xref: /freebsd/libexec/rc/rc.d/sshd (revision 123af6ec70016f5556da5972d4d63c7d175c06d3)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: sshd
7# REQUIRE: LOGIN FILESYSTEMS
8# KEYWORD: shutdown
9
10. /etc/rc.subr
11
12name="sshd"
13desc="Secure Shell Daemon"
14rcvar="sshd_enable"
15command="/usr/sbin/${name}"
16keygen_cmd="sshd_keygen"
17start_precmd="sshd_precmd"
18reload_precmd="sshd_configtest"
19restart_precmd="sshd_configtest"
20configtest_cmd="sshd_configtest"
21pidfile="/var/run/${name}.pid"
22extra_commands="configtest keygen reload"
23
24: ${sshd_rsa_enable:="yes"}
25: ${sshd_dsa_enable:="no"}
26: ${sshd_ecdsa_enable:="yes"}
27: ${sshd_ed25519_enable:="yes"}
28
29sshd_keygen_alg()
30{
31	local alg=$1
32	local ALG="$(echo $alg | tr a-z A-Z)"
33	local keyfile
34
35	if ! checkyesno "sshd_${alg}_enable" ; then
36		return 0
37	fi
38
39	case $alg in
40	rsa|dsa|ecdsa|ed25519)
41		keyfile="/etc/ssh/ssh_host_${alg}_key"
42		;;
43	*)
44		return 1
45		;;
46	esac
47
48	if [ ! -x /usr/bin/ssh-keygen ] ; then
49		warn "/usr/bin/ssh-keygen does not exist."
50		return 1
51	fi
52
53	if [ -f "${keyfile}" ] ; then
54		info "$ALG host key exists."
55	else
56		echo "Generating $ALG host key."
57		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
58		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
59	fi
60}
61
62sshd_keygen()
63{
64	sshd_keygen_alg rsa
65	sshd_keygen_alg dsa
66	sshd_keygen_alg ecdsa
67	sshd_keygen_alg ed25519
68}
69
70sshd_configtest()
71{
72	echo "Performing sanity check on ${name} configuration."
73	eval ${command} ${sshd_flags} -t
74}
75
76sshd_precmd()
77{
78	run_rc_command keygen
79	run_rc_command configtest
80}
81
82load_rc_config $name
83run_rc_command "$1"
84