1#!/sbin/sh 2# 3# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 4# Use is subject to license terms. 5# 6 7. /lib/svc/share/ipf_include.sh 8 9SSHDIR=/etc/ssh 10KEYGEN="/usr/bin/ssh-keygen -q" 11PIDFILE=/var/run/sshd.pid 12 13# Checks to see if RSA, and DSA host keys are available 14# if any of these keys are not present, the respective keys are created. 15create_key() 16{ 17 keypath=$1 18 keytype=$2 19 20 if [ ! -f $keypath ]; then 21 grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1 22 if [ $? -eq 0 ]; then 23 echo Creating new $keytype public/private host key pair 24 $KEYGEN -f $keypath -t $keytype -N '' 25 return $? 26 fi 27 fi 28 29 return 0 30} 31 32create_ipf_rules() 33{ 34 FMRI=$1 35 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` 36 policy=`get_policy ${FMRI}` 37 38 # 39 # Get port from /etc/ssh/sshd_config 40 # 41 tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \ 42 awk '{print $2}'` 43 44 echo "# $FMRI" >$ipf_file 45 for port in $tports; do 46 generate_rules $FMRI $policy "tcp" "any" $port $ipf_file 47 done 48} 49 50# This script is being used for two purposes: as part of an SMF 51# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M) 52# application. 53# 54# Both, the SMF methods and sysidconfig/sys-unconfig use different 55# arguments.. 56 57case $1 in 58 # sysidconfig/sys-unconfig arguments (-c and -u) 59'-c') 60 create_key $SSHDIR/ssh_host_rsa_key rsa 61 create_key $SSHDIR/ssh_host_dsa_key dsa 62 ;; 63 64'-u') 65 # sys-unconfig(1M) knows how to remove ssh host keys, so there's 66 # nothing to do here. 67 : 68 ;; 69 70 # SMF arguments (start and restart [really "refresh"]) 71 72'ipfilter') 73 create_ipf_rules $2 74 ;; 75 76'start') 77 /usr/lib/ssh/sshd 78 ;; 79 80'restart') 81 if [ -f "$PIDFILE" ]; then 82 /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE` 83 fi 84 ;; 85 86*) 87 echo "Usage: $0 { start | restart }" 88 exit 1 89 ;; 90esac 91 92exit $? 93