mirror of
https://github.com/opnsense/src.git
synced 2026-03-16 23:55:19 -04:00
801c438304
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
102 lines
2.5 KiB
Bash
Executable file
102 lines
2.5 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: sshd
|
|
# REQUIRE: LOGIN cleanvar
|
|
# KEYWORD: shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="sshd"
|
|
rcvar="sshd_enable"
|
|
command="/usr/sbin/${name}"
|
|
keygen_cmd="sshd_keygen"
|
|
start_precmd="sshd_precmd"
|
|
pidfile="/var/run/${name}.pid"
|
|
extra_commands="keygen reload"
|
|
|
|
timeout=300
|
|
|
|
user_reseed()
|
|
{
|
|
(
|
|
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
|
|
if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
|
|
warn "Setting entropy source to blocking mode."
|
|
echo "===================================================="
|
|
echo "Type a full screenful of random junk to unblock"
|
|
echo "it and remember to finish with <enter>. This will"
|
|
echo "timeout in ${timeout} seconds, but waiting for"
|
|
echo "the timeout without typing junk may make the"
|
|
echo "entropy source deliver predictable output."
|
|
echo ""
|
|
echo "Just hit <enter> for fast+insecure startup."
|
|
echo "===================================================="
|
|
sysctl kern.random.sys.seeded=0 2>/dev/null
|
|
read -t ${timeout} junk
|
|
echo "${junk}" `sysctl -a` `date` > /dev/random
|
|
fi
|
|
)
|
|
}
|
|
|
|
sshd_keygen()
|
|
{
|
|
(
|
|
umask 022
|
|
|
|
# Can't do anything if ssh is not installed
|
|
[ -x /usr/bin/ssh-keygen ] || {
|
|
warn "/usr/bin/ssh-keygen does not exist."
|
|
return 1
|
|
}
|
|
|
|
if [ -f /etc/ssh/ssh_host_key ]; then
|
|
echo "You already have an RSA host key" \
|
|
"in /etc/ssh/ssh_host_key"
|
|
echo "Skipping protocol version 1 RSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t rsa1 -b 1024 \
|
|
-f /etc/ssh/ssh_host_key -N ''
|
|
fi
|
|
|
|
if [ -f /etc/ssh/ssh_host_dsa_key ]; then
|
|
echo "You already have a DSA host key" \
|
|
"in /etc/ssh/ssh_host_dsa_key"
|
|
echo "Skipping protocol version 2 DSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
|
|
fi
|
|
|
|
if [ -f /etc/ssh/ssh_host_rsa_key ]; then
|
|
echo "You already have an RSA host key" \
|
|
"in /etc/ssh/ssh_host_rsa_key"
|
|
echo "Skipping protocol version 2 RSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
|
|
fi
|
|
|
|
if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
|
|
echo "You already have an ECDSA host key" \
|
|
"in /etc/ssh/ssh_host_ecdsa_key"
|
|
echo "Skipping protocol version 2 ECDSA Key Generation"
|
|
else
|
|
/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
|
|
fi
|
|
)
|
|
}
|
|
|
|
sshd_precmd()
|
|
{
|
|
if [ ! -f /etc/ssh/ssh_host_key -o \
|
|
! -f /etc/ssh/ssh_host_dsa_key -o \
|
|
! -f /etc/ssh/ssh_host_ecdsa_key -o \
|
|
! -f /etc/ssh/ssh_host_rsa_key ]; then
|
|
user_reseed
|
|
run_rc_command keygen
|
|
fi
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|