diff options
author | Doug Barton <dougb@FreeBSD.org> | 2012-06-24 22:49:52 +0000 |
---|---|---|
committer | Doug Barton <dougb@FreeBSD.org> | 2012-06-24 22:49:52 +0000 |
commit | 399881097f5daeaca5d9f137a077a93e2f9bd14b (patch) | |
tree | b36657e43c0a237afc823d6964b7fa206eda22df /security/openssh-portable | |
parent | 44fa80481074cd35888ebc22004934733aaa2124 (diff) | |
download | ports-399881097f5daeaca5d9f137a077a93e2f9bd14b.tar.gz ports-399881097f5daeaca5d9f137a077a93e2f9bd14b.zip |
Notes
Diffstat (limited to 'security/openssh-portable')
-rw-r--r-- | security/openssh-portable/files/openssh.in | 111 |
1 files changed, 53 insertions, 58 deletions
diff --git a/security/openssh-portable/files/openssh.in b/security/openssh-portable/files/openssh.in index 0c3839dbeb20..4d2c77333093 100644 --- a/security/openssh-portable/files/openssh.in +++ b/security/openssh-portable/files/openssh.in @@ -1,9 +1,10 @@ #!/bin/sh -# + # $FreeBSD$ # # PROVIDE: openssh # REQUIRE: DAEMON +# KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable openssh: # @@ -12,8 +13,6 @@ # openssh_flags (flags): Set extra flags to openssh. # Default is "". see sshd(1). # openssh_pidfile (file): Set full path to pid file. -# Default is "/var/run/sshd.pid". -# . /etc/rc.subr @@ -22,8 +21,7 @@ rcvar=openssh_enable load_rc_config ${name} -: ${openssh_enable="NO"} -: ${openssh_pidfile="/var/run/sshd.pid"} +: ${openssh_enable:="NO"} : ${openssh_skipportscheck="NO"} command=%%PREFIX%%/sbin/sshd @@ -31,57 +29,57 @@ extra_commands="reload keygen" start_precmd="${name}_checks" restart_precmd="${name}_checks" keygen_cmd="${name}_keygen" -pidfile=${openssh_pidfile} +pidfile=${openssh_pidfile:="/var/run/sshd.pid"} openssh_keygen() { - if [ ! -f %%ETCSSH%%/ssh_host_key -o \ - ! -f %%ETCSSH%%/ssh_host_dsa_key -o \ - ! -f %%ETCSSH%%/ssh_host_rsa_key -o \ - ! -f %%ETCSSH%%/ssh_host_ecdsa_key ]; then - - umask 022 - - # Can't do anything if ssh is not installed - [ -x %%PREFIX%%/bin/ssh-keygen ] || { - err 1 "%%PREFIX%%/bin/ssh-keygen does not exist." - } - - if [ -f %%ETCSSH%%/ssh_host_key ]; then - echo "You already have an RSA host key" \ - "in %%ETCSSH%%/ssh_host_key" - echo "Skipping protocol version 1 RSA Key Generation" - else - %%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \ - -f %%ETCSSH%%/ssh_host_key -N '' - fi - - if [ -f %%ETCSSH%%/ssh_host_dsa_key ]; then - echo "You already have a DSA host key" \ - "in %%ETCSSH%%/ssh_host_dsa_key" - echo "Skipping protocol version 2 DSA Key Generation" - else - %%PREFIX%%/bin/ssh-keygen -t dsa \ - -f %%ETCSSH%%/ssh_host_dsa_key -N '' - fi - - if [ -f %%ETCSSH%%/ssh_host_rsa_key ]; then - echo "You already have a RSA host key" \ - "in %%ETCSSH%%/ssh_host_rsa_key" - echo "Skipping protocol version 2 RSA Key Generation" - else - %%PREFIX%%/bin/ssh-keygen -t rsa \ - -f %%ETCSSH%%/ssh_host_rsa_key -N '' - fi - - if [ -f %%ETCSSH%%/ssh_host_ecdsa_key ]; then - echo "You already have a Elliptic Curve DSA host key" \ - "in %%ETCSSH%%/ssh_host_ecdsa_key" - echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation" - else - %%PREFIX%%/bin/ssh-keygen -t ecdsa \ - -f %%ETCSSH%%/ssh_host_ecdsa_key -N '' - fi + if [ -f %%ETCSSH%%/ssh_host_key -a \ + -f %%ETCSSH%%/ssh_host_dsa_key -a \ + -f %%ETCSSH%%/ssh_host_rsa_key -a \ + -f %%ETCSSH%%/ssh_host_ecdsa_key ]; then + return 0 + fi + + umask 022 + + # Can't do anything if ssh is not installed + [ -x %%PREFIX%%/bin/ssh-keygen ] || + err 1 "%%PREFIX%%/bin/ssh-keygen does not exist." + + if [ -f %%ETCSSH%%/ssh_host_key ]; then + echo "You already have an RSA host key" \ + "in %%ETCSSH%%/ssh_host_key" + echo "Skipping protocol version 1 RSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \ + -f %%ETCSSH%%/ssh_host_key -N '' + fi + + if [ -f %%ETCSSH%%/ssh_host_dsa_key ]; then + echo "You already have a DSA host key" \ + "in %%ETCSSH%%/ssh_host_dsa_key" + echo "Skipping protocol version 2 DSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t dsa \ + -f %%ETCSSH%%/ssh_host_dsa_key -N '' + fi + + if [ -f %%ETCSSH%%/ssh_host_rsa_key ]; then + echo "You already have a RSA host key" \ + "in %%ETCSSH%%/ssh_host_rsa_key" + echo "Skipping protocol version 2 RSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t rsa \ + -f %%ETCSSH%%/ssh_host_rsa_key -N '' + fi + + if [ -f %%ETCSSH%%/ssh_host_ecdsa_key ]; then + echo "You already have a Elliptic Curve DSA host key" \ + "in %%ETCSSH%%/ssh_host_ecdsa_key" + echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation" + else + %%PREFIX%%/bin/ssh-keygen -t ecdsa \ + -f %%ETCSSH%%/ssh_host_ecdsa_key -N '' fi } @@ -134,9 +132,7 @@ openssh_check_same_ports(){ base_sshd_port=22 fi - if [ "${self_port}" -eq "${base_sshd_port}" ]; then - return 0 - else + if [ "${self_port}" -ne "${base_sshd_port}" ]; then return 1 fi } @@ -145,8 +141,7 @@ openssh_checks() { if checkyesno sshd_enable ; then if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then - err 1 "sshd_enable is set and $name and sshd are use \ -same port" + err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port" fi fi |