Attachment #159635 for bug #202153




sshd_enable="NO"		# Enable sshd
sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
sshd_flags=""			# Additional flags for sshd.
sshd_rsa1_keygen_enable="YES"	# Generate an rsa1 key when starting sshd if missing from /etc/sshd.
sshd_rsa1_keygen_flags=""	# Flags to ssh-keygen for rsa1 key when first created.
sshd_rsa_keygen_enable="YES"	# Generate an rsa key when starting sshd if missing from /etc/sshd.
sshd_rsa_keygen_flags=""	# Flags to ssh-keygen for rsa key when first created.
sshd_dsa_keygen_enable="YES"	# Generate a dsa key when starting sshd if missing from /etc/sshd.
sshd_dsa_keygen_flags=""	# Flags to ssh-keygen for dsa key when first created.
sshd_ecdsa_keygen_enable="YES"	# Generate an ecdsa key when starting sshd if missing from /etc/sshd. 
sshd_ecdsa_keygen_flags=""	# Flags to ssh-keygen for ecdsa key when first created.
sshd_ed25519_keygen_enable="YES" # Generate an ed25519 key when starting sshd if missing from /etc/sshd.
sshd_ed25519_keygen_flags=""	# Flags to ssh-keygen for ed25519 key when first created.
ftpd_enable="NO"		# Enable stand-alone ftpd.
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
ftpd_flags=""			# Additional flags to stand-alone ftpd.




pidfile="/var/run/${name}.pid"
extra_commands="configtest keygen reload"

if [ -n "$sshd_rsa1_enable" -o \
	-n "$sshd_rsa_enable" -o \
	-n "$sshd_dsa_enable" -o \
	-n "$sshd_ecdsa_enable" -o \
	-n "$sshd_ed25519_enable" ]
then 
	warn "sshd_*_enable is deprecated, consider using sshd_*_keygen_enable for clarity."
fi
: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"}
: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"}
: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"}
: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"}
: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"}

sshd_keygen_alg()
{

	local ALG="$(echo $alg | tr a-z A-Z)"
	local keyfile

	if ! checkyesno "sshd_${alg}_keygen_enable" ; then
		return 0
	fi


	if [ -f "${keyfile}" ] ; then
		info "$ALG host key exists."
	else
		eval keygen_flags=\$sshd_${alg}_keygen_flags
		echo "Generating $ALG host key."
		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N ""
		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
	fi
}

Return to bug 202153

Lines 312-317 Link Here

(-)etc/defaults/rc.conf (+10 lines)
312	sshd_enable="NO" # Enable sshd	312	sshd_enable="NO" # Enable sshd
313	sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.	313	sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
314	sshd_flags="" # Additional flags for sshd.	314	sshd_flags="" # Additional flags for sshd.
		315	sshd_rsa1_keygen_enable="YES" # Generate an rsa1 key when starting sshd if missing from /etc/sshd.
		316	sshd_rsa1_keygen_flags="" # Flags to ssh-keygen for rsa1 key when first created.
		317	sshd_rsa_keygen_enable="YES" # Generate an rsa key when starting sshd if missing from /etc/sshd.
		318	sshd_rsa_keygen_flags="" # Flags to ssh-keygen for rsa key when first created.
		319	sshd_dsa_keygen_enable="YES" # Generate a dsa key when starting sshd if missing from /etc/sshd.
		320	sshd_dsa_keygen_flags="" # Flags to ssh-keygen for dsa key when first created.
		321	sshd_ecdsa_keygen_enable="YES" # Generate an ecdsa key when starting sshd if missing from /etc/sshd.
		322	sshd_ecdsa_keygen_flags="" # Flags to ssh-keygen for ecdsa key when first created.
		323	sshd_ed25519_keygen_enable="YES" # Generate an ed25519 key when starting sshd if missing from /etc/sshd.
		324	sshd_ed25519_keygen_flags="" # Flags to ssh-keygen for ed25519 key when first created.
315	ftpd_enable="NO" # Enable stand-alone ftpd.	325	ftpd_enable="NO" # Enable stand-alone ftpd.
316	ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.	326	ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
317	ftpd_flags="" # Additional flags to stand-alone ftpd.	327	ftpd_flags="" # Additional flags to stand-alone ftpd.

Lines 20-30 Link Here

(-)etc/rc.d/sshd (-7 / +16 lines)
20	pidfile="/var/run/${name}.pid"	20	pidfile="/var/run/${name}.pid"
21	extra_commands="configtest keygen reload"	21	extra_commands="configtest keygen reload"
22		22
23	: ${sshd_rsa1_enable:="yes"}	23	if [ -n "$sshd_rsa1_enable" -o \
24	: ${sshd_rsa_enable:="yes"}	24	-n "$sshd_rsa_enable" -o \
25	: ${sshd_dsa_enable:="yes"}	25	-n "$sshd_dsa_enable" -o \
26	: ${sshd_ecdsa_enable:="yes"}	26	-n "$sshd_ecdsa_enable" -o \
27	: ${sshd_ed25519_enable:="yes"}	27	-n "$sshd_ed25519_enable" ]
		28	then
		29	warn "sshd__enable is deprecated, consider using sshd__keygen_enable for clarity."
		30	fi
		31	: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"}
		32	: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"}
		33	: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"}
		34	: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"}
		35	: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"}
28		36
29	sshd_keygen_alg()	37	sshd_keygen_alg()
30	{	38	{
Lines 32-38 Link Here
32	local ALG="$(echo $alg \| tr a-z A-Z)"	40	local ALG="$(echo $alg \| tr a-z A-Z)"
33	local keyfile	41	local keyfile
34		42
35	if ! checkyesno "sshd_${alg}_enable" ; then	43	if ! checkyesno "sshd_${alg}_keygen_enable" ; then
36	return 0	44	return 0
37	fi	45	fi
38		46
Lines 56-63 Link Here
56	if [ -f "${keyfile}" ] ; then	64	if [ -f "${keyfile}" ] ; then
57	info "$ALG host key exists."	65	info "$ALG host key exists."
58	else	66	else
		67	eval keygen_flags=\$sshd_${alg}_keygen_flags
59	echo "Generating $ALG host key."	68	echo "Generating $ALG host key."
60	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""	69	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N ""
61	/usr/bin/ssh-keygen -l -f "$keyfile.pub"	70	/usr/bin/ssh-keygen -l -f "$keyfile.pub"
62	fi	71	fi
63	}	72	}