lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

rc: add deprecated host keys if available, but do not generate them; #1200

Browse Source
This commit is contained in:
Franco Fichtner 2016-09-29 07:00:33 +02:00
parent 3126c61690
commit 19fdd02d47
1 changed files with 44 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/etc/rc.sshd
View File

@ -66,8 +66,17 @@ $keys = array(
'ed25519' => 'ssh_host_ed25519_key',
);
foreach($keys as $name) {
$file = "{$etc_ssh}/etc/ssh/{$name}";
$keys_dep = array(
/* .pub files are implied */
'rsa1' => 'ssh_host_key',
'dsa' => 'ssh_host_dsa_key',
);
$keys_all = array_merge($keys, $keys_dep);
foreach ($keys_all as $name) {
/* this is one of the infamous UFS workarounds ;) */
$file = "{$etc_ssh}/{$name}";
if (file_exists($file) && filesize($file) == 0) {
unlink($file);
}
@ -83,38 +92,12 @@ foreach($keys as $name) {
/* Login related files. */
touch("/var/log/lastlog");
$sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
$sshconf = "# This file was automatically generated by /usr/local/etc/rc.sshd\n";
$sshconf .= "Port {$sshport}\n";
$sshconf .= "Protocol 2\n";
/* XXX a couple of those need moar cleanups: */
$sshconf .= "Compression yes\n";
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
$sshconf .= "PubkeyAuthentication yes\n";
$sshconf .= "Subsystem\tsftp\tinternal-sftp\n";
if (isset($sshcfg['permitrootlogin'])) {
$sshconf .= "PermitRootLogin yes\n";
}
if (isset($sshcfg['passwordauth'])) {
$sshconf .= "ChallengeResponseAuthentication yes\n";
$sshconf .= "PasswordAuthentication yes\n";
} else {
$sshconf .= "ChallengeResponseAuthentication no\n";
$sshconf .= "PasswordAuthentication no\n";
}
/* Write the new sshd config file */
file_put_contents("{$etc_ssh}/sshd_config", $sshconf);
/* are we already running? if so exit */
if (is_subsystem_dirty('sshdkeys')) {
return;
}
// Check for all needed key files. If any are missing, the keys need to be regenerated.
/* Check for all needed key files. If any are missing, the keys need to be regenerated. */
$generate_keys = false;
foreach ($keys as $name) {
$file = "{$etc_ssh}/{$name}";
@ -135,6 +118,38 @@ if ($generate_keys) {
log_error('Completed creating your SSH keys. SSH will now be started.');
}
$sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
$sshconf = "# This file was automatically generated by /usr/local/etc/rc.sshd\n";
$sshconf .= "Port {$sshport}\n";
$sshconf .= "Protocol 2\n";
$sshconf .= "Compression yes\n";
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
$sshconf .= "PubkeyAuthentication yes\n";
$sshconf .= "Subsystem\tsftp\tinternal-sftp\n";
if (isset($sshcfg['permitrootlogin'])) {
$sshconf .= "PermitRootLogin yes\n";
}
if (isset($sshcfg['passwordauth'])) {
$sshconf .= "ChallengeResponseAuthentication yes\n";
$sshconf .= "PasswordAuthentication yes\n";
} else {
$sshconf .= "ChallengeResponseAuthentication no\n";
$sshconf .= "PasswordAuthentication no\n";
}
foreach ($keys_all as $name) {
$file = "{$etc_ssh}/{$name}";
if (!file_exists($file)) {
continue;
}
$sshconf .= "HostKey {$file}\n";
}
/* Write the new sshd config file */
file_put_contents("{$etc_ssh}/sshd_config", $sshconf);
/* Launch new server process */
echo "Reloading sshd...";
if (mwexecf('/usr/bin/protect -i %s', $sbin_sshd)) {