Cross Reference: /illumos-gate/usr/src/cmd/ssh/etc/sshd

2N/A#!/sbin/sh
2N/A#
2N/A# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
2N/A# Use is subject to license terms.
2N/A#
2N/A# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
2N/A#
2N/A
2N/A. /lib/svc/share/ipf_include.sh
2N/A. /lib/svc/share/smf_include.sh
2N/A
2N/ASSHDIR=/etc/ssh
2N/AKEYGEN="/usr/bin/ssh-keygen -q"
2N/APIDFILE=/var/run/sshd.pid
2N/A
2N/A# Checks to see if RSA, and DSA host keys are available
2N/A# if any of these keys are not present, the respective keys are created.
2N/Acreate_key()
2N/A{
2N/A    keypath=$1
2N/A    keytype=$2
2N/A
2N/A    if [ ! -f $keypath ]; then
2N/A        #
2N/A        # HostKey keywords in sshd_config may be preceded or
2N/A        # followed by a mix of any number of space or tabs,
2N/A        # and optionally have an = between keyword and
2N/A        # argument.  We use two grep invocations such that we
2N/A        # can match HostKey case insensitively but still have
2N/A        # the case of the path name be significant, keeping
2N/A        # the pattern somewhat more readable.
2N/A        #
2N/A        # The character classes below contain one literal
2N/A        # space and one literal tab.
2N/A        #
        grep -i "^[     ]*HostKey[  ]*=\{0,1\}[     ]*$keypath" \
            $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1

        if [ $? -eq 0 ]; then
            echo Creating new $keytype public/private host key pair
            $KEYGEN -f $keypath -t $keytype -N ''
            if [ $? -ne 0 ]; then
                echo "Could not create $keytype key: $keypath"
                exit $SMF_EXIT_ERR_CONFIG
            fi
        fi
    fi
}

create_ipf_rules()
{
    FMRI=$1
    ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
    ipf6_file=`fmri_to_file ${FMRI} $IPF6_SUFFIX`
    policy=`get_policy ${FMRI}`

    #
    # Get port from /etc/ssh/sshd_config
    #
    tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
        awk '{print $2}'`

    echo "# $FMRI" >$ipf_file
    echo "# $FMRI" >$ipf6_file
    for port in $tports; do
        generate_rules $FMRI $policy "tcp" $port $ipf_file
        generate_rules $FMRI $policy "tcp" $port $ipf6_file _6
    done
}

# This script is being used for two purposes: as part of an SMF
# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
# application.
#
# Both, the SMF methods and sysidconfig/sys-unconfig use different
# arguments..

case $1 in
    # sysidconfig/sys-unconfig arguments (-c and -u)
'-c')
    /usr/bin/ssh-keygen -A
    if [ $? -ne 0 ]; then
        create_key $SSHDIR/ssh_host_rsa_key rsa
        create_key $SSHDIR/ssh_host_dsa_key dsa
    fi
    ;;

'-u')
    # sys-unconfig(1M) knows how to remove ssh host keys, so there's
    # nothing to do here.
    :
    ;;

    # SMF arguments (start and restart [really "refresh"])

'ipfilter')
    create_ipf_rules $2
    ;;

'start')
    #
    # If host keys don't exist when the service is started, create
    # them; sysidconfig is not run in every situation (such as on
    # the install media).
    #
    /usr/bin/ssh-keygen -A
    if [ $? -ne 0 ]; then
        create_key $SSHDIR/ssh_host_rsa_key rsa
        create_key $SSHDIR/ssh_host_dsa_key dsa
    fi

    /usr/lib/ssh/sshd
    ;;

'restart')
    if [ -f "$PIDFILE" ]; then
        /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
    fi
    ;;

*)
    echo "Usage: $0 { start | restart }"
    exit 1
    ;;
esac

exit $?