hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-15 06:42:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Give sshd a secure startup, but with a tweakable timeout so that

Browse Source 
the box won't hang forever at startup.
This commit is contained in:
Mark Murray 2004-08-04 08:10:37 +00:00
parent 48ec21e7e6
commit e46792f8f1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=133110
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
etc/rc.d/sshd
View File

@ -17,6 +17,30 @@ start_precmd="sshd_precmd"
pidfile="/var/run/${name}.pid" pidfile="/var/run/${name}.pid"
extra_commands="keygen reload" extra_commands="keygen reload"
timeout=300
user_reseed()
{
(
seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
if [ "${seeded}" != "" ] ; then
warn "Setting entropy source to blocking mode."
echo "===================================================="
echo "Type a full screenful of random junk to unblock"
echo "it and remember to finish with <enter>. This will"
echo "timeout in ${timeout} seconds, but waiting for"
echo "the timeout without typing junk may make the"
echo "entropy source deliver predictable output."
echo ""
echo "Just hit <enter> for fast+insecure startup."
echo "===================================================="
sysctl kern.random.sys.seeded=0 2>/dev/null
read -t ${timeout} junk
echo "${junk}" `sysctl -a` `date` > /dev/random
fi
)
}
sshd_keygen() sshd_keygen()
{ {
( (
@ -60,6 +84,7 @@ sshd_precmd()
if [ ! -f /etc/ssh/ssh_host_key -o \ if [ ! -f /etc/ssh/ssh_host_key -o \
! -f /etc/ssh/ssh_host_dsa_key -o \ ! -f /etc/ssh/ssh_host_dsa_key -o \
! -f /etc/ssh/ssh_host_rsa_key ]; then ! -f /etc/ssh/ssh_host_rsa_key ]; then
user_reseed
run_rc_command keygen run_rc_command keygen
fi fi
} }