| @@ -1,74 +1,62 @@ | | | @@ -1,74 +1,62 @@ |
1 | #!/bin/sh | | 1 | #!/bin/sh |
2 | # | | 2 | # |
3 | # $NetBSD: sshd,v 1.21 2011/07/25 03:04:23 christos Exp $ | | 3 | # $NetBSD: sshd,v 1.21.12.1 2017/08/15 05:36:08 snj Exp $ |
4 | # | | 4 | # |
5 | | | 5 | |
6 | # PROVIDE: sshd | | 6 | # PROVIDE: sshd |
7 | # REQUIRE: LOGIN | | 7 | # REQUIRE: LOGIN |
8 | | | 8 | |
9 | $_rc_subr_loaded . /etc/rc.subr | | 9 | $_rc_subr_loaded . /etc/rc.subr |
10 | | | 10 | |
11 | name="sshd" | | 11 | name="sshd" |
12 | rcvar=$name | | 12 | rcvar=$name |
13 | command="/usr/sbin/${name}" | | 13 | command="/usr/sbin/${name}" |
14 | pidfile="/var/run/${name}.pid" | | 14 | pidfile="/var/run/${name}.pid" |
15 | required_files="/etc/ssh/sshd_config" | | 15 | required_files="/etc/ssh/sshd_config" |
16 | extra_commands="keygen reload" | | 16 | extra_commands="keygen reload" |
17 | | | 17 | |
18 | sshd_keygen() | | 18 | sshd_keygen() |
19 | { | | 19 | { |
20 | ( | | 20 | ( |
| | | 21 | keygen="/usr/bin/ssh-keygen" |
21 | umask 022 | | 22 | umask 022 |
22 | if [ -f /etc/ssh/ssh_host_key ]; then | | 23 | while read type bits filename version name; do |
23 | echo "You already have an RSA host key" \ | | 24 | f="/etc/ssh/$filename" |
24 | "in /etc/ssh/ssh_host_key" | | 25 | if [ -f "$f" ]; then |
25 | echo "Skipping protocol version 1 RSA Key Generation" | | 26 | echo "You already have an $name host key in $f" |
26 | else | | 27 | echo "Skipping protocol version $version $name" \ |
27 | /usr/bin/ssh-keygen -t rsa1 ${ssh_keygen_flags} \ | | 28 | "Key Generation" |
28 | -f /etc/ssh/ssh_host_key -N '' | | 29 | else |
29 | fi | | 30 | case "${bits}" in |
30 | | | 31 | -1) bitarg=;; |
31 | if [ -f /etc/ssh/ssh_host_dsa_key ]; then | | 32 | 0) bitarg="${ssh_keygen_flags}";; |
32 | echo "You already have a DSA host key" \ | | 33 | *) bitarg="-b ${bits}";; |
33 | "in /etc/ssh/ssh_host_dsa_key" | | 34 | esac |
34 | echo "Skipping protocol version 2 DSA Key Generation" | | 35 | "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' |
35 | else | | 36 | fi |
36 | /usr/bin/ssh-keygen -t dsa ${ssh_keygen_flags} \ | | 37 | done << _EOF |
37 | -f /etc/ssh/ssh_host_dsa_key -N '' | | 38 | rsa1 0 ssh_host_key 1 RSA |
38 | fi | | 39 | dsa 1024 ssh_host_dsa_key 2 DSA |
39 | | | 40 | ecdsa 521 ssh_host_ecdsa_key 1 ECDSA |
40 | if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then | | 41 | ed25519 -1 ssh_host_ed25519_key 1 ED25519 |
41 | echo "You already have a ECDSA host key" \ | | 42 | rsa 0 ssh_host_rsa_key 2 RSA |
42 | "in /etc/ssh/ssh_host_ecdsa_key" | | 43 | _EOF |
43 | echo "Skipping protocol version 1 ECDSA Key Generation" | | 44 | ) |
44 | else | | | |
45 | /usr/bin/ssh-keygen -t ecdsa -b 521 \ | | | |
46 | -f /etc/ssh/ssh_host_ecdsa_key -N '' | | | |
47 | fi | | | |
48 | | | | |
49 | if [ -f /etc/ssh/ssh_host_rsa_key ]; then | | | |
50 | echo "You already have a RSA host key" \ | | | |
51 | "in /etc/ssh/ssh_host_rsa_key" | | | |
52 | echo "Skipping protocol version 2 RSA Key Generation" | | | |
53 | else | | | |
54 | /usr/bin/ssh-keygen -t rsa ${ssh_keygen_flags} \ | | | |
55 | -f /etc/ssh/ssh_host_rsa_key -N '' | | | |
56 | fi | | | |
57 | ) | | | |
58 | } | | 45 | } |
59 | | | 46 | |
60 | sshd_precmd() | | 47 | sshd_precmd() |
61 | { | | 48 | { |
62 | if [ ! -f /etc/ssh/ssh_host_key -o \ | | 49 | if [ ! -f /etc/ssh/ssh_host_key -o \ |
63 | ! -f /etc/ssh/ssh_host_dsa_key -o \ | | 50 | ! -f /etc/ssh/ssh_host_dsa_key -o \ |
64 | ! -f /etc/ssh/ssh_host_ecdsa_key -o \ | | 51 | ! -f /etc/ssh/ssh_host_ecdsa_key -o \ |
| | | 52 | ! -f /etc/ssh/ssh_host_ed25519_key -o \ |
65 | ! -f /etc/ssh/ssh_host_rsa_key ]; then | | 53 | ! -f /etc/ssh/ssh_host_rsa_key ]; then |
66 | run_rc_command keygen | | 54 | run_rc_command keygen |
67 | fi | | 55 | fi |
68 | } | | 56 | } |
69 | | | 57 | |
70 | keygen_cmd=sshd_keygen | | 58 | keygen_cmd=sshd_keygen |
71 | start_precmd=sshd_precmd | | 59 | start_precmd=sshd_precmd |
72 | | | 60 | |
73 | load_rc_config $name | | 61 | load_rc_config $name |
74 | run_rc_command "$1" | | 62 | run_rc_command "$1" |