summaryrefslogtreecommitdiff
path: root/extra/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'extra/openssh')
-rw-r--r--extra/openssh/sshd.confd26
-rw-r--r--extra/openssh/sshd.initd162
2 files changed, 188 insertions, 0 deletions
diff --git a/extra/openssh/sshd.confd b/extra/openssh/sshd.confd
new file mode 100644
index 0000000..8c44444
--- /dev/null
+++ b/extra/openssh/sshd.confd
@@ -0,0 +1,26 @@
+# Configuration for /etc/init.d/sshd
+
+# Path of sshd_config file.
+#cfgfile="/etc/ssh/sshd_config"
+
+# Any random options you want to pass to sshd.
+# See the sshd(8) manpage for more info.
+#command_args=""
+
+# Space-separated list of SSH host key types to generate if they do
+# not already exist. An empty value means generate all of the default
+# set of dsa, ecdsa, ed25519, and rsa types.
+#
+# Example: "ed25519 rsa".
+#
+#key_types_to_generate=""
+
+# The number of bits to use for a generated ECDSA SSH host key.
+# Defaults to 256 bits if not set.
+#
+#ecdsa_bit_size="256"
+
+# Number of bits for use for a generated RSA SSH host key.
+# Defaults to 3072 bits if not set.
+#
+#rsa_bit_size="3072"
diff --git a/extra/openssh/sshd.initd b/extra/openssh/sshd.initd
new file mode 100644
index 0000000..477cdbc
--- /dev/null
+++ b/extra/openssh/sshd.initd
@@ -0,0 +1,162 @@
+#!/sbin/openrc-run
+
+description="OpenBSD Secure Shell server"
+description_checkconfig="Verify configuration file"
+description_reload="Reload configuration"
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+# NOTE: SSHD_* variables are deprecated and will be removed in future!
+: "${sshd_disable_keygen:="${SSHD_DISABLE_KEYGEN:-"no"}"}"
+: "${cfgfile:=${SSHD_CONFIG:-"${SSHD_CONFDIR:-"/etc/ssh"}/sshd_config"}}"
+
+pidfile="${SSHD_PIDFILE:-"/run/$RC_SVCNAME.pid"}"
+command="${SSHD_BINARY:-"/usr/sbin/sshd"}"
+command_args="${command_args:-${SSHD_OPTS:-}}"
+
+required_files="$cfgfile"
+
+generate_host_key_type() {
+ local bit_size key_type
+
+ key_type=$1
+ if [ ! -f /etc/ssh/ssh_host_"${key_type}"_key ]; then
+ case $key_type in
+ ecdsa) bit_size="$ecdsa_bit_size";;
+ rsa) bit_size="$rsa_bit_size";;
+ esac
+ einfo "Generating $key_type SSH host key..."
+ ssh-keygen \
+ -q \
+ -f /etc/ssh/ssh_host_"$key_type"_key \
+ -N '' \
+ -t "$key_type" \
+ ${bit_size:+ -b ${bit_size}} || return 1
+ fi
+}
+
+generate_host_keys() {
+ local type
+
+ if [ -z "$key_types_to_generate" ] &&
+ [ -z "$ecdsa_bit_size" ] && [ -z "$rsa_bit_size" ]; then
+ ssh-keygen -A
+ return
+ fi
+ for type in ${key_types_to_generate:-dsa ecdsa ed25519 rsa}; do
+ generate_host_key_type "$type" || return 1
+ done
+}
+
+get_conf() {
+ awk "/^$1/{ print \$2 }" "$cfgfile" 2>/dev/null
+}
+
+conf_enabled() {
+ [ "$(get_conf "$1")" = "yes" ]
+}
+
+depend() {
+ use logger dns
+ after entropy
+
+ if [ "${rc_need+set}" = "set" ] ; then
+ : # Do nothing, the user has explicitly set rc_need
+ else
+ local x warn_addr
+ # shellcheck disable=SC2013
+ for x in $(get_conf ListenAddress) ; do
+ case "$x" in
+ 0.0.0.0|0.0.0.0:*) ;;
+ ::|\[::\]*) ;;
+ *) warn_addr="$warn_addr $x" ;;
+ esac
+ done
+ if [ -n "$warn_addr" ] ; then
+ need net
+ ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
+ ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
+ ewarn "where FOO is the interface(s) providing the following address(es):"
+ ewarn "$warn_addr"
+ fi
+ fi
+}
+
+update_command() {
+ if conf_enabled KerberosAuthentication || conf_enabled GSSAPIAuthentication && [ -r /usr/sbin/sshd.krb5 ]; then
+ command="${SSHD_BINARY:-"/usr/sbin/sshd.krb5"}"
+ elif conf_enabled UsePAM && [ -r /usr/sbin/sshd.pam ]; then
+ command="${SSHD_BINARY:-"/usr/sbin/sshd.pam"}"
+ fi
+}
+
+checkconfig() {
+ update_command
+ warn_deprecated_var SSHD_BINARY
+ warn_deprecated_var SSHD_CONFDIR
+ warn_deprecated_var SSHD_CONFIG cfgfile
+ warn_deprecated_var SSHD_DISABLE_KEYGEN sshd_disable_keygen
+ warn_deprecated_var SSHD_OPTS command_args
+ warn_deprecated_var SSHD_PIDFILE
+
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if ! yesno "$sshd_disable_keygen"; then
+ generate_host_keys || return 1
+ fi
+
+ [ "$pidfile" != "/run/sshd.pid" ] \
+ && command_args="$command_args -o PidFile=$pidfile"
+
+ [ "$cfgfile" != "/etc/ssh/sshd_config" ] \
+ && command_args="$command_args -f $cfgfile"
+
+ # shellcheck disable=SC2086
+ "$command" -t $command_args || return 1
+}
+
+start_pre() {
+ checkconfig
+}
+
+stop_pre() {
+ update_command
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+}
+
+stop_post() {
+ if [ "$RC_RUNLEVEL" = "shutdown" ]; then
+ _sshd_pids=$(pgrep "${command##*/}")
+ if [ -n "$_sshd_pids" ]; then
+ ebegin "Shutting down ssh connections"
+ # shellcheck disable=SC2086
+ kill -TERM $_sshd_pids >/dev/null 2>&1
+ eend 0
+ fi
+ fi
+}
+
+reload() {
+ checkconfig || return 1
+
+ ebegin "Reloading $RC_SVCNAME"
+ start-stop-daemon --signal HUP \
+ --exec "$command" --pidfile "$pidfile"
+ eend $?
+}
+
+warn_deprecated_var() {
+ local varname="$1"
+ local replacement="${2:-}"
+
+ eval "test -n \"\$$varname\"" || return 0
+
+ ewarn "Variable \$$varname is deprecated and will be removed in the future!"
+ # shellcheck disable=SC2015
+ [ "$replacement" ] && ewarn "Use \$$replacement instead of \$$varname." ||:
+}