Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/etc/rc.d/sshd

86 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $NetBSD: sshd,v 1.32 2022/05/15 11:47:42 martin Exp $
#
# PROVIDE: sshd
# REQUIRE: LOGIN
$_rc_subr_loaded . /etc/rc.subr
name="sshd"
rcvar=$name
command="/usr/sbin/${name}"
pidfile="/var/run/${name}.pid"
required_files="/etc/ssh/sshd_config"
extra_commands="keygen keyregen reload"
sshd_motd_unsafe_keys_warning()
{
(
umask 022
T=/etc/_motd
sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T
if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then
cat >> $T << _EOF
-- UNSAFE KEYS WARNING:
The ssh host keys on this machine have been generated with
not enough entropy configured, so may be predictable.
To fix, follow the "Adding entropy" section in the entropy(7)
man page and after this machine has enough entropy, re-generate
the ssh host keys by running:
sh /etc/rc.d/sshd keyregen
_EOF
fi
cmp -s $T /etc/motd || cp $T /etc/motd
rm -f $T
)
}
sshd_keygen()
{
(
keygen="/usr/bin/ssh-keygen"
umask 022
new_key_created=false
while read type bits filename; do
f="/etc/ssh/$filename"
if [ "$1" != "force" ] && [ -f "$f" ]; then
continue
fi
rm -f "$f"
case "${bits}" in
-1) bitarg=;;
0) bitarg="${ssh_keygen_flags}";;
*) bitarg="-b ${bits}";;
esac
"${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \
printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
new_key_created=true
done << _EOF
dsa 1024 ssh_host_dsa_key
ecdsa 521 ssh_host_ecdsa_key
ed25519 -1 ssh_host_ed25519_key
rsa 0 ssh_host_rsa_key
_EOF
if "${new_key_created}"; then
sshd_motd_unsafe_keys_warning
fi
)
}
sshd_precmd()
{
run_rc_command keygen
}
keygen_cmd=sshd_keygen
keyregen_cmd="sshd_keygen force"
start_precmd=sshd_precmd
load_rc_config $name
run_rc_command "$1"
Reference in New Issue View Git Blame Copy Permalink