+XAuthLocation /usr/X11R6/bin/xauth
+HostKey /etc/ssh_host_key
+HostKey /etc/ssh_host_rsa_key
+HostKey /etc/ssh_host_dsa_key

share/sushi/system/sshdconf/form

@@ -0,0 +1,52 @@
+# $NetBSD: form,v 1.1 2001/08/02 05:41:19 garbled Exp $
+list:yes,no				Restart sshd now?
+script:script2,AFSTokenPassing		Pass AFS Tokens to server?
+escript:50,script4,AllowGroups		Space separated list of groups to allow
+script:script2,AllowTcpForwarding	TCP forwarding permitted?
+escript:50,script4,AllowUsers		Space separated list of users to allow
+escript:50,script1,AuthorizedKeysFile	File that contains the public RSA keys
+escript:50,script1,Banner		File containing warning banner
+script:script2,ChallengeResponseAuthentication	Challenge response authentication allowed?
+script:script2,CheckMail		Check new mail on login?
+escript:60,script1,Ciphers		Comma separated list of ciphers to use
+escript:4,script1,ClientAliveInterval	Timeout interval in seconds
+escript:4,script1,ClientAliveCountMax	Maximum number of timeouts allowed
+escript:50,script4,DenyGroups		Space separated list of groups to deny
+escript:50,script4,DenyUsers		Space separated list of users to deny
+script:script2,GatewayPorts		Allow hosts to connect to forwarded ports
+script:script2,HostbasedAuthentication	Allow rhosts authentication?
+escript:50,script3,HostKey,1		RSA1 host key file
+escript:50,script3,HostKey,2		RSA V2 host key file
+escript:50,script3,HostKey,3		DSA host key file
+script:script2,IgnoreRhosts		Ignore .rhosts and .shosts files?
+script:script2,IgnoreUserKnownHosts	Ignore user's known_hosts file?
+script:script2,KeepAlive		Send keepalive messages?
+script:script2,KerberosAuthentication	Allow kerberos authentication?
+script:script2,KerberosOrLocalPasswd	Allow passwd auth if kerb. fails?
+script:script2,KerberosTgtPassing	Forward kerberos tickets to server?
+script:script2,KerberosTicketCleanup	Destroy user's ticket on logout?
+escript:6,script1,KeyRegenerationInterval	Key regeneration frequency in seconds
+escript:6,script1,LoginGraceTime	Grace time before disconnect during login
+script:script5,LogLevel			Verbosity of logging
+escript:60,script1,MACs			Comma separated list of MACs to use
+escript:8,script1,MaxStartups		Max. number of unauth. conn. to sshd
+script:script2,PasswordAuthentication	Password authentication allowed?
+script:script2,PermitEmptyPasswords	Permit empty passwords on login?
+script:script2,PermitRootLogin		Permit root logins?
+escript:50,script1,PidFile		File that contains the PID of sshd
+escript:5,script1,Port			Port for sshd to listen on
+script:script2,PrintLastLog		Print last time user logged on?
+script:script2,PrintMotd		Print /etc/motd at login?
+escript:5,script1,Protocol		Comma separated list of protocols to support
+script:script2,PubkeyAuthentication	Allow public key authentication?
+script:script2,ReverseMappingCheck	Perform reverse DNS map verification?
+script:script2,RhostsAuthentication	Allow .rhosts authentication?
+script:script2,RhostsRSAAuthentication	Allow .rhosts auth. with RSA?
+script:script2,RSAAuthentication	Allow pure RSA authentication?
+escript:5,script1,ServerKeyBits		Bits to use in the V1 server key
+script:script2,StrictModes		Strict file permission checking?
+script:script6,SyslogFacility		Facility to log messages via
+script:script2,UseLogin			Use login(1) for login sessions
+escript:5,script1,X11DisplayOffset	Offset for X11 forwarding
+script:script2,X11Forwarding		Allow X11 forwarding?
+escript:50,script1,XAuthLocation	Location of xauth(1) program

share/sushi/system/sshdconf/help

@@ -0,0 +1,6 @@
+It is advised that the user read the sshd(8) manpage before editing any
+of the defaults provided.  Some of these options can seriously degrade
+the security of your system.  The defaults provided are generally considered
+to be fairly secure.
+
+$NetBSD: help,v 1.1 2001/08/02 05:41:19 garbled Exp $

share/sushi/system/sshdconf/script

@@ -0,0 +1,26 @@
+#!/bin/sh
+# $NetBSD: script,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+if [ "$1" = "yes" ]; then
+	RESTART=yes
+fi
+
+OPT=`cat /usr/share/sushi/system/sshdconf/form | sed -e 's/.*script[1-9],\(.*\)		 *.*/\1/' \
+	| sed -e 's/,.*//' | grep -v '^#' | grep -v '^list:'`
+echo -n "# Generated by sushi on " > /etc/sshd.conf
+date >>/etc/sshd.conf
+a=2
+for i in $OPT
+do
+	ANS=$(echo `eval echo \\$${a}`)
+	if [ ! -z "$ANS" ]; then
+		echo "$i $ANS" >> /etc/sshd.conf
+	fi
+	a=`expr $a + 1`
+done
+chmod 644 /etc/sshd.conf
+chown root:wheel /etc/sshd.conf
+echo "Successfully wrote a new sshd.conf file"
+if [ ! -z "$RESTART" ]; then
+	/etc/rc.d/sshd reload
+fi

share/sushi/system/sshdconf/script1

@@ -0,0 +1,11 @@
+#!/bin/sh
+# $NetBSD: script1,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}'`
+if [ -z "$VAR" ]; then
+	VAR=`grep "^$1" /usr/share/sushi/system/sshdconf//defaults | awk '{print $2}'` fi
+if [ -z "$VAR" ]; then
+	echo ""
+else
+	echo "$VAR"
+fi

share/sushi/system/sshdconf/script2

@@ -0,0 +1,19 @@
+#!/bin/sh
+# $NetBSD: script2,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}'`
+if [ -z "$VAR" ]; then
+	VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}'`
+fi
+if [ -z "$VAR" ]; then
+	echo "no"
+	echo "yes"
+else
+	if [ "$VAR" = "yes" ]; then
+		echo "yes"
+		echo "no"
+	else
+		echo "no"
+		echo "yes"
+	fi
+fi

share/sushi/system/sshdconf/script3

@@ -0,0 +1,33 @@
+#!/bin/sh
+# $NetBSD: script3,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+NUM=`grep -c "^$1" /etc/sshd.conf`
+
+if [ "$2" = "1" ]; then
+	VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}' | head -1`
+	if [ -z "$VAR" ]; then
+		VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}' | head -1`
+	fi
+fi
+if [ "$2" = "2" ]; then
+	if [ $NUM -gt 1 ]; then
+		VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}' | head -2 | tail -1`
+	fi
+	if [ -z "$VAR" ]; then
+		VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}' | head -2 | tail -1`
+	fi
+fi
+if [ "$2" = "3" ]; then
+	if [ $NUM -gt 2 ]; then
+		VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}' | tail -1`
+	fi
+	if [ -z "$VAR" ]; then
+		VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}' | tail -1`
+	fi
+fi
+
+if [ -z "$VAR" ]; then
+	echo ""
+else
+	echo "$VAR"
+fi

share/sushi/system/sshdconf/script4

@@ -0,0 +1,12 @@
+#!/bin/sh
+# $NetBSD: script4,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+VAR=`grep "^$1" /etc/sshd.conf | sed -e "s/$1 *//"`
+if [ -z "$VAR" ]; then
+	VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}'`
+fi
+if [ -z "$VAR" ]; then
+	echo ""
+else
+	echo "$VAR"
+fi

share/sushi/system/sshdconf/script5

@@ -0,0 +1,19 @@
+#!/bin/sh
+# $NetBSD: script5,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}'`
+if [ -z "$VAR" ]; then
+	VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}'`
+fi
+if [ -z "$VAR" ]; then
+	for i in INFO QUIET FATAL ERROR VERBOSE DEBUG
+	do
+		echo "$i"
+	done
+else
+	echo "$VAR"
+	for i in INFO QUIET FATAL ERROR VERBOSE DEBUG
+	do
+		echo "$i" | grep -v "$VAR"
+	done
+fi

share/sushi/system/sshdconf/script6

@@ -0,0 +1,19 @@
+#!/bin/sh
+# $NetBSD: script6,v 1.1 2001/08/02 05:41:19 garbled Exp $
+
+VAR=`grep "^$1" /etc/sshd.conf | awk '{print $2}'`
+if [ -z "$VAR" ]; then
+	VAR=`grep "^$1" /usr/share/sushi/system/sshdconf/defaults | awk '{print $2}'`
+fi
+if [ -z "$VAR" ]; then
+	for i in AUTH DAEMON USER LOCAL0 LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7
+	do
+		echo "$i"
+	done
+else
+	echo "$VAR"
+	for i in AUTH DAEMON USER LOCAL0 LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7
+	do
+		echo "$i" | grep -v "$VAR"
+	done
+fi