| @@ -1,48 +1,48 @@ | | | @@ -1,48 +1,48 @@ |
1 | #!/bin/sh | | 1 | #!/bin/sh |
2 | # | | 2 | # |
3 | # $NetBSD: sshd,v 1.35 2023/06/05 11:59:12 riastradh Exp $ | | 3 | # $NetBSD: sshd,v 1.36 2023/06/10 04:02:39 kim Exp $ |
4 | # | | 4 | # |
5 | | | 5 | |
6 | # PROVIDE: sshd | | 6 | # PROVIDE: sshd |
7 | # REQUIRE: LOGIN | | 7 | # REQUIRE: LOGIN |
8 | | | 8 | |
9 | $_rc_subr_loaded . /etc/rc.subr | | 9 | $_rc_subr_loaded . /etc/rc.subr |
10 | | | 10 | |
11 | name="sshd" | | 11 | name="sshd" |
12 | rcvar=$name | | 12 | rcvar=$name |
13 | command="/usr/sbin/${name}" | | 13 | command="/usr/sbin/${name}" |
14 | pidfile="/var/run/${name}.pid" | | 14 | pidfile="/var/run/${name}.pid" |
15 | required_files="/etc/ssh/sshd_config" | | 15 | required_files="/etc/ssh/sshd_config" |
16 | extra_commands="check keygen keyregen reload" | | 16 | extra_commands="check keygen keyregen reload" |
17 | | | 17 | |
18 | sshd_motd_unsafe_keys_warning() | | 18 | sshd_motd_unsafe_keys_warning() |
19 | { | | 19 | { |
20 | ( | | 20 | ( |
21 | umask 022 | | 21 | umask 022 |
22 | T=/etc/_motd | | 22 | T=/etc/_motd |
23 | sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T | | 23 | sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T |
24 | if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then | | 24 | if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then |
25 | cat >> $T << _EOF | | 25 | cat >> $T << _EOF |
26 | -- UNSAFE KEYS WARNING: | | 26 | -- UNSAFE KEYS WARNING: |
27 | | | 27 | |
28 | The ssh host keys on this machine have been generated with | | 28 | The ssh host keys on this machine have been generated with |
29 | not enough entropy configured, so may be predictable. | | 29 | not enough entropy configured, so they may be predictable. |
30 | | | 30 | |
31 | To fix, follow the "Adding entropy" section in the entropy(7) | | 31 | To fix, follow the "Adding entropy" section in the entropy(7) |
32 | man page and after this machine has enough entropy, re-generate | | 32 | man page. After this machine has enough entropy, re-generate |
33 | the ssh host keys by running: | | 33 | the ssh host keys by running: |
34 | | | 34 | |
35 | sh /etc/rc.d/sshd keyregen | | 35 | /etc/rc.d/sshd keyregen |
36 | _EOF | | 36 | _EOF |
37 | fi | | 37 | fi |
38 | cmp -s $T /etc/motd || cp $T /etc/motd | | 38 | cmp -s $T /etc/motd || cp $T /etc/motd |
39 | rm -f $T | | 39 | rm -f $T |
40 | ) | | 40 | ) |
41 | } | | 41 | } |
42 | | | 42 | |
43 | sshd_keygen() | | 43 | sshd_keygen() |
44 | { | | 44 | { |
45 | ( | | 45 | ( |
46 | keygen="/usr/bin/ssh-keygen" | | 46 | keygen="/usr/bin/ssh-keygen" |
47 | umask 022 | | 47 | umask 022 |
48 | new_key_created=false | | 48 | new_key_created=false |
| @@ -56,27 +56,27 @@ sshd_keygen() | | | @@ -56,27 +56,27 @@ sshd_keygen() |
56 | -1) bitarg=;; | | 56 | -1) bitarg=;; |
57 | 0) bitarg="${ssh_keygen_flags}";; | | 57 | 0) bitarg="${ssh_keygen_flags}";; |
58 | *) bitarg="-b ${bits}";; | | 58 | *) bitarg="-b ${bits}";; |
59 | esac | | 59 | esac |
60 | "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \ | | 60 | "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \ |
61 | printf "ssh-keygen: " && "${keygen}" -f "${f}" -l | | 61 | printf "ssh-keygen: " && "${keygen}" -f "${f}" -l |
62 | new_key_created=true | | 62 | new_key_created=true |
63 | done << _EOF | | 63 | done << _EOF |
64 | ecdsa -1 ssh_host_ecdsa_key | | 64 | ecdsa -1 ssh_host_ecdsa_key |
65 | ed25519 -1 ssh_host_ed25519_key | | 65 | ed25519 -1 ssh_host_ed25519_key |
66 | rsa 0 ssh_host_rsa_key | | 66 | rsa 0 ssh_host_rsa_key |
67 | _EOF | | 67 | _EOF |
68 | if "${new_key_created}"; then | | 68 | if "${new_key_created}"; then |
69 | sshd_motd_unsafe_keys_warning | | 69 | sysctl -q kern.entropy.needed && sshd_motd_unsafe_keys_warning |
70 | fi | | 70 | fi |
71 | ) | | 71 | ) |
72 | } | | 72 | } |
73 | | | 73 | |
74 | sshd_precmd() | | 74 | sshd_precmd() |
75 | { | | 75 | { |
76 | run_rc_command keygen | | 76 | run_rc_command keygen |
77 | } | | 77 | } |
78 | | | 78 | |
79 | sshd_check() | | 79 | sshd_check() |
80 | { | | 80 | { |
81 | sshd -t | | 81 | sshd -t |
82 | } | | 82 | } |