1#!/sbin/sh 2# 3# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 4# Use is subject to license terms. 5# 6# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> 7# 8 9. /lib/svc/share/ipf_include.sh 10. /lib/svc/share/smf_include.sh 11 12SSHDIR=/etc/ssh 13KEYGEN="/usr/bin/ssh-keygen -q" 14PIDFILE=/var/run/sshd.pid 15 16# Checks to see if RSA, and DSA host keys are available 17# if any of these keys are not present, the respective keys are created. 18create_key() 19{ 20 keypath=$1 21 keytype=$2 22 23 if [ ! -f $keypath ]; then 24 # 25 # HostKey keywords in sshd_config may be preceded or 26 # followed by a mix of any number of space or tabs, 27 # and optionally have an = between keyword and 28 # argument. We use two grep invocations such that we 29 # can match HostKey case insensitively but still have 30 # the case of the path name be significant, keeping 31 # the pattern somewhat more readable. 32 # 33 # The character classes below contain one literal 34 # space and one literal tab. 35 # 36 grep -i "^[ ]*HostKey[ ]*=\{0,1\}[ ]*$keypath" \ 37 $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1 38 39 if [ $? -eq 0 ]; then 40 echo Creating new $keytype public/private host key pair 41 $KEYGEN -f $keypath -t $keytype -N '' 42 if [ $? -ne 0 ]; then 43 echo "Could not create $keytype key: $keypath" 44 exit $SMF_EXIT_ERR_CONFIG 45 fi 46 fi 47 fi 48} 49 50create_ipf_rules() 51{ 52 FMRI=$1 53 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` 54 ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX` 55 policy=`get_policy ${FMRI}` 56 57 # 58 # Get port from /etc/ssh/sshd_config 59 # 60 tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \ 61 awk '{print $2}'` 62 63 echo "# $FMRI" >$ipf_file 64 echo "# $FMRI" >$ipf6_file 65 for port in $tports; do 66 generate_rules $FMRI $policy "tcp" $port $ipf_file 67 generate_rules $FMRI $policy "tcp" $port $ipf6_file _6 68 done 69} 70 71# This script is being used for two purposes: as part of an SMF 72# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M) 73# application. 74# 75# Both, the SMF methods and sysidconfig/sys-unconfig use different 76# arguments.. 77 78case $1 in 79 # sysidconfig/sys-unconfig arguments (-c and -u) 80'-c') 81 /usr/bin/ssh-keygen -A 82 if [ $? -ne 0 ]; then 83 create_key $SSHDIR/ssh_host_rsa_key rsa 84 create_key $SSHDIR/ssh_host_dsa_key dsa 85 fi 86 ;; 87 88'-u') 89 # sys-unconfig(1M) knows how to remove ssh host keys, so there's 90 # nothing to do here. 91 : 92 ;; 93 94 # SMF arguments (start and restart [really "refresh"]) 95 96'ipfilter') 97 create_ipf_rules $2 98 ;; 99 100'start') 101 # 102 # If host keys don't exist when the service is started, create 103 # them; sysidconfig is not run in every situation (such as on 104 # the install media). 105 # 106 /usr/bin/ssh-keygen -A 107 if [ $? -ne 0 ]; then 108 create_key $SSHDIR/ssh_host_rsa_key rsa 109 create_key $SSHDIR/ssh_host_dsa_key dsa 110 fi 111 112 /usr/lib/ssh/sshd 113 ;; 114 115'restart') 116 if [ -f "$PIDFILE" ]; then 117 /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE` 118 fi 119 ;; 120 121*) 122 echo "Usage: $0 { start | restart }" 123 exit 1 124 ;; 125esac 126 127exit $? 128