Attachment #159642 for bug #202153




pppoed_provider="*"		# Provider and ppp(8) config file entry.
pppoed_flags="-P /var/run/pppoed.pid"	# Flags to pppoed (if enabled).
pppoed_interface="fxp0"		# The interface that pppoed runs on.

sshd_enable="NO"		# Enable sshd
sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
sshd_flags=""			# Additional flags for sshd.
sshd_rsa1_keygen_enable="YES"	# Generate RSA1 keys when starting sshd if missing from /etc/sshd.
sshd_rsa1_keygen_flags=""	# Additional flags to ssh-keygen for RSA1 keys when first created.
#sshd_rsa1_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
sshd_rsa_keygen_enable="YES"	# Generate RSA keys when starting sshd if missing from /etc/sshd.
sshd_rsa_keygen_flags=""	# Additional flags to ssh-keygen for RSA keys when first created.
#sshd_rsa_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
sshd_dsa_keygen_enable="YES"	# Generate DSA keys when starting sshd if missing from /etc/sshd.
sshd_dsa_keygen_flags=""	# Additional flags to ssh-keygen for DSA 1024 bit keys when first created.
sshd_ecdsa_keygen_enable="YES"	# Generate ECDSA keys when starting sshd if missing from /etc/sshd. 
sshd_ecdsa_keygen_flags=""	# Additional flags to ssh-keygen for ECDSA keys when first created.
#sshd_ecdsa_keygen_flags="-b 521" # Example of strongest ECDSA key (default is 256 bits).
sshd_ed25519_keygen_enable="YES" # Generate Ed25519 keys when starting sshd if missing from /etc/sshd.
sshd_ed25519_keygen_flags=""	# Additional flags to ssh-keygen for Ed25519 256 bit keys when first created.

ftpd_enable="NO"		# Enable stand-alone ftpd.
ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
ftpd_flags=""			# Additional flags to stand-alone ftpd.




pidfile="/var/run/${name}.pid"
extra_commands="configtest keygen reload"

if [ -n "$sshd_rsa1_enable" -o \
	-n "$sshd_rsa_enable" -o \
	-n "$sshd_dsa_enable" -o \
	-n "$sshd_ecdsa_enable" -o \
	-n "$sshd_ed25519_enable" ]
then 
	warn "sshd_*_enable is deprecated, consider using sshd_*_keygen_enable for clarity."
fi
: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"}
: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"}
: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"}
: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"}
: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"}

sshd_keygen_alg()
{

	local ALG="$(echo $alg | tr a-z A-Z)"
	local keyfile

	if ! checkyesno "sshd_${alg}_keygen_enable" ; then
		return 0
	fi


	if [ -f "${keyfile}" ] ; then
		info "$ALG host key exists."
	else
		eval keygen_flags=\$sshd_${alg}_keygen_flags
		echo "Generating $ALG host key."
		/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N ""
		/usr/bin/ssh-keygen -l -f "$keyfile.pub"
	fi
}

Return to bug 202153

Lines 309-317 Link Here

(-)etc/defaults/rc.conf (+15 lines)
309	pppoed_provider="*" # Provider and ppp(8) config file entry.	309	pppoed_provider="*" # Provider and ppp(8) config file entry.
310	pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).	310	pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
311	pppoed_interface="fxp0" # The interface that pppoed runs on.	311	pppoed_interface="fxp0" # The interface that pppoed runs on.
		312
312	sshd_enable="NO" # Enable sshd	313	sshd_enable="NO" # Enable sshd
313	sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.	314	sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
314	sshd_flags="" # Additional flags for sshd.	315	sshd_flags="" # Additional flags for sshd.
		316	sshd_rsa1_keygen_enable="YES" # Generate RSA1 keys when starting sshd if missing from /etc/sshd.
		317	sshd_rsa1_keygen_flags="" # Additional flags to ssh-keygen for RSA1 keys when first created.
		318	#sshd_rsa1_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
		319	sshd_rsa_keygen_enable="YES" # Generate RSA keys when starting sshd if missing from /etc/sshd.
		320	sshd_rsa_keygen_flags="" # Additional flags to ssh-keygen for RSA keys when first created.
		321	#sshd_rsa_keygen_flags="-b 4096" # Example of stronger key (default is 2048 bits).
		322	sshd_dsa_keygen_enable="YES" # Generate DSA keys when starting sshd if missing from /etc/sshd.
		323	sshd_dsa_keygen_flags="" # Additional flags to ssh-keygen for DSA 1024 bit keys when first created.
		324	sshd_ecdsa_keygen_enable="YES" # Generate ECDSA keys when starting sshd if missing from /etc/sshd.
		325	sshd_ecdsa_keygen_flags="" # Additional flags to ssh-keygen for ECDSA keys when first created.
		326	#sshd_ecdsa_keygen_flags="-b 521" # Example of strongest ECDSA key (default is 256 bits).
		327	sshd_ed25519_keygen_enable="YES" # Generate Ed25519 keys when starting sshd if missing from /etc/sshd.
		328	sshd_ed25519_keygen_flags="" # Additional flags to ssh-keygen for Ed25519 256 bit keys when first created.
		329
315	ftpd_enable="NO" # Enable stand-alone ftpd.	330	ftpd_enable="NO" # Enable stand-alone ftpd.
316	ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.	331	ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
317	ftpd_flags="" # Additional flags to stand-alone ftpd.	332	ftpd_flags="" # Additional flags to stand-alone ftpd.

Lines 20-30 Link Here

(-)etc/rc.d/sshd (-7 / +16 lines)
20	pidfile="/var/run/${name}.pid"	20	pidfile="/var/run/${name}.pid"
21	extra_commands="configtest keygen reload"	21	extra_commands="configtest keygen reload"
22		22
23	: ${sshd_rsa1_enable:="yes"}	23	if [ -n "$sshd_rsa1_enable" -o \
24	: ${sshd_rsa_enable:="yes"}	24	-n "$sshd_rsa_enable" -o \
25	: ${sshd_dsa_enable:="yes"}	25	-n "$sshd_dsa_enable" -o \
26	: ${sshd_ecdsa_enable:="yes"}	26	-n "$sshd_ecdsa_enable" -o \
27	: ${sshd_ed25519_enable:="yes"}	27	-n "$sshd_ed25519_enable" ]
		28	then
		29	warn "sshd__enable is deprecated, consider using sshd__keygen_enable for clarity."
		30	fi
		31	: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"}
		32	: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"}
		33	: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"}
		34	: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"}
		35	: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"}
28		36
29	sshd_keygen_alg()	37	sshd_keygen_alg()
30	{	38	{
Lines 32-38 Link Here
32	local ALG="$(echo $alg \| tr a-z A-Z)"	40	local ALG="$(echo $alg \| tr a-z A-Z)"
33	local keyfile	41	local keyfile
34		42
35	if ! checkyesno "sshd_${alg}_enable" ; then	43	if ! checkyesno "sshd_${alg}_keygen_enable" ; then
36	return 0	44	return 0
37	fi	45	fi
38		46
Lines 56-63 Link Here
56	if [ -f "${keyfile}" ] ; then	64	if [ -f "${keyfile}" ] ; then
57	info "$ALG host key exists."	65	info "$ALG host key exists."
58	else	66	else
		67	eval keygen_flags=\$sshd_${alg}_keygen_flags
59	echo "Generating $ALG host key."	68	echo "Generating $ALG host key."
60	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""	69	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N ""
61	/usr/bin/ssh-keygen -l -f "$keyfile.pub"	70	/usr/bin/ssh-keygen -l -f "$keyfile.pub"
62	fi	71	fi
63	}	72	}