From 0afa03c7dc20c834df24e9baf6e83b6feee4e375 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 6 Jul 2015 11:54:24 +0200 Subject: [PATCH] rc: use protect(1) on sshd(8); low memory systems need that While there, make the script run from a secure shell as well. --- src/etc/rc.sshd | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/src/etc/rc.sshd b/src/etc/rc.sshd index 2f949ed4d..25357932c 100755 --- a/src/etc/rc.sshd +++ b/src/etc/rc.sshd @@ -33,12 +33,22 @@ require_once('globals.inc'); require_once('config.inc'); require_once('functions.inc'); -killbyname('sshd'); +$bin_ssh_keygen = '/usr/local/bin/ssh-keygen'; +$sbin_sshd = '/usr/local/sbin/sshd'; +$etc_ssh = '/usr/local/etc/ssh'; + +/* if run from a shell session, `-af' and the full path is needed */ +mwexecf('/bin/pkill -af %s', $sbin_sshd); if (!isset($config['system']['ssh']['enabled'])) { return; } +/* reinstall the backup if it is available */ +if (file_exists('/conf/sshd/ssh_host_key') && !file_exists("{$etc_ssh}/ssh_host_key")) { + mwexec("/bin/cp -p /conf/sshd/* {$etc_ssh}/"); +} + $keys = array( /* .pub files are implied */ 'rsa1' => 'ssh_host_key', @@ -48,15 +58,6 @@ $keys = array( 'ed25519' => 'ssh_host_ed25519_key', ); -$bin_ssh_keygen = '/usr/local/bin/ssh-keygen'; -$sbin_sshd = '/usr/local/sbin/sshd'; -$etc_ssh = '/usr/local/etc/ssh'; - -/* reinstall the backup if it is available */ -if (file_exists('/conf/sshd/ssh_host_key') && !file_exists("{$etc_ssh}/ssh_host_key")) { - mwexec("/bin/cp -p /conf/sshd/* {$etc_ssh}/"); -} - foreach($keys as $name) { $file = "{$etc_ssh}/etc/ssh/{$name}"; if (file_exists($file) && filesize($file) == 0) { @@ -141,7 +142,7 @@ if ($generate_keys) { /* Launch new server process */ echo "Reloading sshd..."; -if (mwexec($sbin_sshd)) { +if (mwexecf('/usr/bin/protect -i %s', $sbin_sshd)) { echo "failed.\n"; } else { echo "done.\n"; @@ -150,5 +151,3 @@ if (mwexec($sbin_sshd)) { /* back up files in case they are useful ;) */ @mkdir('/conf/sshd', 0777, true); mwexec("/bin/cp -p ${etc_ssh}/ssh_host_* /conf/sshd/"); - -unset($keys);