mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
141 lines
4.5 KiB
PHP
Executable File
141 lines
4.5 KiB
PHP
Executable File
#!/usr/local/bin/php
|
|
<?php
|
|
|
|
/*
|
|
* Copyright (C) 2004 Scott K Ullrich
|
|
* Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
|
|
* Copyright (C) 2015-2016 Franco Fichtner <franco@opnsense.org>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
require_once('config.inc');
|
|
require_once("util.inc");
|
|
|
|
/* if run from a shell session, `-af' and the full path is needed */
|
|
mwexecf('/bin/pkill -af %s', '/usr/local/sbin/sshd', true);
|
|
|
|
$sshcfg = null;
|
|
|
|
if (isset($config['system']['ssh'])) {
|
|
if (isset($config['system']['ssh']['enabled'])) {
|
|
$sshcfg = $config['system']['ssh'];
|
|
}
|
|
} elseif (count($argv) > 1 && $argv[1] == 'installer') {
|
|
/* only revert to installer config when ssh is not set at all */
|
|
$sshcfg = array('permitrootlogin' => 1, 'passwordauth' => 1);
|
|
}
|
|
|
|
if ($sshcfg === null) {
|
|
return;
|
|
}
|
|
|
|
/* make sshd key store */
|
|
@mkdir('/conf/sshd', 0777, true);
|
|
|
|
/* make ssh home directory */
|
|
@mkdir('/var/empty', 0555, true);
|
|
|
|
/* Login related files. */
|
|
touch('/var/log/lastlog');
|
|
|
|
$keys = array(
|
|
/* .pub files are implied */
|
|
'rsa' => 'ssh_host_rsa_key',
|
|
'ecdsa' => 'ssh_host_ecdsa_key',
|
|
'ed25519' => 'ssh_host_ed25519_key',
|
|
);
|
|
|
|
$keys_dep = array(
|
|
/* .pub files are implied */
|
|
'dsa' => 'ssh_host_dsa_key',
|
|
);
|
|
|
|
$keys_all = array_merge($keys, $keys_dep);
|
|
|
|
/* Check for all needed key files. If any are missing, the keys need to be regenerated. */
|
|
$generate_keys = false;
|
|
foreach ($keys as $name) {
|
|
$file = "/conf/sshd/{$name}";
|
|
if (!file_exists($file) || !file_exists("{$file}.pub")) {
|
|
$generate_keys = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ($generate_keys) {
|
|
if (is_subsystem_dirty('sshdkeys')) {
|
|
return;
|
|
}
|
|
log_error('Started creating your SSH keys. SSH startup is being delayed a wee bit.');
|
|
mark_subsystem_dirty('sshdkeys');
|
|
foreach ($keys as $type => $name) {
|
|
$file = "/conf/sshd/{$name}";
|
|
@unlink("{$file}.pub");
|
|
@unlink($file);
|
|
mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', array($type, $file));
|
|
}
|
|
clear_subsystem_dirty('sshdkeys');
|
|
log_error('Completed creating your SSH keys. SSH will now be started.');
|
|
}
|
|
|
|
$sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
|
|
|
|
$sshconf = "# This file was automatically generated by /usr/local/etc/rc.sshd\n";
|
|
$sshconf .= "Port {$sshport}\n";
|
|
$sshconf .= "Protocol 2\n";
|
|
$sshconf .= "Compression yes\n";
|
|
$sshconf .= "ClientAliveInterval 30\n";
|
|
$sshconf .= "UseDNS no\n";
|
|
$sshconf .= "X11Forwarding no\n";
|
|
$sshconf .= "PubkeyAuthentication yes\n";
|
|
$sshconf .= "Subsystem\tsftp\tinternal-sftp\n";
|
|
if (isset($sshcfg['permitrootlogin'])) {
|
|
$sshconf .= "PermitRootLogin yes\n";
|
|
}
|
|
if (isset($sshcfg['passwordauth'])) {
|
|
$sshconf .= "ChallengeResponseAuthentication yes\n";
|
|
$sshconf .= "PasswordAuthentication yes\n";
|
|
} else {
|
|
$sshconf .= "ChallengeResponseAuthentication no\n";
|
|
$sshconf .= "PasswordAuthentication no\n";
|
|
}
|
|
foreach ($keys_all as $name) {
|
|
$file = "/conf/sshd/{$name}";
|
|
if (!file_exists($file)) {
|
|
continue;
|
|
}
|
|
$sshconf .= "HostKey {$file}\n";
|
|
}
|
|
|
|
/* Write the new sshd config file */
|
|
file_put_contents("/usr/local/etc/ssh/sshd_config", $sshconf);
|
|
|
|
/* Launch new server process */
|
|
echo "Reloading sshd...";
|
|
if (mwexecf('/usr/bin/protect -i /usr/local/sbin/sshd')) {
|
|
echo "failed.\n";
|
|
} else {
|
|
echo "done.\n";
|
|
}
|