Current File : //proc/self/root/backups/router/usr/local/etc/rc.d/openssh
#!/bin/sh
# PROVIDE: openssh
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable openssh:
#
# openssh_enable (bool): Set it to "YES" to enable openssh.
# Default is "NO".
# openssh_flags (flags): Set extra flags to openssh.
# Default is "". see sshd(1).
# openssh_pidfile (file): Set full path to pid file.
. /etc/rc.subr
name="openssh"
rcvar=openssh_enable
load_rc_config ${name}
: ${openssh_enable:="NO"}
: ${openssh_skipportscheck="NO"}
# These only control ssh-keygen automatically generating host keys.
: ${openssh_dsa_enable="YES"}
: ${openssh_dsa_flags=""}
: ${openssh_rsa_enable="YES"}
: ${openssh_rsa_flags=""}
: ${openssh_ecdsa_enable="YES"}
: ${openssh_ecdsa_flags=""}
: ${openssh_ed25519_enable="YES"}
: ${openssh_ed25519_flags=""}
command=/usr/local/sbin/sshd
extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
reload_precmd="${name}_checks"
restart_precmd="${name}_checks"
configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
openssh_keygen()
{
local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
checkyesno openssh_dsa_enable || skip_dsa=y
checkyesno openssh_rsa_enable || skip_rsa=y
checkyesno openssh_ecdsa_enable || skip_ecdsa=y
checkyesno openssh_ed25519_enable || skip_ed25519=y
if [ \( -n "$skip_dsa" -o -f /usr/local/etc/ssh/ssh_host_dsa_key \) -a \
\( -n "$skip_rsa" -o -f /usr/local/etc/ssh/ssh_host_rsa_key \) -a \
\( -n "$skip_ecdsa" -o -f /usr/local/etc/ssh/ssh_host_ecdsa_key \) -a \
\( -n "$skip_ed25519" -o -f /usr/local/etc/ssh/ssh_host_ed25519_key \) ]; then
return 0
fi
umask 022
# Can't do anything if ssh is not installed
[ -x /usr/local/bin/ssh-keygen ] ||
err 1 "/usr/local/bin/ssh-keygen does not exist."
if [ -f /usr/local/etc/ssh/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in /usr/local/etc/ssh/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
elif checkyesno openssh_dsa_enable; then
/usr/local/bin/ssh-keygen -t dsa $openssh_dsa_flags \
-f /usr/local/etc/ssh/ssh_host_dsa_key -N ''
fi
if [ -f /usr/local/etc/ssh/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in /usr/local/etc/ssh/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
elif checkyesno openssh_rsa_enable; then
/usr/local/bin/ssh-keygen -t rsa $openssh_rsa_flags \
-f /usr/local/etc/ssh/ssh_host_rsa_key -N ''
fi
if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
echo "You already have a Elliptic Curve DSA host key" \
"in /usr/local/etc/ssh/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
elif checkyesno openssh_ecdsa_enable; then
/usr/local/bin/ssh-keygen -t ecdsa $openssh_ecdsa_flags \
-f /usr/local/etc/ssh/ssh_host_ecdsa_key -N ''
fi
if [ -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
echo "You already have a Elliptic Curve ED25519 host key" \
"in /usr/local/etc/ssh/ssh_host_ed25519_key"
echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
elif checkyesno openssh_ed25519_enable; then
/usr/local/bin/ssh-keygen -t ed25519 $openssh_ed22519_flags \
-f /usr/local/etc/ssh/ssh_host_ed25519_key -N ''
fi
}
openssh_check_same_ports(){
# check if opensshd don't use base system sshd's port
#
# openssh binds ports in priority (lowest first):
# Port from sshd_config
# -p option from command line
# ListenAddress addr:port from sshd_config
#check if opensshd-portable installed in replacement of base sshd
if [ "/usr/local/etc/ssh" = "/etc/ssh" ]; then
return 1
fi
self_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' /usr/local/etc/ssh/sshd_config)
if [ -z "$self_port" ]; then
self_port=$(echo $openssh_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$self_port" ]; then
self_port=$(awk '$1~/^Port/ {print $2}' \
/usr/local/etc/ssh/sshd_config)
fi
fi
# assume default 22 port
if [ -z "$self_port" ]; then
self_port=22
fi
load_rc_config "sshd"
base_sshd_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' /etc/ssh/sshd_config)
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(echo $sshd_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(awk '$1~/^Port/ {print $2}' \
/etc/ssh/sshd_config)
fi
fi
if [ -z "$base_sshd_port" ]; then
base_sshd_port=22
fi
# self_port and base_sshd_port may have multiple values. Compare them all
for sport in ${self_port}; do
for bport in ${base_sshd_port}; do
[ ${sport} -eq ${bport} ] && return 0
done
done
return 1
}
openssh_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${openssh_flags} -t
}
openssh_checks()
{
if checkyesno sshd_enable ; then
if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then
err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port"
fi
fi
openssh_keygen
openssh_configtest
}
run_rc_command "$1"
Mini Shell