components/network/openssh/files/sshd

   1 #!/sbin/sh
   2 #
   3 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   4 # Use is subject to license terms.
   5 #
   6 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
   7 # Copyright 2023 Klaus Ziegler
   8 # Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
   9 #
  10
  11 . /lib/svc/share/ipf_include.sh
  12 . /lib/svc/share/smf_include.sh
  13
  14 rc=$SMF_EXIT_OK
  15
  16 create_ipf_rules()
  17 {
  18     FMRI=$1
  19     ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
  20     ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX`
  21     policy=`get_policy ${FMRI}`
  22
  23     tports=`/usr/sbin/sshd -T 2>/dev/null | awk '/^port / {print $2}'`
  24
  25     echo "# $FMRI" >$ipf_file
  26     echo "# $FMRI" >$ipf6_file
  27     for port in $tports; do
  28         generate_rules $FMRI $policy "tcp" $port $ipf_file
  29         generate_rules $FMRI $policy "tcp" $port $ipf6_file _6
  30     done
  31 }
  32
  33
  34 # This script is being used as part of an SMF
  35 # start/stop/refresh method for SSH server.
  36 # Note: there is no refresh/restart switch defined,
  37 # because this is done by the SMF restarter property.
  38 #
  39
  40 case $1 in
  41
  42 'ipfilter')
  43         create_ipf_rules $2
  44         ;;
  45
  46 'start')
  47     # If host keys don't exist when the service is started, create them.
  48     # If we can't, we will flag this service as degraded but still allow it
  49     # to attempt to start to end up with a system that is as functional as
  50     # possible, and potentially has a running sshd to aid remote recovery.
  51         /usr/bin/ssh-keygen -A || rc=$SMF_EXIT_MON_DEGRADE
  52         /usr/sbin/sshd || rc=$SMF_EXIT_ERR_FATAL
  53         ;;
  54
  55 *)
  56         echo "Usage: $0 start"
  57     rc=$SMF_ERROR_FATAL
  58         ;;
  59 esac
  60
  61 exit $rc