CVS log for src/etc/rc.d/sshd

Up to [cvs.NetBSD.org] / src / etc / rc.d

Request diff between arbitrary revisions

Keyword substitution: kv
Default branch: MAIN

Remove backwards compat.

Pull up following revision(s) (requested by kim in ticket #1643):

	etc/rc.d/sshd: revision 1.30
	etc/rc.d/sshd: revision 1.33
	etc/rc.d/sshd: revision 1.34
	etc/rc.d/sshd: revision 1.35

simplify more (from rudolf)

/etc/rc.d/sshd: New check cmd and reload precmd.
- check cmd: run `sshd -t' to check sshd_config file
- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

/etc/rc.d/sshd: Stop generating DSA host keys by default.
If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

Pull up following revision(s) (requested by kim in ticket #196):

	etc/rc.d/sshd: revision 1.33
	etc/rc.d/sshd: revision 1.34
	etc/rc.d/sshd: revision 1.35
	etc/rc.d/sshd: revision 1.36

/etc/rc.d/sshd: New check cmd and reload precmd.

- check cmd: run `sshd -t' to check sshd_config file

- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

/etc/rc.d/sshd: Stop generating DSA host keys by default.

If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.

/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

Add some backwards compat.  Adjust grammar.

Add some backwards compat.  Adjust grammar.

/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:

(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

/etc/rc.d/sshd: Stop generating DSA host keys by default.

If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.

/etc/rc.d/sshd: New check cmd and reload precmd.

- check cmd: run `sshd -t' to check sshd_config file

- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

XXX pullup-9
XXX pullup-10

PR 56835: fix sshd startup script to only whine about bogus keys it
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).

Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.

If key generation happens with not enough entropy in the system, add
a warning to motd pointing at entropy(7) and give instructions how to
re-generate the (weak) keys after fixing up entropy.

Add a "keyregen" command, which forces regeneration of all host keys
to simplify the replacement of weak keys.

Mostly merge changes from HEAD upto 20200411

simplify more (from rudolf)

Sync with HEAD

Pull up following revision(s) (requested by jmcneill in ticket #838):

	etc/rc.d/sshd: revision 1.28

Silence ssh-keygen output when host keys are generated. Instead, print only
key fingerprints. This replaces dozens of lines out ASCII art output with
something more reasonable:

armv7# service sshd start
ssh-keygen: 1024 SHA256:ynP4BQ2B0Fknnf9PfF4QoUDlYi0+7rNfYXTOYP2cDic root@armv7 (DSA)
ssh-keygen: 521 SHA256:Eoj382aaJNlSxuq/aYj3AXgxfMJAkyVPoCQd2BNjJiA root@armv7 (ECDSA)
ssh-keygen: 256 SHA256:+e9/qTbbN/g6xvkadtHsmIQ+Pc0afZRxbXJsk2HKIzY root@armv7 (ED25519)
ssh-keygen: 2048 SHA256:urNaF/m6oiCe5hXFZBxGLW2PvLz0ibtRFrqYw6R+qTw root@armv7 (RSA)
ssh-keygen: 256 SHA256:Su2Nal2W3vrFz8ukpcSXngl1/bu6xUm1nSvbxTHe9Js root@armv7 (XMSS)
Starting sshd.

Revert previous: Don't generate XMSS host keys for sshd by default.

XMSS is a stateful post-quantum signature scheme.

- Post-quantum security for _online_ authentication is not important
  until quantum computers become practical; there's no danger of
  retroactive forgery in sessions that have already completed.

- As a stateful signature schemes, XMSS is qualitatively different
  from all the other ones sshd supports, requiring additional
  administrative care: roll back the state (e.g., from a disk backup
  or VM snapshot), and you've shot yourself in the foot.

If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.

Discussed with christos offline.

Silence ssh-keygen output when host keys are generated. Instead, print only
key fingerprints. This replaces dozens of lines out ASCII art output with
something more reasonable:

armv7# service sshd start
ssh-keygen: 1024 SHA256:ynP4BQ2B0Fknnf9PfF4QoUDlYi0+7rNfYXTOYP2cDic root@armv7 (DSA)
ssh-keygen: 521 SHA256:Eoj382aaJNlSxuq/aYj3AXgxfMJAkyVPoCQd2BNjJiA root@armv7 (ECDSA)
ssh-keygen: 256 SHA256:+e9/qTbbN/g6xvkadtHsmIQ+Pc0afZRxbXJsk2HKIzY root@armv7 (ED25519)
ssh-keygen: 2048 SHA256:urNaF/m6oiCe5hXFZBxGLW2PvLz0ibtRFrqYw6R+qTw root@armv7 (RSA)
ssh-keygen: 256 SHA256:Su2Nal2W3vrFz8ukpcSXngl1/bu6xUm1nSvbxTHe9Js root@armv7 (XMSS)
Starting sshd.

Sync with HEAD, resolve some conflicts

Simplify so we don't have to hard-code the key filenames in two places.

Sync with HEAD.  77 conflicts resolved - all of them $NetBSD$

support xmss keys

Pull up following revision(s) (requested by sevan in ticket #420):
	etc/rc.d/sshd: revision 1.25
Do away with (not well specified, even if it happens to work) absurd
15 arg test ([ ]) expression, and replace it with several well defined
2 arg tests, combined with (also well defined) sh syntax.

Do away with (not well specified, even if it happens to work) absurd
15 arg test ([ ]) expression, and replace it with several well defined
2 arg tests, combined with (also well defined) sh syntax.

Pull up following revision(s) (requested by sevan in ticket #321):
	etc/rc.d/sshd: revision 1.24
Don't try to generate sshv1 keys on new systems.

With the new version of OpenSSH, SSHv1 is no longer supported server-side.
Along with that rsa1 type keys are no longer supported.
Don't try to generate such keys on new systems.

ok christos

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22
	etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22
	etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22-1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Pull up following revision(s) (requested by nakayama in ticket #728):
	etc/rc.d/sshd: revision 1.23
Add new keytype, replace duplicated code with loop

Add new keytype, replace duplicated code with loop

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

resync with head

PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.

generate ecdsa key

Add an _rc_subr_loaded variable, set to ":" by rc.subr.  Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.

Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.

deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).

Don't assume that $0 is this script.

Wrap long lines.

Set command_args to '-f ${sshd_conf_dir}/${name}.conf'.
This occurs before the first load_rc_config() so that it may be
overridden by the user, and appears in single quotes so the
variables don't get evaluated until the eval in run_rc_command().
Problem noted by Patrick Welche <prlw1@cam.ac.uk> in [bin/15912].

Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.

be consistent with other scripts when temporarily setting umask to 022

set the umask to 022 (remembering the previous setting) for ssh_keygen()

Pull up revision 1.10 (requested by itojun):
  Auto-generate SSH protocol version 2 RSA key.
  Use newer command syntax (``-t <type>'' instead of ``-d'').
(fix to previous)

Pull up revision 1.9 (requested by itojun):
  Auto-generate SSH protocol version 2 RSA key.
  Use newer command syntax (``-t <type>'' instead of ``-d'').

check existence of /etc/ssh_host_rsa_key too

auto-generate SSH protocol version 2 RSA key.
use newer command line syntax for ssh-keygen (-t <type>, instead of -d)

pull up rev 1.8 (approved by thorpej):
	- always use $rcvar to determine the name of the var to checkyesno
	- fix force*

Sync this with rev 1.8.

- only perform the checkyesno on the variable named in $rcvar (rather than
  implicitly using $name if $rcvar isn't set), and always perform this check,
  even when using start_cmd (et al).
  this check is performed before the pidcmd
  is run, speeding up scripts that weren't going to be run anyway.
  this should speed up booting slow systems.

- take advantage of the above and remove
	start_precmd="checkyesno foo"
  in scripts that use start_cmd.

- explicitly set rcvar=foo in the rc.d/foo scripts which have an equivalent
  rc.conf entry

- fix `rcvar' and `restart' when $rcvar isn't set.
  these above changes fix PR [bin/11027].

- when doing `force*', ignore the return value of *_precmd.
  this fixes PR [bin/10781].

- rename what sysdb provides from `databases' to `sysdb', to reflect
  the name of the script.

- improve the comments in rc.subr

- sshd has a pid file, so take advantage of it
- support `reload' arg (using default of SIGHUP)

- provide sshd not ssh
- don't start until after LOGIN (after NETWORK is way too early)
- KNF (as such :)

pull up the following
approved by: thorpej

	etc/rc.d/DAEMON		1.3
	etc/rc.d/LOGIN		1.3
	etc/rc.d/NETWORK	1.1
	etc/rc.d/SERVERS	1.2
	etc/rc.d/cron		1.4
	etc/rc.d/dhclient	1.6
	etc/rc.d/dmesg		1.4
	etc/rc.d/inetd		1.5
	etc/rc.d/lkm1		1.3
	etc/rc.d/lkm2		1.3
	etc/rc.d/lkm3		1.4
	etc/rc.d/motd		1.3
	etc/rc.d/mountcritlocal		1.3-1.4
	etc/rc.d/mountcritremote	1.3
	etc/rc.d/mountd		1.7
	etc/rc.d/network	1.12 1.14
	etc/rc.d/ntpdate	1.4
	etc/rc.d/ppp		1.3-1.4
	etc/rc.d/pwcheck	1.3
	etc/rc.d/rpcbind	1.4
	etc/rc.d/sshd		1.3-1.5
	etc/rc.d/swap1		1.5
	etc/rc.d/swap2		1.4
	etc/rc.d/sysdb		1.3-1.4
	etc/rc.d/syslogd	1.5-1.6
	etc/rc.d/systemfs	REMOVE
	etc/rc.d/virecover	1.3
	etc/rc.d/wscons		1.4
	etc/rc.d/xdm		1.5

summary:

* reword descriptions
* add '# KEYWORD: shutdown' to some of these scripts so that only they get run
  at shutdown time.  now, only scripts with the keyword `shutdown' will be
  run by /etc/rc.shutdown, which speeds up shutdown and makes it more robust
* add new dummy dependancy `NETWORK' to be REQUIREd by services which need
  networking to be operational before starting, and use as appropriate.
  NETWORK depends upon network and dhclient.
* move the guts of systemfs into mountcritlocal
* replace the dependancy on systemfs with mountcritremote, and remove the
  former.
* SERVERS now also depends upon ppp
* move recreating /var/run/utmp from mountcritlocal (where /var/run is
  purged but /usr/bin/install is not available) to sysdb.
  problem noted by Matthias Drochner.
* share the same load_rc_config between the lkm* scripts
* network: Don't warn that $hostname isn't set if the hostname is already set.
* network: reenable stop_cmd now that network doesn't get run at shutdown
* add sshd startup script
* use "load_rc_config swap" for swap1 and swap2
* syslog requires databases from sysdb which creates /var/run/utmp.

Should fix PRs:
    [install/9853] [bin/10002] [misc/10349] [port-i386/10633] [misc/10641]

file sshd was added on branch netbsd-1-5 on 2000-08-09 19:09:46 +0000

Change name of precmd from start_precmd to sshd_precmd.  While it worked
fine as was, the result was the line `start_precmd=start_precmd' which
looked odd.  Pointed out by Bernd Ernesti.

While here, add NetBSD RCS Id.

BTW, to clarify, as people have asked:  this script does not support
pkgsrc/security/sshd -- that package comes with a perfectly fine rc script
which in addition to supporting /etc/rc.d can also be used with 1.4.X.

This script will not trivially work with the ssh package as it a.) calls
the ssh commands at the pathnames they will be installed at by usr.bin/ssh,
and b.) generates a DSA key as well as an RSA key.

Correct apparent past-o: RSA -> DSA

An sshd startup script for use with usr.bin/sshd.  Installation is conditional
on ${SSHDIST}, as with usr.bin/ssh itself.

This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.

* replace daemon, login, servers with DAEMON, LOGIN, SERVERS
* remove sshd (it was from my private system)

rc.d scripts derived from /etc/rc

Initial revision