1#!/sbin/sh 2# 3# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 4# Use is subject to license terms. 5# 6 7. /lib/svc/share/ipf_include.sh 8. /lib/svc/share/smf_include.sh 9 10SSHDIR=/etc/ssh 11KEYGEN="/usr/bin/ssh-keygen -q" 12PIDFILE=/var/run/sshd.pid 13 14# Checks to see if RSA, and DSA host keys are available 15# if any of these keys are not present, the respective keys are created. 16create_key() 17{ 18 keypath=$1 19 keytype=$2 20 21 if [ ! -f $keypath ]; then 22 # 23 # HostKey keywords in sshd_config may be preceded or 24 # followed by a mix of any number of space or tabs, 25 # and optionally have an = between keyword and 26 # argument. We use two grep invocations such that we 27 # can match HostKey case insensitively but still have 28 # the case of the path name be significant, keeping 29 # the pattern somewhat more readable. 30 # 31 # The character classes below contain one literal 32 # space and one literal tab. 33 # 34 grep -i "^[ ]*HostKey[ ]*=\{0,1\}[ ]*$keypath" \ 35 $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1 36 37 if [ $? -eq 0 ]; then 38 echo Creating new $keytype public/private host key pair 39 $KEYGEN -f $keypath -t $keytype -N '' 40 if [ $? -ne 0 ]; then 41 echo "Could not create $keytype key: $keypath" 42 exit $SMF_EXIT_ERR_CONFIG 43 fi 44 fi 45 fi 46} 47 48create_ipf_rules() 49{ 50 FMRI=$1 51 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` 52 policy=`get_policy ${FMRI}` 53 54 # 55 # Get port from /etc/ssh/sshd_config 56 # 57 tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \ 58 awk '{print $2}'` 59 60 echo "# $FMRI" >$ipf_file 61 for port in $tports; do 62 generate_rules $FMRI $policy "tcp" "any" $port $ipf_file 63 done 64} 65 66# This script is being used for two purposes: as part of an SMF 67# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M) 68# application. 69# 70# Both, the SMF methods and sysidconfig/sys-unconfig use different 71# arguments.. 72 73case $1 in 74 # sysidconfig/sys-unconfig arguments (-c and -u) 75'-c') 76 /usr/bin/ssh-keygen -A 77 if [ $? -ne 0 ]; then 78 create_key $SSHDIR/ssh_host_rsa_key rsa 79 create_key $SSHDIR/ssh_host_dsa_key dsa 80 fi 81 ;; 82 83'-u') 84 # sys-unconfig(1M) knows how to remove ssh host keys, so there's 85 # nothing to do here. 86 : 87 ;; 88 89 # SMF arguments (start and restart [really "refresh"]) 90 91'ipfilter') 92 create_ipf_rules $2 93 ;; 94 95'start') 96 # 97 # If host keys don't exist when the service is started, create 98 # them; sysidconfig is not run in every situation (such as on 99 # the install media). 100 # 101 /usr/bin/ssh-keygen -A 102 if [ $? -ne 0 ]; then 103 create_key $SSHDIR/ssh_host_rsa_key rsa 104 create_key $SSHDIR/ssh_host_dsa_key dsa 105 fi 106 107 /usr/lib/ssh/sshd 108 ;; 109 110'restart') 111 if [ -f "$PIDFILE" ]; then 112 /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE` 113 fi 114 ;; 115 116*) 117 echo "Usage: $0 { start | restart }" 118 exit 1 119 ;; 120esac 121 122exit $? 123