Sat Jun 10 04:02:39 2023 UTC ()
Add some backwards compat.  Adjust grammar.


(kim)
diff -r1.35 -r1.36 src/etc/rc.d/sshd
cvs diff -r1.35 -r1.36 src/etc/rc.d/sshd (expand / switch to unified diff)

--- src/etc/rc.d/sshd 2023/06/05 11:59:12 1.35
+++ src/etc/rc.d/sshd 2023/06/10 04:02:39 1.36
@@ -1,48 +1,48 @@ @@ -1,48 +1,48 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $NetBSD: sshd,v 1.35 2023/06/05 11:59:12 riastradh Exp $ 3# $NetBSD: sshd,v 1.36 2023/06/10 04:02:39 kim Exp $
4# 4#
5 5
6# PROVIDE: sshd 6# PROVIDE: sshd
7# REQUIRE: LOGIN 7# REQUIRE: LOGIN
8 8
9$_rc_subr_loaded . /etc/rc.subr 9$_rc_subr_loaded . /etc/rc.subr
10 10
11name="sshd" 11name="sshd"
12rcvar=$name 12rcvar=$name
13command="/usr/sbin/${name}" 13command="/usr/sbin/${name}"
14pidfile="/var/run/${name}.pid" 14pidfile="/var/run/${name}.pid"
15required_files="/etc/ssh/sshd_config" 15required_files="/etc/ssh/sshd_config"
16extra_commands="check keygen keyregen reload" 16extra_commands="check keygen keyregen reload"
17 17
18sshd_motd_unsafe_keys_warning() 18sshd_motd_unsafe_keys_warning()
19{ 19{
20( 20(
21 umask 022 21 umask 022
22 T=/etc/_motd 22 T=/etc/_motd
23 sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T 23 sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T
24 if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then 24 if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then
25 cat >> $T << _EOF 25 cat >> $T << _EOF
26-- UNSAFE KEYS WARNING: 26-- UNSAFE KEYS WARNING:
27 27
28 The ssh host keys on this machine have been generated with 28 The ssh host keys on this machine have been generated with
29 not enough entropy configured, so may be predictable. 29 not enough entropy configured, so they may be predictable.
30 30
31 To fix, follow the "Adding entropy" section in the entropy(7) 31 To fix, follow the "Adding entropy" section in the entropy(7)
32 man page and after this machine has enough entropy, re-generate 32 man page. After this machine has enough entropy, re-generate
33 the ssh host keys by running: 33 the ssh host keys by running:
34 34
35 sh /etc/rc.d/sshd keyregen 35 /etc/rc.d/sshd keyregen
36_EOF 36_EOF
37 fi 37 fi
38 cmp -s $T /etc/motd || cp $T /etc/motd 38 cmp -s $T /etc/motd || cp $T /etc/motd
39 rm -f $T 39 rm -f $T
40) 40)
41} 41}
42 42
43sshd_keygen() 43sshd_keygen()
44{ 44{
45( 45(
46 keygen="/usr/bin/ssh-keygen" 46 keygen="/usr/bin/ssh-keygen"
47 umask 022 47 umask 022
48 new_key_created=false 48 new_key_created=false
@@ -56,27 +56,27 @@ sshd_keygen() @@ -56,27 +56,27 @@ sshd_keygen()
56 -1) bitarg=;; 56 -1) bitarg=;;
57 0) bitarg="${ssh_keygen_flags}";; 57 0) bitarg="${ssh_keygen_flags}";;
58 *) bitarg="-b ${bits}";; 58 *) bitarg="-b ${bits}";;
59 esac 59 esac
60 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \ 60 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \
61 printf "ssh-keygen: " && "${keygen}" -f "${f}" -l 61 printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
62 new_key_created=true 62 new_key_created=true
63 done << _EOF 63 done << _EOF
64ecdsa -1 ssh_host_ecdsa_key 64ecdsa -1 ssh_host_ecdsa_key
65ed25519 -1 ssh_host_ed25519_key 65ed25519 -1 ssh_host_ed25519_key
66rsa 0 ssh_host_rsa_key 66rsa 0 ssh_host_rsa_key
67_EOF 67_EOF
68 if "${new_key_created}"; then 68 if "${new_key_created}"; then
69 sshd_motd_unsafe_keys_warning 69 sysctl -q kern.entropy.needed && sshd_motd_unsafe_keys_warning
70 fi 70 fi
71) 71)
72} 72}
73 73
74sshd_precmd() 74sshd_precmd()
75{ 75{
76 run_rc_command keygen 76 run_rc_command keygen
77} 77}
78 78
79sshd_check() 79sshd_check()
80{ 80{
81 sshd -t 81 sshd -t
82} 82}