From e46792f8f1013ce478ffe172235b11648c32a190 Mon Sep 17 00:00:00 2001
From: Mark Murray <markm@FreeBSD.org>
Date: Wed, 4 Aug 2004 08:10:37 +0000
Subject: [PATCH] Give sshd a secure startup, but with a tweakable timeout so
 that the box won't hang forever at startup.

---
 etc/rc.d/sshd | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd
index 235547fd1be7..3ee2b4d02fb9 100755
--- a/etc/rc.d/sshd
+++ b/etc/rc.d/sshd
@@ -17,6 +17,30 @@ start_precmd="sshd_precmd"
 pidfile="/var/run/${name}.pid"
 extra_commands="keygen reload"
 
+timeout=300
+
+user_reseed()
+{
+	(
+	seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
+	if [ "${seeded}" != "" ] ; then
+		warn "Setting entropy source to blocking mode."
+		echo "===================================================="
+		echo "Type a full screenful of random junk to unblock"
+		echo "it and remember to finish with <enter>. This will"
+		echo "timeout in ${timeout} seconds, but waiting for"
+		echo "the timeout without typing junk may make the"
+		echo "entropy source deliver predictable output."
+		echo ""
+		echo "Just hit <enter> for fast+insecure startup."
+		echo "===================================================="
+		sysctl kern.random.sys.seeded=0 2>/dev/null
+		read -t ${timeout} junk
+		echo "${junk}" `sysctl -a` `date` > /dev/random
+	fi
+	)
+}
+
 sshd_keygen()
 {
 	(
@@ -60,6 +84,7 @@ sshd_precmd()
 	if [ ! -f /etc/ssh/ssh_host_key -o \
 	    ! -f /etc/ssh/ssh_host_dsa_key -o \
 	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
+		user_reseed
 		run_rc_command keygen
 	fi
 }