1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: sshd 7# REQUIRE: LOGIN FILESYSTEMS 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="sshd" 13desc="Secure Shell Daemon" 14rcvar="sshd_enable" 15command="/usr/sbin/${name}" 16keygen_cmd="sshd_keygen" 17start_precmd="sshd_precmd" 18reload_precmd="sshd_configtest" 19restart_precmd="sshd_configtest" 20configtest_cmd="sshd_configtest" 21pidfile="/var/run/${name}.pid" 22extra_commands="configtest keygen reload" 23 24: ${sshd_rsa_enable:="yes"} 25: ${sshd_dsa_enable:="no"} 26: ${sshd_ecdsa_enable:="yes"} 27: ${sshd_ed25519_enable:="yes"} 28 29sshd_keygen_alg() 30{ 31 local alg=$1 32 local ALG="$(echo $alg | tr a-z A-Z)" 33 local keyfile 34 35 if ! checkyesno "sshd_${alg}_enable" ; then 36 return 0 37 fi 38 39 case $alg in 40 rsa|dsa|ecdsa|ed25519) 41 keyfile="/etc/ssh/ssh_host_${alg}_key" 42 ;; 43 *) 44 return 1 45 ;; 46 esac 47 48 if [ ! -x /usr/bin/ssh-keygen ] ; then 49 warn "/usr/bin/ssh-keygen does not exist." 50 return 1 51 fi 52 53 if [ -f "${keyfile}" ] ; then 54 info "$ALG host key exists." 55 else 56 echo "Generating $ALG host key." 57 /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" 58 /usr/bin/ssh-keygen -l -f "$keyfile.pub" 59 fi 60} 61 62sshd_keygen() 63{ 64 sshd_keygen_alg rsa 65 sshd_keygen_alg dsa 66 sshd_keygen_alg ecdsa 67 sshd_keygen_alg ed25519 68} 69 70sshd_configtest() 71{ 72 echo "Performing sanity check on ${name} configuration." 73 eval ${command} ${sshd_flags} -t 74} 75 76sshd_precmd() 77{ 78 run_rc_command keygen 79 run_rc_command configtest 80} 81 82load_rc_config $name 83run_rc_command "$1" 84