openssh.server


#!/sbin/sh
 #
 # Copyright (c) 2000, 2001 by Sun Microsystems, Inc.
 # All rights reserved.
 #
 # $Id: openssh.server,v 1.6 2001/09/10 23:01:05 kaw Exp $
 #
 # INTRODUCTION
 #
 #  The OpenSSH tool provides strong authentication and privacy for
 #  network connections.  This init script provides a mechanism to start
 #  and stop the OpenSSH system daemon at system boot and shutdown.
 #  This script was created for the Blueprints[tm] OnLine article titled
 #  "Building and Deploying OpenSSH for the Solaris Operating Environment".
 #
 #	http://www.sun.com/blueprints/0701/openSSH.pdf
 #
 #  The latest version of this script is available from the Blueprints
 #  Online tools area at:
 #
 #	http://www.sun.com/blueprints/tools/
 #
 #  This script is written for the Solaris 2.6, 7, and 8 Operating
 #  Environment releases.
 #
 # INSTALLATION
 #
 #	# cp  /etc/init.d/openssh.server
 #	# chmod 744 /etc/init.d/openssh.server
 #	# chown root:sys /etc/init.d/openssh.server
 #	# ln /etc/init.d/openssh.server /etc/rc3.d/S25openssh.server
 #	# ln /etc/init.d/openssh.server /etc/rcS.d/K30openssh.server
 #	# ln /etc/init.d/openssh.server /etc/rc0.d/K30openssh.server
 #	# ln /etc/init.d/openssh.server /etc/rc1.d/K30openssh.server
 #	# ln /etc/init.d/openssh.server /etc/rc2.d/K40openssh.server
 #
 #  Keith A. Watson 
 #
 
 umask 022
 PATH=/usr/bin
 
 configDir=/etc
 openSSHDir=/opt/OBSDssh
 
 
 usePRNGD=yes
 
 PRNGDConfig=/etc/prngd.conf"
 
 PRNGDEntropyDir=/var/run
 
 PRNGDEntropyPool=/var/run/egd-pool
 
 PRNGDSeedFile=/etc/prngd-seed
 
 #PRNGDCmd=/opt/OBSDssh/sbin/prngd"
 PRNGDCmd=/usr/local/sbin/prngd"
 
 PRNGDCmdOptions="--cmdfile /etc/prngd.conf --seedfile $PRNGDSeedFile $PRNGDEntropyPool"
 
 DSAKeyFile=/etc/ssh_host_dsa_key
 RSA2KeyFile=/etc/ssh_host_rsa_key
 RSA1KeyFile=/etc/ssh_host_key
 keyGenerator=$openSSHDir/bin/ssh-keygen
 
 sshdConfig=/etc/sshd_config"
 sshdPIDFile=sshd.pid
 sshdCmd=$openSSHDir/sbin/sshd"
 sshdCmdOptions=""
 
 #
 # Checks for the existence of the host DSA key (protocol version 2)
 #
 DSAKeyExists() {
     [ -f "$DSAKeyFile" ] && return 0
     return 1
 }
 
 #
 # Checks for the existence of the host RSA key (protocol version 2)
 #
 RSA2KeyExists() {
     [ -f "$RSA2KeyFile" ] && return 0
     return 1
 }
 
 #
 # Checks for the existence of the RSA host key (protocol version 1)
 #
 RSA1KeyExists() {
     [ -f "$RSA1KeyFile" ] && return 0
     return 1
 }
 
 #
 # Checks for the existence of the PRNGD initial seed
 #
 PRNGDSeedExists() {
     [ -s "$PRNGDSeedFile" ] && return 0
     return 1
 }
 
 #
 # Configures the appropriate PRNGD config file
 #
 setPRNGDConfigFile() {
     [ ! -f "/etc/prngd.conf" ] && {
 	OSrev=`uname -r`
 	case "$OSrev" in
 	    "5.7"|"5.8"|"5.9")
 		ln -s /etc/prngd.conf-solaris-2.7 /etc/prngd.conf"
 		;;
 	    *)
 		ln -s /etc/prngd.conf-solaris-2.6 /etc/prngd.conf"
 		;;
 	esac
     }
 }
 
 #
 # Generates DSA (protocol version 2) key
 #
 generateDSAKey() {
     echo "Generating OpenSSH server DSA (protocol version 2) key...\c"
     if $keyGenerator -q -t dsa -f $DSAKeyFile -N ''; then
 	echo "done."
     else
 	echo "failed!"
     fi
 }
 
 #
 # Generates RSA (protocol version 2) key
 #
 generateRSA2Key() {
     echo "Generating OpenSSH server RSA (protocol version 2) key...\c"
     if $keyGenerator -q -t rsa -f $RSA2KeyFile -N ''; then
 	echo "done."
     else
 	echo "failed!"
     fi
 }
 
 #
 # Generates RSA (protocol version 1) key
 #
 generateRSA1Key() {
     echo "Generating OpenSSH server RSA (protocol version 1) key...\c"
     if $keyGenerator -q -t rsa1 -f $RSA1KeyFile -N ''; then
 	echo "done."
     else
 	echo "failed!"
     fi
 }
 
 #
 # Checks for keys and generates them if necessary
 #
 generateKeys() {
     if DSAKeyExists; then
 	echo "OpenSSH DSA key exists: $DSAKeyFile"
     else
 	generateDSAKey
     fi
 
     if RSA2KeyExists; then
 	echo "OpenSSH RSA2 key exists: $RSA2KeyFile"
     else
 	generateRSA2Key
     fi
 
     if RSA1KeyExists; then
 	echo "OpenSSH RSA1 key exists: $RSA1KeyFile"
     else
 	generateRSA1Key
     fi
 }
 
 #
 # Checks for the seed file and generates one if necessary
 #
 generateSeed() {
     if [ "$usePRNGD" = "yes" ]; then
 	if PRNGDSeedExists; then
 	    echo "PRNGD seed exists: $PRNGDSeedFile"
 	else
 	    echo "Generating PRNGD initial seed file...\c"
 	    touch $PRNGDSeedFile
 	    chmod 600 $PRNGDSeedFile
 	    # Newly installed system may not have log files
 	    [ -s /var/adm/messages ] && \
 		cat /var/adm/messages >> $PRNGDSeedFile
 	    [ -s /var/log/syslog ] && \
 		cat /var/log/syslog >> $PRNGDSeedFile
 	    [ -s /var/cron/log ] && \
 		cat /var/cron/log >> $PRNGDSeedFile
 	    ls -alni /proc >> $PRNGDSeedFile
 	    ps -efly >> $PRNGDSeedFile
 	    chmod 400 $PRNGDSeedFile
 	    echo "done."
 	fi
     else
 	echo "PRNGD is not configured to operate with OpenSSH."
     fi
 }
 
 #
 # Start the OpenSSH server process
 #
 startSSHD() {
     # check for configuration file
     if [ ! -f "$sshdConfig" ]; then
 	echo "OpenSSH is not configured.  Missing file $sshdConfig."
 	exit 1
     fi
 
     # check for all of the keys
     if DSAKeyExists && RSA2KeyExists && RSA1KeyExists; then 
 	:
     else
 	generateKeys
     fi
 
     $sshdCmd $sshdCmdOptions
 }
 
 #
 # Start the PRNGD process
 #
 startPRNGD() {
     if [ "$usePRNGD" = "yes" ]; then
 	if PRNGDSeedExists; then
 	    :
 	else 
 	    generateSeed
 	fi
 
 	setPRNGDConfigFile
 
 	# check that the directory containing the entropy pool exists
 	[ ! -d $PRNGDEntropyDir ] && mkdir -p $PRNGDEntropyDir
 
 	$PRNGDCmd $PRNGDCmdOptions
     else
 	echo "PRNGD is not configured to operate with OpenSSH."
     fi
 }
 
 #
 # Stop the OpenSSH server process
 #
 stopSSHD() {
     realPIDFile=""
     if [ -r "/etc/$sshdPIDFile" ]; then
 	realPIDFile=/etc/$sshdPIDFile
     elif [ -r "/var/run/$sshdPIDFile" ]; then
 	realPIDFile=/var/run/$sshdPIDFile
     else
 	echo "OpenSSH server process ID (PID) file cannot be located."
     fi
 
     [ -n "$realPIDFile" ] && kill -TERM `cat $realPIDFile`
 }
 
 #
 # Stop the PRNGD process
 #
 stopPRNGD() {
     # PRNGD has its own built method to shutdown and save its seed
     $PRNGDCmd --kill $PRNGDEntropyPool > /dev/null 2>&1
 }
 
 #
 # Parse command argument
 #
 case "$1" in
     'start')
 	# start the PRNGD process first to gather entropy
 	startPRNGD
 	startSSHD
 	;;
 
     'stop')
 	stopSSHD
 	stopPRNGD
 	;;
 
     'restart')
 	stopSSHD
 	stopPRNGD
 
 	startPRNGD
 	startSSHD
 	;;
 
     'keygen')
 	# start PRNGD because key generation requires it
 	stopSSHD
 	startPRNGD
 
 	generateKeys
 	stopPRNGD
 	;;
 
     'seedgen')
 	generateSeed
 	;;
 
     *)
 	echo "Usage: $0 { start | stop | restart | keygen | seedgen }"
 	;;
 
 esac
 
 exit 0