8354 sync regcomp(3C) with upstream (fix make catalog)
[unleashed/tickless.git] / usr / src / cmd / ssh / etc / sshd
blobd52b1afd25ae03dbdcf087be70d0c8ef098a391a
1 #!/sbin/sh
3 # Copyright 2010 Sun Microsystems, Inc. All rights reserved.
4 # Use is subject to license terms.
6 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
9 . /lib/svc/share/ipf_include.sh
10 . /lib/svc/share/smf_include.sh
12 SSHDIR=/etc/ssh
13 KEYGEN="/usr/bin/ssh-keygen -q"
14 PIDFILE=/var/run/sshd.pid
16 # Checks to see if RSA, and DSA host keys are available
17 # if any of these keys are not present, the respective keys are created.
18 create_key()
20 keypath=$1
21 keytype=$2
23 if [ ! -f $keypath ]; then
25 # HostKey keywords in sshd_config may be preceded or
26 # followed by a mix of any number of space or tabs,
27 # and optionally have an = between keyword and
28 # argument. We use two grep invocations such that we
29 # can match HostKey case insensitively but still have
30 # the case of the path name be significant, keeping
31 # the pattern somewhat more readable.
33 # The character classes below contain one literal
34 # space and one literal tab.
36 grep -i "^[ ]*HostKey[ ]*=\{0,1\}[ ]*$keypath" \
37 $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
39 if [ $? -eq 0 ]; then
40 echo Creating new $keytype public/private host key pair
41 $KEYGEN -f $keypath -t $keytype -N ''
42 if [ $? -ne 0 ]; then
43 echo "Could not create $keytype key: $keypath"
44 exit $SMF_EXIT_ERR_CONFIG
50 create_ipf_rules()
52 FMRI=$1
53 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
54 ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX`
55 policy=`get_policy ${FMRI}`
58 # Get port from /etc/ssh/sshd_config
60 tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
61 awk '{print $2}'`
63 echo "# $FMRI" >$ipf_file
64 echo "# $FMRI" >$ipf6_file
65 for port in $tports; do
66 generate_rules $FMRI $policy "tcp" $port $ipf_file
67 generate_rules $FMRI $policy "tcp" $port $ipf6_file _6
68 done
71 # This script is being used for two purposes: as part of an SMF
72 # start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
73 # application.
75 # Both, the SMF methods and sysidconfig/sys-unconfig use different
76 # arguments..
78 case $1 in
79 # sysidconfig/sys-unconfig arguments (-c and -u)
80 '-c')
81 /usr/bin/ssh-keygen -A
82 if [ $? -ne 0 ]; then
83 create_key $SSHDIR/ssh_host_rsa_key rsa
84 create_key $SSHDIR/ssh_host_dsa_key dsa
88 '-u')
89 # sys-unconfig(1M) knows how to remove ssh host keys, so there's
90 # nothing to do here.
94 # SMF arguments (start and restart [really "refresh"])
96 'ipfilter')
97 create_ipf_rules $2
100 'start')
102 # If host keys don't exist when the service is started, create
103 # them; sysidconfig is not run in every situation (such as on
104 # the install media).
106 /usr/bin/ssh-keygen -A
107 if [ $? -ne 0 ]; then
108 create_key $SSHDIR/ssh_host_rsa_key rsa
109 create_key $SSHDIR/ssh_host_dsa_key dsa
112 /usr/lib/ssh/sshd
115 'restart')
116 if [ -f "$PIDFILE" ]; then
117 /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
122 echo "Usage: $0 { start | restart }"
123 exit 1
125 esac
127 exit $?