10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# 40696600cSBjoern A. Zeeb 50696600cSBjoern A. Zeeb# PROVIDE: sshd 60696600cSBjoern A. Zeeb# REQUIRE: LOGIN FILESYSTEMS 70696600cSBjoern A. Zeeb# KEYWORD: shutdown 80696600cSBjoern A. Zeeb 90696600cSBjoern A. Zeeb. /etc/rc.subr 100696600cSBjoern A. Zeeb 110696600cSBjoern A. Zeebname="sshd" 120696600cSBjoern A. Zeebdesc="Secure Shell Daemon" 130696600cSBjoern A. Zeebrcvar="sshd_enable" 140696600cSBjoern A. Zeebcommand="/usr/sbin/${name}" 150696600cSBjoern A. Zeebkeygen_cmd="sshd_keygen" 160696600cSBjoern A. Zeebstart_precmd="sshd_precmd" 170696600cSBjoern A. Zeebreload_precmd="sshd_configtest" 180696600cSBjoern A. Zeebrestart_precmd="sshd_configtest" 190696600cSBjoern A. Zeebconfigtest_cmd="sshd_configtest" 200696600cSBjoern A. Zeebpidfile="/var/run/${name}.pid" 210696600cSBjoern A. Zeebextra_commands="configtest keygen reload" 220696600cSBjoern A. Zeeb 230696600cSBjoern A. Zeeb: ${sshd_rsa_enable:="yes"} 240696600cSBjoern A. Zeeb: ${sshd_dsa_enable:="no"} 250696600cSBjoern A. Zeeb: ${sshd_ecdsa_enable:="yes"} 260696600cSBjoern A. Zeeb: ${sshd_ed25519_enable:="yes"} 270696600cSBjoern A. Zeeb 28*f99f0ee1SAlexander Leidinger# sshd in a jail would not see other jails. As such exclude it from 29*f99f0ee1SAlexander Leidinger# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to 30*f99f0ee1SAlexander Leidinger# enable it in rc.conf. 31*f99f0ee1SAlexander Leidinger: ${sshd_svcj:="NO"} 32*f99f0ee1SAlexander Leidinger: ${sshd_svcj_options:="net_basic"} 33*f99f0ee1SAlexander Leidinger 340696600cSBjoern A. Zeebsshd_keygen_alg() 350696600cSBjoern A. Zeeb{ 360696600cSBjoern A. Zeeb local alg=$1 370696600cSBjoern A. Zeeb local ALG="$(echo $alg | tr a-z A-Z)" 380696600cSBjoern A. Zeeb local keyfile 390696600cSBjoern A. Zeeb 400696600cSBjoern A. Zeeb if ! checkyesno "sshd_${alg}_enable" ; then 410696600cSBjoern A. Zeeb return 0 420696600cSBjoern A. Zeeb fi 430696600cSBjoern A. Zeeb 440696600cSBjoern A. Zeeb case $alg in 450696600cSBjoern A. Zeeb rsa|dsa|ecdsa|ed25519) 460696600cSBjoern A. Zeeb keyfile="/etc/ssh/ssh_host_${alg}_key" 470696600cSBjoern A. Zeeb ;; 480696600cSBjoern A. Zeeb *) 490696600cSBjoern A. Zeeb return 1 500696600cSBjoern A. Zeeb ;; 510696600cSBjoern A. Zeeb esac 520696600cSBjoern A. Zeeb 533e586086SMateusz Piotrowski if [ -f "${keyfile}" ] ; then 543e586086SMateusz Piotrowski info "$ALG host key exists." 553e586086SMateusz Piotrowski return 0 563e586086SMateusz Piotrowski fi 573e586086SMateusz Piotrowski 580696600cSBjoern A. Zeeb if [ ! -x /usr/bin/ssh-keygen ] ; then 590696600cSBjoern A. Zeeb warn "/usr/bin/ssh-keygen does not exist." 600696600cSBjoern A. Zeeb return 1 610696600cSBjoern A. Zeeb fi 620696600cSBjoern A. Zeeb 630696600cSBjoern A. Zeeb echo "Generating $ALG host key." 640696600cSBjoern A. Zeeb /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" 650696600cSBjoern A. Zeeb /usr/bin/ssh-keygen -l -f "$keyfile.pub" 660696600cSBjoern A. Zeeb} 670696600cSBjoern A. Zeeb 680696600cSBjoern A. Zeebsshd_keygen() 690696600cSBjoern A. Zeeb{ 700696600cSBjoern A. Zeeb sshd_keygen_alg rsa 710696600cSBjoern A. Zeeb sshd_keygen_alg dsa 720696600cSBjoern A. Zeeb sshd_keygen_alg ecdsa 730696600cSBjoern A. Zeeb sshd_keygen_alg ed25519 740696600cSBjoern A. Zeeb} 750696600cSBjoern A. Zeeb 760696600cSBjoern A. Zeebsshd_configtest() 770696600cSBjoern A. Zeeb{ 780696600cSBjoern A. Zeeb echo "Performing sanity check on ${name} configuration." 790696600cSBjoern A. Zeeb eval ${command} ${sshd_flags} -t 800696600cSBjoern A. Zeeb} 810696600cSBjoern A. Zeeb 820696600cSBjoern A. Zeebsshd_precmd() 830696600cSBjoern A. Zeeb{ 840696600cSBjoern A. Zeeb run_rc_command keygen 850696600cSBjoern A. Zeeb run_rc_command configtest 860696600cSBjoern A. Zeeb} 870696600cSBjoern A. Zeeb 880696600cSBjoern A. Zeebload_rc_config $name 890696600cSBjoern A. Zeebrun_rc_command "$1" 90