1#!/bin/sh 2# 3# 4 5# PROVIDE: sshd 6# REQUIRE: LOGIN FILESYSTEMS 7# KEYWORD: shutdown 8 9. /etc/rc.subr 10 11name="sshd" 12desc="Secure Shell Daemon" 13rcvar="sshd_enable" 14command="/usr/sbin/${name}" 15keygen_cmd="sshd_keygen" 16start_precmd="sshd_precmd" 17reload_precmd="sshd_configtest" 18restart_precmd="sshd_configtest" 19configtest_cmd="sshd_configtest" 20pidfile="/var/run/${name}.pid" 21extra_commands="configtest keygen reload" 22 23: ${sshd_rsa_enable:="yes"} 24: ${sshd_ecdsa_enable:="yes"} 25: ${sshd_ed25519_enable:="yes"} 26 27# sshd in a jail would not see other jails. As such exclude it from 28# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to 29# enable it in rc.conf. 30: ${sshd_svcj:="NO"} 31: ${sshd_svcj_options:="net_basic"} 32 33sshd_keygen_alg() 34{ 35 local alg=$1 36 local ALG="$(echo $alg | tr a-z A-Z)" 37 local keyfile 38 39 if ! checkyesno "sshd_${alg}_enable" ; then 40 return 0 41 fi 42 43 case $alg in 44 rsa|ecdsa|ed25519) 45 keyfile="/etc/ssh/ssh_host_${alg}_key" 46 ;; 47 *) 48 return 1 49 ;; 50 esac 51 52 if [ -f "${keyfile}" ] ; then 53 info "$ALG host key exists." 54 return 0 55 fi 56 57 if [ ! -x /usr/bin/ssh-keygen ] ; then 58 warn "/usr/bin/ssh-keygen does not exist." 59 return 1 60 fi 61 62 echo "Generating $ALG host key." 63 /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" 64 /usr/bin/ssh-keygen -l -f "$keyfile.pub" 65} 66 67sshd_keygen() 68{ 69 sshd_keygen_alg rsa 70 sshd_keygen_alg ecdsa 71 sshd_keygen_alg ed25519 72} 73 74sshd_configtest() 75{ 76 echo "Performing sanity check on ${name} configuration." 77 eval ${command} ${sshd_flags} -t 78} 79 80sshd_precmd() 81{ 82 run_rc_command keygen 83 run_rc_command configtest 84} 85 86load_rc_config $name 87run_rc_command "$1" 88