17c478bd9Sstevel@tonic-gate#!/sbin/sh 27c478bd9Sstevel@tonic-gate# 3*eb1a3463STruong Nguyen# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 47c478bd9Sstevel@tonic-gate# Use is subject to license terms. 57c478bd9Sstevel@tonic-gate# 6*eb1a3463STruong Nguyen 7*eb1a3463STruong Nguyen. /lib/svc/share/ipf_include.sh 87c478bd9Sstevel@tonic-gate 97c478bd9Sstevel@tonic-gateSSHDIR=/etc/ssh 107c478bd9Sstevel@tonic-gateKEYGEN="/usr/bin/ssh-keygen -q" 117c478bd9Sstevel@tonic-gatePIDFILE=/var/run/sshd.pid 127c478bd9Sstevel@tonic-gate 137c478bd9Sstevel@tonic-gate# Checks to see if RSA, and DSA host keys are available 147c478bd9Sstevel@tonic-gate# if any of these keys are not present, the respective keys are created. 157c478bd9Sstevel@tonic-gatecreate_key() 167c478bd9Sstevel@tonic-gate{ 177c478bd9Sstevel@tonic-gate keypath=$1 187c478bd9Sstevel@tonic-gate keytype=$2 197c478bd9Sstevel@tonic-gate 207c478bd9Sstevel@tonic-gate if [ ! -f $keypath ]; then 217c478bd9Sstevel@tonic-gate grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1 227c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 237c478bd9Sstevel@tonic-gate echo Creating new $keytype public/private host key pair 247c478bd9Sstevel@tonic-gate $KEYGEN -f $keypath -t $keytype -N '' 257c478bd9Sstevel@tonic-gate return $? 267c478bd9Sstevel@tonic-gate fi 277c478bd9Sstevel@tonic-gate fi 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate return 0 307c478bd9Sstevel@tonic-gate} 317c478bd9Sstevel@tonic-gate 32*eb1a3463STruong Nguyencreate_ipf_rules() 33*eb1a3463STruong Nguyen{ 34*eb1a3463STruong Nguyen FMRI=$1 35*eb1a3463STruong Nguyen ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` 36*eb1a3463STruong Nguyen policy=`get_policy ${FMRI}` 37*eb1a3463STruong Nguyen 38*eb1a3463STruong Nguyen # 39*eb1a3463STruong Nguyen # Get port from /etc/ssh/sshd_config 40*eb1a3463STruong Nguyen # 41*eb1a3463STruong Nguyen tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \ 42*eb1a3463STruong Nguyen awk '{print $2}'` 43*eb1a3463STruong Nguyen 44*eb1a3463STruong Nguyen echo "# $FMRI" >$ipf_file 45*eb1a3463STruong Nguyen for port in $tports; do 46*eb1a3463STruong Nguyen generate_rules $FMRI $policy "tcp" "any" $port $ipf_file 47*eb1a3463STruong Nguyen done 48*eb1a3463STruong Nguyen} 49*eb1a3463STruong Nguyen 507c478bd9Sstevel@tonic-gate# This script is being used for two purposes: as part of an SMF 517c478bd9Sstevel@tonic-gate# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M) 527c478bd9Sstevel@tonic-gate# application. 537c478bd9Sstevel@tonic-gate# 547c478bd9Sstevel@tonic-gate# Both, the SMF methods and sysidconfig/sys-unconfig use different 557c478bd9Sstevel@tonic-gate# arguments.. 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gatecase $1 in 587c478bd9Sstevel@tonic-gate # sysidconfig/sys-unconfig arguments (-c and -u) 597c478bd9Sstevel@tonic-gate'-c') 607c478bd9Sstevel@tonic-gate create_key $SSHDIR/ssh_host_rsa_key rsa 617c478bd9Sstevel@tonic-gate create_key $SSHDIR/ssh_host_dsa_key dsa 627c478bd9Sstevel@tonic-gate ;; 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate'-u') 657c478bd9Sstevel@tonic-gate # sys-unconfig(1M) knows how to remove ssh host keys, so there's 667c478bd9Sstevel@tonic-gate # nothing to do here. 677c478bd9Sstevel@tonic-gate : 687c478bd9Sstevel@tonic-gate ;; 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate # SMF arguments (start and restart [really "refresh"]) 71*eb1a3463STruong Nguyen 72*eb1a3463STruong Nguyen'ipfilter') 73*eb1a3463STruong Nguyen create_ipf_rules $2 74*eb1a3463STruong Nguyen ;; 75*eb1a3463STruong Nguyen 767c478bd9Sstevel@tonic-gate'start') 777c478bd9Sstevel@tonic-gate /usr/lib/ssh/sshd 787c478bd9Sstevel@tonic-gate ;; 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate'restart') 817c478bd9Sstevel@tonic-gate if [ -f "$PIDFILE" ]; then 827c478bd9Sstevel@tonic-gate /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE` 837c478bd9Sstevel@tonic-gate fi 847c478bd9Sstevel@tonic-gate ;; 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate*) 877c478bd9Sstevel@tonic-gate echo "Usage: $0 { start | restart }" 887c478bd9Sstevel@tonic-gate exit 1 897c478bd9Sstevel@tonic-gate ;; 907c478bd9Sstevel@tonic-gateesac 917c478bd9Sstevel@tonic-gate 927c478bd9Sstevel@tonic-gateexit $? 93