1#!/bin/sh 2# 3# $NetBSD: sshd,v 1.31 2021/09/26 10:53:20 martin Exp $ 4# 5 6# PROVIDE: sshd 7# REQUIRE: LOGIN 8 9$_rc_subr_loaded . /etc/rc.subr 10 11name="sshd" 12rcvar=$name 13command="/usr/sbin/${name}" 14pidfile="/var/run/${name}.pid" 15required_files="/etc/ssh/sshd_config" 16extra_commands="keygen keyregen reload" 17 18sshd_motd_unsafe_keys_warning() 19{ 20( 21 umask 022 22 T=/etc/_motd 23 sed -E '/^-- UNSAFE KEYS WARNING:/,$d' < /etc/motd > $T 24 if [ $( sysctl -n kern.entropy.needed ) -ne 0 ]; then 25 cat >> $T << _EOF 26-- UNSAFE KEYS WARNING: 27 28 The ssh host keys on this machine have been generated with 29 not enough entropy configured, so may be predictable. 30 31 To fix, follow the "Adding entropy" section in the entropy(7) 32 man page and after this machine has enough entropy, re-generate 33 the ssh host keys by running: 34 35 sh /etc/rc.d/sshd keyregen 36_EOF 37 fi 38 cmp -s $T /etc/motd || cp $T /etc/motd 39 rm -f $T 40) 41} 42 43sshd_keygen() 44{ 45( 46 keygen="/usr/bin/ssh-keygen" 47 umask 022 48 while read type bits filename; do 49 f="/etc/ssh/$filename" 50 if [ "$1" != "force" ] && [ -f "$f" ]; then 51 continue 52 fi 53 rm -f "$f" 54 case "${bits}" in 55 -1) bitarg=;; 56 0) bitarg="${ssh_keygen_flags}";; 57 *) bitarg="-b ${bits}";; 58 esac 59 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \ 60 printf "ssh-keygen: " && "${keygen}" -f "${f}" -l 61 done << _EOF 62dsa 1024 ssh_host_dsa_key 63ecdsa 521 ssh_host_ecdsa_key 64ed25519 -1 ssh_host_ed25519_key 65rsa 0 ssh_host_rsa_key 66_EOF 67) 68 sshd_motd_unsafe_keys_warning 69} 70 71sshd_precmd() 72{ 73 run_rc_command keygen 74} 75 76keygen_cmd=sshd_keygen 77keyregen_cmd="sshd_keygen force" 78start_precmd=sshd_precmd 79 80load_rc_config $name 81run_rc_command "$1" 82