diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-05-21 12:37:16 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-05-21 12:45:34 +0000 |
| commit | a439ca13411b044211fcb9a8137647ce4033b448 (patch) | |
| tree | 917e161ce9be7de721420fc24b1b2bb2c5ae3bca /main/openssh/sshd.initd | |
| parent | c8ee1cb2287617b540656b4352052fec0e382132 (diff) | |
| download | aports-a439ca13411b044211fcb9a8137647ce4033b448.tar.bz2 aports-a439ca13411b044211fcb9a8137647ce4033b448.tar.xz | |
main/openssh: add support for disable keygen
Add support for SSHD_DISABLE_KEYGEN in /etc/conf.d/sshd to make it
possible disable host key generation at startup.
Also sync with gentoo's init.d script
fixes #4171
Diffstat (limited to 'main/openssh/sshd.initd')
| -rwxr-xr-x | main/openssh/sshd.initd | 67 |
1 files changed, 34 insertions, 33 deletions
diff --git a/main/openssh/sshd.initd b/main/openssh/sshd.initd index 9edeb06cba..ae116f0e18 100755 --- a/main/openssh/sshd.initd +++ b/main/openssh/sshd.initd @@ -1,61 +1,62 @@ #!/sbin/openrc-run -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.5 2015/05/04 02:56:25 vapier Exp $ -extra_commands="checkconfig gen_keys" +extra_commands="checkconfig" extra_started_commands="reload" +: ${SSHD_CONFDIR:=/etc/ssh} +: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} +: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid} +: ${SSHD_BINARY:=/usr/sbin/sshd} + depend() { use logger dns - need net - after firewall + if [ "${rc_need+set}" = "set" ] ; then + : # Do nothing, the user has explicitly set rc_need + else + local x warn_addr + for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do + case "${x}" in + 0.0.0.0|0.0.0.0:*) ;; + ::|\[::\]*) ;; + *) warn_addr="${warn_addr} ${x}" ;; + esac + done + if [ -n "${warn_addr}" ] ; then + need net + ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" + ewarn "where FOO is the interface(s) providing the following address(es):" + ewarn "${warn_addr}" + fi + fi } -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - checkconfig() { if [ ! -d /var/empty ] ; then mkdir -p /var/empty || return 1 fi - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + if [ ! -e "${SSHD_CONFIG}" ] ; then + eerror "You need an ${SSHD_CONFIG} file to run sshd" eerror "There is a sample file in /usr/share/doc/openssh" return 1 fi - gen_keys || return 1 + if ! yesno "${SSHD_DISABLE_KEYGEN}"; then + ssh-keygen -A || return 1 + fi [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}" "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 } -gen_key() { - local type=$1 key ks - [ $# -eq 1 ] && ks="${type}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${type} host key" - ssh-keygen -t ${type} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa && gen_key ed25519 - return $? -} - start() { checkconfig || return 1 |