sshd (revision bbf21555) - OpenGrok cross reference for /illumos-gate/usr/src/cmd/ssh/etc/sshd

7c478bd9Sstevel@tonic-gate#!/sbin/sh
7c478bd9Sstevel@tonic-gate#
ead1f93eSLiane Praza# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
7c478bd9Sstevel@tonic-gate# Use is subject to license terms.
7c478bd9Sstevel@tonic-gate#
7ddce999SHans Rosenfeld# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
7ddce999SHans Rosenfeld#
eb1a3463STruong Nguyen
eb1a3463STruong Nguyen. /lib/svc/share/ipf_include.sh
ead1f93eSLiane Praza. /lib/svc/share/smf_include.sh
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateSSHDIR=/etc/ssh
7c478bd9Sstevel@tonic-gateKEYGEN="/usr/bin/ssh-keygen -q"
7c478bd9Sstevel@tonic-gatePIDFILE=/var/run/sshd.pid
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate# Checks to see if RSA, and DSA host keys are available
7c478bd9Sstevel@tonic-gate# if any of these keys are not present, the respective keys are created.
7c478bd9Sstevel@tonic-gatecreate_key()
7c478bd9Sstevel@tonic-gate{
7c478bd9Sstevel@tonic-gate	keypath=$1
7c478bd9Sstevel@tonic-gate	keytype=$2
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	if [ ! -f $keypath ]; then
ead1f93eSLiane Praza		#
ead1f93eSLiane Praza		# HostKey keywords in sshd_config may be preceded or
ead1f93eSLiane Praza		# followed by a mix of any number of space or tabs,
ead1f93eSLiane Praza		# and optionally have an = between keyword and
ead1f93eSLiane Praza		# argument.  We use two grep invocations such that we
ead1f93eSLiane Praza		# can match HostKey case insensitively but still have
ead1f93eSLiane Praza		# the case of the path name be significant, keeping
ead1f93eSLiane Praza		# the pattern somewhat more readable.
ead1f93eSLiane Praza		#
ead1f93eSLiane Praza		# The character classes below contain one literal
ead1f93eSLiane Praza		# space and one literal tab.
ead1f93eSLiane Praza		#
ead1f93eSLiane Praza		grep -i "^[ 	]*HostKey[ 	]*=\{0,1\}[ 	]*$keypath" \
ead1f93eSLiane Praza		    $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
ead1f93eSLiane Praza
7c478bd9Sstevel@tonic-gate		if [ $? -eq 0 ]; then
7c478bd9Sstevel@tonic-gate			echo Creating new $keytype public/private host key pair
7c478bd9Sstevel@tonic-gate			$KEYGEN -f $keypath -t $keytype -N ''
ead1f93eSLiane Praza			if [ $? -ne 0 ]; then
ead1f93eSLiane Praza				echo "Could not create $keytype key: $keypath"
ead1f93eSLiane Praza				exit $SMF_EXIT_ERR_CONFIG
ead1f93eSLiane Praza			fi
7c478bd9Sstevel@tonic-gate		fi
7c478bd9Sstevel@tonic-gate	fi
7c478bd9Sstevel@tonic-gate}
7c478bd9Sstevel@tonic-gate
eb1a3463STruong Nguyencreate_ipf_rules()
eb1a3463STruong Nguyen{
eb1a3463STruong Nguyen	FMRI=$1
eb1a3463STruong Nguyen	ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
7ddce999SHans Rosenfeld	ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX`
eb1a3463STruong Nguyen	policy=`get_policy ${FMRI}`
eb1a3463STruong Nguyen
eb1a3463STruong Nguyen	#
eb1a3463STruong Nguyen	# Get port from /etc/ssh/sshd_config
eb1a3463STruong Nguyen	#
eb1a3463STruong Nguyen	tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
eb1a3463STruong Nguyen	    awk '{print $2}'`
eb1a3463STruong Nguyen
eb1a3463STruong Nguyen	echo "# $FMRI" >$ipf_file
7ddce999SHans Rosenfeld	echo "# $FMRI" >$ipf6_file
eb1a3463STruong Nguyen	for port in $tports; do
7ddce999SHans Rosenfeld		generate_rules $FMRI $policy "tcp" $port $ipf_file
7ddce999SHans Rosenfeld		generate_rules $FMRI $policy "tcp" $port $ipf6_file _6
eb1a3463STruong Nguyen	done
eb1a3463STruong Nguyen}
eb1a3463STruong Nguyen
7c478bd9Sstevel@tonic-gate# This script is being used for two purposes: as part of an SMF
*bbf21555SRichard Lowe# start/stop/refresh method, and as a sysidconfig(8)/sys-unconfig(8)
7c478bd9Sstevel@tonic-gate# application.
7c478bd9Sstevel@tonic-gate#
7c478bd9Sstevel@tonic-gate# Both, the SMF methods and sysidconfig/sys-unconfig use different
7c478bd9Sstevel@tonic-gate# arguments..
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gatecase $1 in
7c478bd9Sstevel@tonic-gate	# sysidconfig/sys-unconfig arguments (-c and -u)
7c478bd9Sstevel@tonic-gate'-c')
75614fd9SAlexander Pyhalov	/usr/bin/ssh-keygen -A
75614fd9SAlexander Pyhalov	if [ $? -ne 0 ]; then
75614fd9SAlexander Pyhalov		create_key $SSHDIR/ssh_host_rsa_key rsa
75614fd9SAlexander Pyhalov		create_key $SSHDIR/ssh_host_dsa_key dsa
75614fd9SAlexander Pyhalov	fi
7c478bd9Sstevel@tonic-gate	;;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate'-u')
*bbf21555SRichard Lowe	# sys-unconfig(8) knows how to remove ssh host keys, so there's
7c478bd9Sstevel@tonic-gate	# nothing to do here.
7c478bd9Sstevel@tonic-gate	:
7c478bd9Sstevel@tonic-gate	;;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate	# SMF arguments (start and restart [really "refresh"])
eb1a3463STruong Nguyen
eb1a3463STruong Nguyen'ipfilter')
eb1a3463STruong Nguyen	create_ipf_rules $2
eb1a3463STruong Nguyen	;;
eb1a3463STruong Nguyen
7c478bd9Sstevel@tonic-gate'start')
ead1f93eSLiane Praza	#
ead1f93eSLiane Praza	# If host keys don't exist when the service is started, create
ead1f93eSLiane Praza	# them; sysidconfig is not run in every situation (such as on
ead1f93eSLiane Praza	# the install media).
ead1f93eSLiane Praza	#
75614fd9SAlexander Pyhalov	/usr/bin/ssh-keygen -A
75614fd9SAlexander Pyhalov	if [ $? -ne 0 ]; then
75614fd9SAlexander Pyhalov		create_key $SSHDIR/ssh_host_rsa_key rsa
75614fd9SAlexander Pyhalov		create_key $SSHDIR/ssh_host_dsa_key dsa
75614fd9SAlexander Pyhalov	fi
ead1f93eSLiane Praza
7c478bd9Sstevel@tonic-gate	/usr/lib/ssh/sshd
7c478bd9Sstevel@tonic-gate	;;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate'restart')
7c478bd9Sstevel@tonic-gate	if [ -f "$PIDFILE" ]; then
7c478bd9Sstevel@tonic-gate		/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
7c478bd9Sstevel@tonic-gate	fi
7c478bd9Sstevel@tonic-gate	;;
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gate*)
7c478bd9Sstevel@tonic-gate	echo "Usage: $0 { start | restart }"
7c478bd9Sstevel@tonic-gate	exit 1
7c478bd9Sstevel@tonic-gate	;;
7c478bd9Sstevel@tonic-gateesac
7c478bd9Sstevel@tonic-gate
7c478bd9Sstevel@tonic-gateexit $?