1#!/bin/sh 2# 3# 4 5# PROVIDE: sshd 6# REQUIRE: LOGIN FILESYSTEMS 7# KEYWORD: shutdown 8 9. /etc/rc.subr 10 11name="sshd" 12desc="Secure Shell Daemon" 13rcvar="sshd_enable" 14command="/usr/sbin/${name}" 15keygen_cmd="sshd_keygen" 16start_precmd="sshd_precmd" 17reload_precmd="sshd_configtest" 18restart_precmd="sshd_configtest" 19configtest_cmd="sshd_configtest" 20pidfile="/var/run/${name}.pid" 21extra_commands="configtest keygen reload" 22 23: ${sshd_rsa_enable:="yes"} 24: ${sshd_dsa_enable:="no"} 25: ${sshd_ecdsa_enable:="yes"} 26: ${sshd_ed25519_enable:="yes"} 27 28# sshd in a jail would not see other jails. As such exclude it from 29# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to 30# enable it in rc.conf. 31: ${sshd_svcj:="NO"} 32: ${sshd_svcj_options:="net_basic"} 33 34sshd_keygen_alg() 35{ 36 local alg=$1 37 local ALG="$(echo $alg | tr a-z A-Z)" 38 local keyfile 39 40 if ! checkyesno "sshd_${alg}_enable" ; then 41 return 0 42 fi 43 44 case $alg in 45 rsa|dsa|ecdsa|ed25519) 46 keyfile="/etc/ssh/ssh_host_${alg}_key" 47 ;; 48 *) 49 return 1 50 ;; 51 esac 52 53 if [ -f "${keyfile}" ] ; then 54 info "$ALG host key exists." 55 return 0 56 fi 57 58 if [ ! -x /usr/bin/ssh-keygen ] ; then 59 warn "/usr/bin/ssh-keygen does not exist." 60 return 1 61 fi 62 63 echo "Generating $ALG host key." 64 /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" 65 /usr/bin/ssh-keygen -l -f "$keyfile.pub" 66} 67 68sshd_keygen() 69{ 70 sshd_keygen_alg rsa 71 sshd_keygen_alg dsa 72 sshd_keygen_alg ecdsa 73 sshd_keygen_alg ed25519 74} 75 76sshd_configtest() 77{ 78 echo "Performing sanity check on ${name} configuration." 79 eval ${command} ${sshd_flags} -t 80} 81 82sshd_precmd() 83{ 84 run_rc_command keygen 85 run_rc_command configtest 86} 87 88load_rc_config $name 89run_rc_command "$1" 90