View | Details | Raw Unified | Return to bug 202153 | Differences between
and this patch

Collapse All | Expand All

(-)etc/defaults/rc.conf (+15 lines)
Lines 309-317 Link Here
309
pppoed_provider="*"		# Provider and ppp(8) config file entry.
309
pppoed_provider="*"		# Provider and ppp(8) config file entry.
310
pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
310
pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
311
pppoed_interface="fxp0"		# The interface that pppoed runs on.
311
pppoed_interface="fxp0"		# The interface that pppoed runs on.
312
312
sshd_enable="NO"		# Enable sshd
313
sshd_enable="NO"		# Enable sshd
313
sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
314
sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
314
sshd_flags=""			# Additional flags for sshd.
315
sshd_flags=""			# Additional flags for sshd.
316
sshd_rsa1_keygen_enable="YES"	# Generate RSA1 keys when starting sshd if missing from /etc/sshd.
317
sshd_rsa1_keygen_flags=""	# Additional flags to ssh-keygen for RSA1 keys when first created.
318
#sshd_rsa1_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
319
sshd_rsa_keygen_enable="YES"	# Generate RSA keys when starting sshd if missing from /etc/sshd.
320
sshd_rsa_keygen_flags=""	# Additional flags to ssh-keygen for RSA keys when first created.
321
#sshd_rsa_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
322
sshd_dsa_keygen_enable="YES"	# Generate DSA keys when starting sshd if missing from /etc/sshd.
323
sshd_dsa_keygen_flags=""	# Additional flags to ssh-keygen for DSA 1024 bit keys when first created.
324
sshd_ecdsa_keygen_enable="YES"	# Generate ECDSA keys when starting sshd if missing from /etc/sshd. 
325
sshd_ecdsa_keygen_flags=""	# Additional flags to ssh-keygen for ECDSA keys when first created.
326
#sshd_ecdsa_keygen_flags="-b 521" # Example of strongest ECDSA key (default is 256 bits).
327
sshd_ed25519_keygen_enable="YES" # Generate Ed25519 keys when starting sshd if missing from /etc/sshd.
328
sshd_ed25519_keygen_flags=""	# Additional flags to ssh-keygen for Ed25519 256 bit keys when first created.
329
315
ftpd_enable="NO"		# Enable stand-alone ftpd.
330
ftpd_enable="NO"		# Enable stand-alone ftpd.
316
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
331
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
317
ftpd_flags=""			# Additional flags to stand-alone ftpd.
332
ftpd_flags=""			# Additional flags to stand-alone ftpd.
(-)etc/rc.d/sshd (-7 / +16 lines)
Lines 20-30 Link Here
20
pidfile="/var/run/${name}.pid"
20
pidfile="/var/run/${name}.pid"
21
extra_commands="configtest keygen reload"
21
extra_commands="configtest keygen reload"
22
22
23
: ${sshd_rsa1_enable:="yes"}
23
if [ -n "$sshd_rsa1_enable" -o \
24
: ${sshd_rsa_enable:="yes"}
24
	-n "$sshd_rsa_enable" -o \
25
: ${sshd_dsa_enable:="yes"}
25
	-n "$sshd_dsa_enable" -o \
26
: ${sshd_ecdsa_enable:="yes"}
26
	-n "$sshd_ecdsa_enable" -o \
27
: ${sshd_ed25519_enable:="yes"}
27
	-n "$sshd_ed25519_enable" ]
28
then 
29
	warn "sshd_*_enable is deprecated, consider using sshd_*_keygen_enable for clarity."
30
fi
31
: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"}
32
: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"}
33
: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"}
34
: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"}
35
: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"}
28
36
29
sshd_keygen_alg()
37
sshd_keygen_alg()
30
{
38
{
Lines 32-38 Link Here
32
	local ALG="$(echo $alg | tr a-z A-Z)"
40
	local ALG="$(echo $alg | tr a-z A-Z)"
33
	local keyfile
41
	local keyfile
34
42
35
	if ! checkyesno "sshd_${alg}_enable" ; then
43
	if ! checkyesno "sshd_${alg}_keygen_enable" ; then
36
		return 0
44
		return 0
37
	fi
45
	fi
38
46
Lines 56-63 Link Here
56
	if [ -f "${keyfile}" ] ; then
64
	if [ -f "${keyfile}" ] ; then
57
		info "$ALG host key exists."
65
		info "$ALG host key exists."
58
	else
66
	else
67
		eval keygen_flags=\$sshd_${alg}_keygen_flags
59
		echo "Generating $ALG host key."
68
		echo "Generating $ALG host key."
60
		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
69
		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N ""
61
		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
70
		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
62
	fi
71
	fi
63
}
72
}

Return to bug 202153