diff --git a/src/etc/rc.sshd b/src/etc/rc.sshd index be4ea3e74..6e37f422f 100755 --- a/src/etc/rc.sshd +++ b/src/etc/rc.sshd @@ -4,6 +4,7 @@ /* Copyright (C) 2004 Scott K Ullrich Copyright (C) 2004 Fred Mol . + Copyright (C) 2015 Franco Fichtner All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,10 +29,10 @@ POSSIBILITY OF SUCH DAMAGE. */ -require_once("globals.inc"); -require_once("config.inc"); -require_once("functions.inc"); -require_once("shaper.inc"); +require_once('globals.inc'); +require_once('config.inc'); +require_once('functions.inc'); +require_once('shaper.inc'); killbyname('sshd'); @@ -44,26 +45,46 @@ if (!is_subsystem_dirty('sshdkeys')) { conf_mount_rw(); } -if (file_exists('/conf/sshd/ssh_host_key') && !file_exists('/etc/ssh/ssh_host_key')) { - mwexec('/bin/cp -p /conf/sshd/* /etc/ssh/'); -} - $keys = array( - 'ssh_host_key', - 'ssh_host_key.pub', - 'ssh_host_dsa_key', - 'ssh_host_dsa_key.pub', - 'ssh_host_rsa_key', - 'ssh_host_rsa_key.pub', - 'ssh_host_ecdsa_key', - 'ssh_host_ecdsa_key.pub', - //'ssh_host_ed25519_key', - //'ssh_host_ed25519_key.pub' + /* .pub files are implied */ + 'rsa1' => 'ssh_host_key', + 'rsa' => 'ssh_host_rsa_key', + 'dsa' => 'ssh_host_dsa_key', + 'ecdsa' => 'ssh_host_ecdsa_key', + 'ed25519' => 'ssh_host_ed25519_key', ); -foreach($keys as $f2c) { - if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) { - unlink("/etc/ssh/{$f2c}"); +if (file_exists('/usr/local/sbin/sshd')) { + /* use the ports version */ + $bin_ssh_keygen = '/usr/local/bin/ssh-keygen'; + $sbin_sshd = '/usr/local/sbin/sshd'; + $etc_ssh = '/usr/local/etc/ssh'; +} elseif (file_exists('/usr/sbin/sshd')) { + /* use the base version (legacy fallback) */ + $bin_ssh_keygen = '/usr/bin/ssh-keygen'; + $sbin_sshd = '/usr/sbin/sshd'; + $etc_ssh = '/etc/ssh'; + /* mode is not supported */ + unset($keys['ed25519']); +} else { + /* the infamous "this should never happen" */ + log_error(_('Could not find an SSH implementation on your system.')); + return; +} + +/* reinstall the backup if it is available */ +if (file_exists('/conf/sshd/ssh_host_key') && !file_exists("{$etc_ssh}/ssh_host_key")) { + mwexec("/bin/cp -p /conf/sshd/* {$etc_ssh}/"); +} + +foreach($keys as $name) { + $file = "{$etc_ssh}/etc/ssh/{$name}"; + if (file_exists($file) && filesize($file) == 0) { + unlink($file); + } + $file = "{$file}.pub"; + if (file_exists($file) && filesize($file) == 0) { + unlink($file); } } @@ -73,8 +94,6 @@ foreach($keys as $f2c) { /* Login related files. */ touch("/var/log/lastlog"); -$sshConfigDir = "/etc/ssh"; - if (isset($config['system']['ssh']['port'])) { $sshport = $config['system']['ssh']['port']; } else { @@ -112,7 +131,7 @@ if (isset($config['system']['ssh']['sshdkeyonly'])) { } /* Write the new sshd config file */ -file_put_contents('/etc/ssh/sshd_config', $sshconf); +file_put_contents("{$etc_ssh}/sshd_config", $sshconf); /* are we already running? if so exit */ if (is_subsystem_dirty('sshdkeys')) { @@ -121,8 +140,9 @@ if (is_subsystem_dirty('sshdkeys')) { // Check for all needed key files. If any are missing, the keys need to be regenerated. $generate_keys = false; -foreach ($keys as $f2c) { - if (!file_exists("/etc/ssh/{$f2c}")) { +foreach ($keys as $name) { + $file = "{$etc_ssh}/{$name}"; + if (!file_exists($file) || !file_exists("{$file}.pub")) { $generate_keys = true; break; } @@ -131,27 +151,25 @@ foreach ($keys as $f2c) { if ($generate_keys) { log_error(_('Started creating your SSH keys. SSH startup is being delayed a wee bit.')); mark_subsystem_dirty('sshdkeys'); - mwexec('/bin/rm /etc/ssh/ssh_host_*', true); - mwexec("/usr/bin/ssh-keygen -t rsa1 -N '' -f {$sshConfigDir}/ssh_host_key"); - mwexec("/usr/bin/ssh-keygen -t rsa -N '' -f {$sshConfigDir}/ssh_host_rsa_key"); - mwexec("/usr/bin/ssh-keygen -t dsa -N '' -f {$sshConfigDir}/ssh_host_dsa_key"); - mwexec("/usr/bin/ssh-keygen -t ecdsa -N '' -f {$sshConfigDir}/ssh_host_ecdsa_key"); - //mwexec("/usr/bin/ssh-keygen -t ed25519 -N '' -f {$sshConfigDir}/ssh_host_ed25519_key"); + mwexec("/bin/rm -f {$etc_ssh}/ssh_host_*"); + foreach ($keys as $type => $name) { + mwexec(sprintf('%s -t %s -N "" -f %s/%s', $bin_ssh_keygen, $type, $etc_ssh, $name)); + } clear_subsystem_dirty('sshdkeys'); log_error(_('Completed creating your SSH keys. SSH will now be started.')); } /* Launch new server process */ echo "Reloading sshd..."; -if (mwexec('/usr/sbin/sshd')) { +if (mwexec($sbin_sshd)) { echo "failed.\n"; } else { echo "done.\n"; } -/* back up files in case they are useful */ +/* back up files in case they are useful ;) */ @mkdir('/conf/sshd', 0777, true); -mwexec('/bin/cp -p /etc/ssh/ssh_host* /conf/sshd'); +mwexec("/bin/cp -p ${etc_ssh}/ssh_host_* /conf/sshd/"); conf_mount_ro(); unset($keys);