Cross Reference: /illumos-gate/usr/src/cmd/ssh/etc/sshd

	sshd revision eb1a34638eba7c5add1421327f3eb225a8ea7518
64185f9824e42f21ca7b9ae6c004484215c031a7rbb#!/sbin/sh
2915eb26d1a16c56cdd91fed07566557d42645bdfielding#
2915eb26d1a16c56cdd91fed07566557d42645bdfielding# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
26a4456dd6f1a5d7d7fff766551461a578687c4and# Use is subject to license terms.
2915eb26d1a16c56cdd91fed07566557d42645bdfielding#
6ca0e6973c8176100f4a426444823ae5e777e28fsascha
6ca0e6973c8176100f4a426444823ae5e777e28fsascha. /lib/svc/share/ipf_include.sh
6ca0e6973c8176100f4a426444823ae5e777e28fsascha
6ca0e6973c8176100f4a426444823ae5e777e28fsaschaSSHDIR=/etc/ssh
64185f9824e42f21ca7b9ae6c004484215c031a7rbbKEYGEN="/usr/bin/ssh-keygen -q"
6ca0e6973c8176100f4a426444823ae5e777e28fsaschaPIDFILE=/var/run/sshd.pid
6ca0e6973c8176100f4a426444823ae5e777e28fsascha
64185f9824e42f21ca7b9ae6c004484215c031a7rbb# Checks to see if RSA, and DSA host keys are available
6ca0e6973c8176100f4a426444823ae5e777e28fsascha# if any of these keys are not present, the respective keys are created.
64185f9824e42f21ca7b9ae6c004484215c031a7rbbcreate_key()
64185f9824e42f21ca7b9ae6c004484215c031a7rbb{
64185f9824e42f21ca7b9ae6c004484215c031a7rbb    keypath=$1
64185f9824e42f21ca7b9ae6c004484215c031a7rbb    keytype=$2
2915eb26d1a16c56cdd91fed07566557d42645bdfielding
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    if [ ! -f $keypath ]; then
2915eb26d1a16c56cdd91fed07566557d42645bdfielding        grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1
2915eb26d1a16c56cdd91fed07566557d42645bdfielding        if [ $? -eq 0 ]; then
2915eb26d1a16c56cdd91fed07566557d42645bdfielding            echo Creating new $keytype public/private host key pair
2915eb26d1a16c56cdd91fed07566557d42645bdfielding            $KEYGEN -f $keypath -t $keytype -N ''
64185f9824e42f21ca7b9ae6c004484215c031a7rbb            return $?
2915eb26d1a16c56cdd91fed07566557d42645bdfielding        fi
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    fi
2915eb26d1a16c56cdd91fed07566557d42645bdfielding
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    return 0
64185f9824e42f21ca7b9ae6c004484215c031a7rbb}
2915eb26d1a16c56cdd91fed07566557d42645bdfielding
2915eb26d1a16c56cdd91fed07566557d42645bdfieldingcreate_ipf_rules()
64185f9824e42f21ca7b9ae6c004484215c031a7rbb{
64185f9824e42f21ca7b9ae6c004484215c031a7rbb    FMRI=$1
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    policy=`get_policy ${FMRI}`
2915eb26d1a16c56cdd91fed07566557d42645bdfielding
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    #
64185f9824e42f21ca7b9ae6c004484215c031a7rbb    # Get port from /etc/ssh/sshd_config
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    #
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
2915eb26d1a16c56cdd91fed07566557d42645bdfielding        awk '{print $2}'`
2915eb26d1a16c56cdd91fed07566557d42645bdfielding
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    echo "# $FMRI" >$ipf_file
2915eb26d1a16c56cdd91fed07566557d42645bdfielding    for port in $tports; do
2915eb26d1a16c56cdd91fed07566557d42645bdfielding        generate_rules $FMRI $policy "tcp" "any" $port $ipf_file
64185f9824e42f21ca7b9ae6c004484215c031a7rbb    done
64185f9824e42f21ca7b9ae6c004484215c031a7rbb}
64185f9824e42f21ca7b9ae6c004484215c031a7rbb
2915eb26d1a16c56cdd91fed07566557d42645bdfielding# This script is being used for two purposes: as part of an SMF
2915eb26d1a16c56cdd91fed07566557d42645bdfielding# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
2915eb26d1a16c56cdd91fed07566557d42645bdfielding# application.
64185f9824e42f21ca7b9ae6c004484215c031a7rbb#
64185f9824e42f21ca7b9ae6c004484215c031a7rbb# Both, the SMF methods and sysidconfig/sys-unconfig use different
6ca0e6973c8176100f4a426444823ae5e777e28fsascha# arguments..
6ca0e6973c8176100f4a426444823ae5e777e28fsascha
7bfe076b680e6e591add6cdc754ce9a6910682a2saschacase $1 in
6ca0e6973c8176100f4a426444823ae5e777e28fsascha    # sysidconfig/sys-unconfig arguments (-c and -u)
6ca0e6973c8176100f4a426444823ae5e777e28fsascha'-c')
5eb7c0254ac26350a5a471c23514152446d50bccjorton    create_key $SSHDIR/ssh_host_rsa_key rsa
    create_key $SSHDIR/ssh_host_dsa_key dsa
    ;;

'-u')
    # sys-unconfig(1M) knows how to remove ssh host keys, so there's
    # nothing to do here.
    :
    ;;

    # SMF arguments (start and restart [really "refresh"])

'ipfilter')
    create_ipf_rules $2
    ;;

'start')
    /usr/lib/ssh/sshd
    ;;

'restart')
    if [ -f "$PIDFILE" ]; then
        /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
    fi
    ;;

*)
    echo "Usage: $0 { start | restart }"
    exit 1
    ;;
esac

exit $?