%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/etc/rc.d/
Upload File :
Create Path :
Current File : //backups/router/usr/local/etc/rc.d/openssh

#!/bin/sh

# PROVIDE: openssh
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable openssh:
#
# openssh_enable (bool):	Set it to "YES" to enable openssh.
#				Default is "NO".
# openssh_flags (flags):	Set extra flags to openssh.
#				Default is "". see sshd(1).
# openssh_pidfile (file):	Set full path to pid file.

. /etc/rc.subr

name="openssh"
rcvar=openssh_enable

load_rc_config ${name}

: ${openssh_enable:="NO"}
: ${openssh_skipportscheck="NO"}

# These only control ssh-keygen automatically generating host keys.
: ${openssh_dsa_enable="YES"}
: ${openssh_dsa_flags=""}
: ${openssh_rsa_enable="YES"}
: ${openssh_rsa_flags=""}
: ${openssh_ecdsa_enable="YES"}
: ${openssh_ecdsa_flags=""}
: ${openssh_ed25519_enable="YES"}
: ${openssh_ed25519_flags=""}

command=/usr/local/sbin/sshd
extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
reload_precmd="${name}_checks"
restart_precmd="${name}_checks"
configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}

openssh_keygen()
{
	local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
	checkyesno openssh_dsa_enable || skip_dsa=y
	checkyesno openssh_rsa_enable || skip_rsa=y
	checkyesno openssh_ecdsa_enable || skip_ecdsa=y
	checkyesno openssh_ed25519_enable || skip_ed25519=y

	if [ \( -n "$skip_dsa" -o -f /usr/local/etc/ssh/ssh_host_dsa_key \) -a \
	    \( -n "$skip_rsa" -o -f /usr/local/etc/ssh/ssh_host_rsa_key \) -a \
	    \( -n "$skip_ecdsa" -o -f /usr/local/etc/ssh/ssh_host_ecdsa_key \) -a \
	    \( -n "$skip_ed25519" -o -f /usr/local/etc/ssh/ssh_host_ed25519_key \) ]; then
		return 0
	fi

	umask 022

	# Can't do anything if ssh is not installed
	[ -x /usr/local/bin/ssh-keygen ] ||
		err 1 "/usr/local/bin/ssh-keygen does not exist."

	if [ -f /usr/local/etc/ssh/ssh_host_dsa_key ]; then
		echo "You already have a DSA host key" \
			"in /usr/local/etc/ssh/ssh_host_dsa_key"
		echo "Skipping protocol version 2 DSA Key Generation"
	elif checkyesno openssh_dsa_enable; then
		/usr/local/bin/ssh-keygen -t dsa $openssh_dsa_flags \
			-f /usr/local/etc/ssh/ssh_host_dsa_key -N ''
	fi

	if [ -f /usr/local/etc/ssh/ssh_host_rsa_key ]; then
		echo "You already have a RSA host key" \
			"in /usr/local/etc/ssh/ssh_host_rsa_key"
		echo "Skipping protocol version 2 RSA Key Generation"
	elif checkyesno openssh_rsa_enable; then
		/usr/local/bin/ssh-keygen -t rsa $openssh_rsa_flags \
			-f /usr/local/etc/ssh/ssh_host_rsa_key -N ''
	fi

	if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
		echo "You already have a Elliptic Curve DSA host key" \
			"in /usr/local/etc/ssh/ssh_host_ecdsa_key"
		echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
	elif checkyesno openssh_ecdsa_enable; then
		/usr/local/bin/ssh-keygen -t ecdsa $openssh_ecdsa_flags \
			-f /usr/local/etc/ssh/ssh_host_ecdsa_key -N ''
	fi

	if [ -f /usr/local/etc/ssh/ssh_host_ed25519_key ]; then
		echo "You already have a Elliptic Curve ED25519 host key" \
			"in /usr/local/etc/ssh/ssh_host_ed25519_key"
		echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
	elif checkyesno openssh_ed25519_enable; then
		/usr/local/bin/ssh-keygen -t ed25519 $openssh_ed22519_flags \
			-f /usr/local/etc/ssh/ssh_host_ed25519_key -N ''
	fi
}

openssh_check_same_ports(){
    # check if opensshd don't use base system sshd's port
    #
    # openssh binds ports in priority (lowest first):
    # Port from sshd_config
    # -p option from command line
    # ListenAddress addr:port from sshd_config


    #check if opensshd-portable installed in replacement of base sshd
    if [ "/usr/local/etc/ssh" = "/etc/ssh" ]; then
        return 1
    fi

    self_port=$(awk '$1~/^ListenAddress/ \
        {mlen=match($0,":[0-9]*$"); print \
        substr($0,mlen+1,length($0)-mlen)}' /usr/local/etc/ssh/sshd_config)
    if [ -z "$self_port" ]; then
        self_port=$(echo $openssh_flags | awk \
            '{for (i = 1; i <= NF; i++) if ($i == "-p") \
            {i++; printf "%s", $i; break; }; }')
        if [ -z "$self_port" ]; then
            self_port=$(awk '$1~/^Port/ {print $2}' \
                /usr/local/etc/ssh/sshd_config)
        fi
    fi
    # assume default 22 port
    if [ -z "$self_port" ]; then
        self_port=22
    fi

    load_rc_config "sshd"

    base_sshd_port=$(awk '$1~/^ListenAddress/ \
        {mlen=match($0,":[0-9]*$"); print \
        substr($0,mlen+1,length($0)-mlen)}' /etc/ssh/sshd_config)
    if [ -z "$base_sshd_port" ]; then
        base_sshd_port=$(echo $sshd_flags | awk \
            '{for (i = 1; i <= NF; i++) if ($i == "-p") \
            {i++; printf "%s", $i; break; }; }')
        if [ -z "$base_sshd_port" ]; then
            base_sshd_port=$(awk '$1~/^Port/ {print $2}' \
                /etc/ssh/sshd_config)
        fi
    fi
    if [ -z "$base_sshd_port" ]; then
        base_sshd_port=22
    fi

    # self_port and base_sshd_port may have multiple values. Compare them all
    for sport in ${self_port}; do
	    for bport in ${base_sshd_port}; do
		    [ ${sport} -eq ${bport} ] && return 0
	    done
    done

    return 1
}

openssh_configtest()
{
	echo "Performing sanity check on ${name} configuration."
	eval ${command} ${openssh_flags} -t
}

openssh_checks()
{
	if checkyesno sshd_enable ; then
      if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then
          err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port"
      fi
	fi

	openssh_keygen
	openssh_configtest
}

run_rc_command "$1"

Zerion Mini Shell 1.0