mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 14:56:13 +01:00
3e58608634
The sshd service is using ssh-keygen to generate missing SSH keys. If ssh-keygen is missing, it prints the following message: > /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist. It makes sense when the key is not generated yet and cannot be created because ssh-keygen is missing. The problem is that even if the key is present on the host, the sshd service would still warn about missing ssh-keygen (even though it does not need it). Reviewed by: emaste Approved by: emaste (src) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D23911
85 lines
1.4 KiB
Bash
Executable File
85 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: sshd
|
|
# REQUIRE: LOGIN FILESYSTEMS
|
|
# KEYWORD: shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="sshd"
|
|
desc="Secure Shell Daemon"
|
|
rcvar="sshd_enable"
|
|
command="/usr/sbin/${name}"
|
|
keygen_cmd="sshd_keygen"
|
|
start_precmd="sshd_precmd"
|
|
reload_precmd="sshd_configtest"
|
|
restart_precmd="sshd_configtest"
|
|
configtest_cmd="sshd_configtest"
|
|
pidfile="/var/run/${name}.pid"
|
|
extra_commands="configtest keygen reload"
|
|
|
|
: ${sshd_rsa_enable:="yes"}
|
|
: ${sshd_dsa_enable:="no"}
|
|
: ${sshd_ecdsa_enable:="yes"}
|
|
: ${sshd_ed25519_enable:="yes"}
|
|
|
|
sshd_keygen_alg()
|
|
{
|
|
local alg=$1
|
|
local ALG="$(echo $alg | tr a-z A-Z)"
|
|
local keyfile
|
|
|
|
if ! checkyesno "sshd_${alg}_enable" ; then
|
|
return 0
|
|
fi
|
|
|
|
case $alg in
|
|
rsa|dsa|ecdsa|ed25519)
|
|
keyfile="/etc/ssh/ssh_host_${alg}_key"
|
|
;;
|
|
*)
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
if [ -f "${keyfile}" ] ; then
|
|
info "$ALG host key exists."
|
|
return 0
|
|
fi
|
|
|
|
if [ ! -x /usr/bin/ssh-keygen ] ; then
|
|
warn "/usr/bin/ssh-keygen does not exist."
|
|
return 1
|
|
fi
|
|
|
|
echo "Generating $ALG host key."
|
|
/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
|
|
/usr/bin/ssh-keygen -l -f "$keyfile.pub"
|
|
}
|
|
|
|
sshd_keygen()
|
|
{
|
|
sshd_keygen_alg rsa
|
|
sshd_keygen_alg dsa
|
|
sshd_keygen_alg ecdsa
|
|
sshd_keygen_alg ed25519
|
|
}
|
|
|
|
sshd_configtest()
|
|
{
|
|
echo "Performing sanity check on ${name} configuration."
|
|
eval ${command} ${sshd_flags} -t
|
|
}
|
|
|
|
sshd_precmd()
|
|
{
|
|
run_rc_command keygen
|
|
run_rc_command configtest
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|