search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / cmd / ssh / etc / sshd
blobd52b1afd25ae03dbdcf087be70d0c8ef098a391a
1 #!/sbin/sh
2 #
3 # Copyright 2010 Sun Microsystems, Inc. All rights reserved.
4 # Use is subject to license terms.
5 #
6 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
7 #
8
9 . /lib/svc/share/ipf_include.sh
10 . /lib/svc/share/smf_include.sh
11
12 SSHDIR=/etc/ssh
13 KEYGEN="/usr/bin/ssh-keygen -q"
14 PIDFILE=/var/run/sshd.pid
15
16 # Checks to see if RSA, and DSA host keys are available
17 # if any of these keys are not present, the respective keys are created.
18 create_key()
19 {
20 keypath=$1
21 keytype=$2
22
23 if [ ! -f $keypath ]; then
24 #
25 # HostKey keywords in sshd_config may be preceded or
26 # followed by a mix of any number of space or tabs,
27 # and optionally have an = between keyword and
28 # argument. We use two grep invocations such that we
29 # can match HostKey case insensitively but still have
30 # the case of the path name be significant, keeping
31 # the pattern somewhat more readable.
32 #
33 # The character classes below contain one literal
34 # space and one literal tab.
35 #
36 grep -i "^[ ]*HostKey[ ]*=\{0,1\}[ ]*$keypath" \
37 $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
38
39 if [ $? -eq 0 ]; then
40 echo Creating new $keytype public/private host key pair
41 $KEYGEN -f $keypath -t $keytype -N ''
42 if [ $? -ne 0 ]; then
43 echo "Could not create $keytype key: $keypath"
44 exit $SMF_EXIT_ERR_CONFIG
45 fi
46 fi
47 fi
48 }
49
50 create_ipf_rules()
51 {
52 FMRI=$1
53 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
54 ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX`
55 policy=`get_policy ${FMRI}`
56
57 #
58 # Get port from /etc/ssh/sshd_config
59 #
60 tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
61 awk '{print $2}'`
62
63 echo "# $FMRI" >$ipf_file
64 echo "# $FMRI" >$ipf6_file
65 for port in $tports; do
66 generate_rules $FMRI $policy "tcp" $port $ipf_file
67 generate_rules $FMRI $policy "tcp" $port $ipf6_file _6
68 done
69 }
70
71 # This script is being used for two purposes: as part of an SMF
72 # start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
73 # application.
74 #
75 # Both, the SMF methods and sysidconfig/sys-unconfig use different
76 # arguments..
77
78 case $1 in
79 # sysidconfig/sys-unconfig arguments (-c and -u)
80 '-c')
81 /usr/bin/ssh-keygen -A
82 if [ $? -ne 0 ]; then
83 create_key $SSHDIR/ssh_host_rsa_key rsa
84 create_key $SSHDIR/ssh_host_dsa_key dsa
85 fi
86 ;;
87
88 '-u')
89 # sys-unconfig(1M) knows how to remove ssh host keys, so there's
90 # nothing to do here.
91 :
92 ;;
93
94 # SMF arguments (start and restart [really "refresh"])
95
96 'ipfilter')
97 create_ipf_rules $2
98 ;;
99
100 'start')
101 #
102 # If host keys don't exist when the service is started, create
103 # them; sysidconfig is not run in every situation (such as on
104 # the install media).
105 #
106 /usr/bin/ssh-keygen -A
107 if [ $? -ne 0 ]; then
108 create_key $SSHDIR/ssh_host_rsa_key rsa
109 create_key $SSHDIR/ssh_host_dsa_key dsa
110 fi
111
112 /usr/lib/ssh/sshd
113 ;;
114
115 'restart')
116 if [ -f "$PIDFILE" ]; then
117 /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
118 fi
119 ;;
120
121 *)
122 echo "Usage: $0 { start | restart }"
123 exit 1
124 ;;
125 esac
126
127 exit $?
unleashed repo fork