1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: sshd 7# REQUIRE: LOGIN FILESYSTEMS 8# KEYWORD: shutdown 9 10. /etc/rc.subr 11 12name="sshd" 13desc="Secure Shell Daemon" 14rcvar="sshd_enable" 15command="/usr/sbin/${name}" 16keygen_cmd="sshd_keygen" 17start_precmd="sshd_precmd" 18reload_precmd="sshd_configtest" 19restart_precmd="sshd_configtest" 20configtest_cmd="sshd_configtest" 21pidfile="/var/run/${name}.pid" 22extra_commands="configtest keygen reload" 23 24: ${sshd_rsa_enable:="yes"} 25: ${sshd_dsa_enable:="no"} 26: ${sshd_ecdsa_enable:="yes"} 27: ${sshd_ed25519_enable:="yes"} 28 29sshd_keygen_alg() 30{ 31 local alg=$1 32 local ALG="$(echo $alg | tr a-z A-Z)" 33 local keyfile 34 35 if ! checkyesno "sshd_${alg}_enable" ; then 36 return 0 37 fi 38 39 case $alg in 40 rsa|dsa|ecdsa|ed25519) 41 keyfile="/etc/ssh/ssh_host_${alg}_key" 42 ;; 43 *) 44 return 1 45 ;; 46 esac 47 48 if [ -f "${keyfile}" ] ; then 49 info "$ALG host key exists." 50 return 0 51 fi 52 53 if [ ! -x /usr/bin/ssh-keygen ] ; then 54 warn "/usr/bin/ssh-keygen does not exist." 55 return 1 56 fi 57 58 echo "Generating $ALG host key." 59 /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" 60 /usr/bin/ssh-keygen -l -f "$keyfile.pub" 61} 62 63sshd_keygen() 64{ 65 sshd_keygen_alg rsa 66 sshd_keygen_alg dsa 67 sshd_keygen_alg ecdsa 68 sshd_keygen_alg ed25519 69} 70 71sshd_configtest() 72{ 73 echo "Performing sanity check on ${name} configuration." 74 eval ${command} ${sshd_flags} -t 75} 76 77sshd_precmd() 78{ 79 run_rc_command keygen 80 run_rc_command configtest 81} 82 83load_rc_config $name 84run_rc_command "$1" 85