xref: /titanic_50/usr/src/cmd/ssh/etc/sshd (revision 585995d5d19489bf178112c08c8c61ffc049ff6e)
1#!/sbin/sh
2#
3# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
4# Use is subject to license terms.
5#
6
7. /lib/svc/share/ipf_include.sh
8
9SSHDIR=/etc/ssh
10KEYGEN="/usr/bin/ssh-keygen -q"
11PIDFILE=/var/run/sshd.pid
12
13# Checks to see if RSA, and DSA host keys are available
14# if any of these keys are not present, the respective keys are created.
15create_key()
16{
17	keypath=$1
18	keytype=$2
19
20	if [ ! -f $keypath ]; then
21		grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1
22		if [ $? -eq 0 ]; then
23			echo Creating new $keytype public/private host key pair
24			$KEYGEN -f $keypath -t $keytype -N ''
25			return $?
26		fi
27	fi
28
29	return 0
30}
31
32create_ipf_rules()
33{
34	FMRI=$1
35	ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
36	policy=`get_policy ${FMRI}`
37
38	#
39	# Get port from /etc/ssh/sshd_config
40	#
41	tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
42	    awk '{print $2}'`
43
44	echo "# $FMRI" >$ipf_file
45	for port in $tports; do
46		generate_rules $FMRI $policy "tcp" "any" $port $ipf_file
47	done
48}
49
50# This script is being used for two purposes: as part of an SMF
51# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
52# application.
53#
54# Both, the SMF methods and sysidconfig/sys-unconfig use different
55# arguments..
56
57case $1 in
58	# sysidconfig/sys-unconfig arguments (-c and -u)
59'-c')
60	create_key $SSHDIR/ssh_host_rsa_key rsa
61	create_key $SSHDIR/ssh_host_dsa_key dsa
62	;;
63
64'-u')
65	# sys-unconfig(1M) knows how to remove ssh host keys, so there's
66	# nothing to do here.
67	:
68	;;
69
70	# SMF arguments (start and restart [really "refresh"])
71
72'ipfilter')
73	create_ipf_rules $2
74	;;
75
76'start')
77	/usr/lib/ssh/sshd
78	;;
79
80'restart')
81	if [ -f "$PIDFILE" ]; then
82		/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
83	fi
84	;;
85
86*)
87	echo "Usage: $0 { start | restart }"
88	exit 1
89	;;
90esac
91
92exit $?
93