xref: /freebsd/libexec/rc/rc.d/sshd (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1#!/bin/sh
2#
3#
4
5# PROVIDE: sshd
6# REQUIRE: LOGIN FILESYSTEMS
7# KEYWORD: shutdown
8
9. /etc/rc.subr
10
11name="sshd"
12desc="Secure Shell Daemon"
13rcvar="sshd_enable"
14command="/usr/sbin/${name}"
15keygen_cmd="sshd_keygen"
16start_precmd="sshd_precmd"
17reload_precmd="sshd_configtest"
18restart_precmd="sshd_configtest"
19configtest_cmd="sshd_configtest"
20pidfile="/var/run/${name}.pid"
21extra_commands="configtest keygen reload"
22
23: ${sshd_rsa_enable:="yes"}
24: ${sshd_dsa_enable:="no"}
25: ${sshd_ecdsa_enable:="yes"}
26: ${sshd_ed25519_enable:="yes"}
27
28sshd_keygen_alg()
29{
30	local alg=$1
31	local ALG="$(echo $alg | tr a-z A-Z)"
32	local keyfile
33
34	if ! checkyesno "sshd_${alg}_enable" ; then
35		return 0
36	fi
37
38	case $alg in
39	rsa|dsa|ecdsa|ed25519)
40		keyfile="/etc/ssh/ssh_host_${alg}_key"
41		;;
42	*)
43		return 1
44		;;
45	esac
46
47	if [ -f "${keyfile}" ] ; then
48		info "$ALG host key exists."
49		return 0
50	fi
51
52	if [ ! -x /usr/bin/ssh-keygen ] ; then
53		warn "/usr/bin/ssh-keygen does not exist."
54		return 1
55	fi
56
57	echo "Generating $ALG host key."
58	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
59	/usr/bin/ssh-keygen -l -f "$keyfile.pub"
60}
61
62sshd_keygen()
63{
64	sshd_keygen_alg rsa
65	sshd_keygen_alg dsa
66	sshd_keygen_alg ecdsa
67	sshd_keygen_alg ed25519
68}
69
70sshd_configtest()
71{
72	echo "Performing sanity check on ${name} configuration."
73	eval ${command} ${sshd_flags} -t
74}
75
76sshd_precmd()
77{
78	run_rc_command keygen
79	run_rc_command configtest
80}
81
82load_rc_config $name
83run_rc_command "$1"
84