The NetBSD Project

CVS log for src/etc/rc.d/sshd

[BACK] Up to [cvs.NetBSD.org] / src / etc / rc.d

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.37 / (download) - annotate - [select for diffs], Sat Jul 22 08:51:28 2023 UTC (8 months, 4 weeks ago) by kim
Branch: MAIN
CVS Tags: HEAD
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored) to selected 1.15 (colored) 

Remove backwards compat.

Revision 1.29.4.1 / (download) - annotate - [select for diffs], Wed Jun 21 16:06:14 2023 UTC (9 months, 4 weeks ago) by martin
Branch: netbsd-9
Changes since 1.29: +18 -7 lines
Diff to previous 1.29 (colored) next main 1.30 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by kim in ticket #1643):

	etc/rc.d/sshd: revision 1.30
	etc/rc.d/sshd: revision 1.33
	etc/rc.d/sshd: revision 1.34
	etc/rc.d/sshd: revision 1.35

simplify more (from rudolf)

/etc/rc.d/sshd: New check cmd and reload precmd.
- check cmd: run `sshd -t' to check sshd_config file
- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

/etc/rc.d/sshd: Stop generating DSA host keys by default.
If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

Revision 1.32.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 15:16:17 2023 UTC (9 months, 4 weeks ago) by martin
Branch: netbsd-10
CVS Tags: netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1
Changes since 1.32: +19 -8 lines
Diff to previous 1.32 (colored) next main 1.33 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by kim in ticket #196):

	etc/rc.d/sshd: revision 1.33
	etc/rc.d/sshd: revision 1.34
	etc/rc.d/sshd: revision 1.35
	etc/rc.d/sshd: revision 1.36

/etc/rc.d/sshd: New check cmd and reload precmd.

- check cmd: run `sshd -t' to check sshd_config file

- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

/etc/rc.d/sshd: Stop generating DSA host keys by default.

If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.

/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

Add some backwards compat.  Adjust grammar.

Revision 1.36 / (download) - annotate - [select for diffs], Sat Jun 10 04:02:39 2023 UTC (10 months, 1 week ago) by kim
Branch: MAIN
Changes since 1.35: +5 -5 lines
Diff to previous 1.35 (colored) to selected 1.15 (colored) 

Add some backwards compat.  Adjust grammar.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Jun 5 11:59:12 2023 UTC (10 months, 2 weeks ago) by riastradh
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored) to selected 1.15 (colored) 

/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:

(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

Revision 1.34 / (download) - annotate - [select for diffs], Mon Jun 5 11:51:19 2023 UTC (10 months, 2 weeks ago) by riastradh
Branch: MAIN
Changes since 1.33: +1 -2 lines
Diff to previous 1.33 (colored) to selected 1.15 (colored) 

/etc/rc.d/sshd: Stop generating DSA host keys by default.

If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.

Revision 1.33 / (download) - annotate - [select for diffs], Fri May 26 10:44:59 2023 UTC (10 months, 3 weeks ago) by riastradh
Branch: MAIN
Changes since 1.32: +14 -2 lines
Diff to previous 1.32 (colored) to selected 1.15 (colored) 

/etc/rc.d/sshd: New check cmd and reload precmd.

- check cmd: run `sshd -t' to check sshd_config file

- reload precmd: run check cmd before reloading so we don't nuke sshd
  if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

XXX pullup-9
XXX pullup-10

Revision 1.32 / (download) - annotate - [select for diffs], Sun May 15 11:47:42 2022 UTC (23 months ago) by martin
Branch: MAIN
CVS Tags: netbsd-10-base
Branch point for: netbsd-10
Changes since 1.31: +6 -2 lines
Diff to previous 1.31 (colored) to selected 1.15 (colored) 

PR 56835: fix sshd startup script to only whine about bogus keys it
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).

Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.

Revision 1.31 / (download) - annotate - [select for diffs], Sun Sep 26 10:53:20 2021 UTC (2 years, 6 months ago) by martin
Branch: MAIN
Changes since 1.30: +31 -3 lines
Diff to previous 1.30 (colored) to selected 1.15 (colored) 

If key generation happens with not enough entropy in the system, add
a warning to motd pointing at entropy(7) and give instructions how to
re-generate the (weak) keys after fixing up entropy.

Add a "keyregen" command, which forces regeneration of all host keys
to simplify the replacement of weak keys.

Revision 1.29.2.1 / (download) - annotate - [select for diffs], Mon Apr 13 07:45:46 2020 UTC (4 years ago) by martin
Branch: phil-wifi
Changes since 1.29: +6 -6 lines
Diff to previous 1.29 (colored) next main 1.30 (colored) to selected 1.15 (colored) 

Mostly merge changes from HEAD upto 20200411

Revision 1.30 / (download) - annotate - [select for diffs], Wed Oct 23 14:45:38 2019 UTC (4 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.29: +6 -6 lines
Diff to previous 1.29 (colored) to selected 1.15 (colored) 

simplify more (from rudolf)

Revision 1.25.2.3 / (download) - annotate - [select for diffs], Mon Jun 25 07:25:11 2018 UTC (5 years, 9 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.25.2.2: +3 -3 lines
Diff to previous 1.25.2.2 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored) to selected 1.15 (colored) 

Sync with HEAD

Revision 1.23.8.3 / (download) - annotate - [select for diffs], Thu Jun 7 16:11:49 2018 UTC (5 years, 10 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2
Changes since 1.23.8.2: +3 -2 lines
Diff to previous 1.23.8.2 (colored) to branchpoint 1.23 (colored) next main 1.24 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by jmcneill in ticket #838):

	etc/rc.d/sshd: revision 1.28

Silence ssh-keygen output when host keys are generated. Instead, print only
key fingerprints. This replaces dozens of lines out ASCII art output with
something more reasonable:

armv7# service sshd start
ssh-keygen: 1024 SHA256:ynP4BQ2B0Fknnf9PfF4QoUDlYi0+7rNfYXTOYP2cDic root@armv7 (DSA)
ssh-keygen: 521 SHA256:Eoj382aaJNlSxuq/aYj3AXgxfMJAkyVPoCQd2BNjJiA root@armv7 (ECDSA)
ssh-keygen: 256 SHA256:+e9/qTbbN/g6xvkadtHsmIQ+Pc0afZRxbXJsk2HKIzY root@armv7 (ED25519)
ssh-keygen: 2048 SHA256:urNaF/m6oiCe5hXFZBxGLW2PvLz0ibtRFrqYw6R+qTw root@armv7 (RSA)
ssh-keygen: 256 SHA256:Su2Nal2W3vrFz8ukpcSXngl1/bu6xUm1nSvbxTHe9Js root@armv7 (XMSS)
Starting sshd.

Revision 1.29 / (download) - annotate - [select for diffs], Sat May 26 19:18:11 2018 UTC (5 years, 10 months ago) by riastradh
Branch: MAIN
CVS Tags: phil-wifi-base, phil-wifi-20190609, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Branch point for: phil-wifi, netbsd-9
Changes since 1.28: +1 -2 lines
Diff to previous 1.28 (colored) to selected 1.15 (colored) 

Revert previous: Don't generate XMSS host keys for sshd by default.

XMSS is a stateful post-quantum signature scheme.

- Post-quantum security for _online_ authentication is not important
  until quantum computers become practical; there's no danger of
  retroactive forgery in sessions that have already completed.

- As a stateful signature schemes, XMSS is qualitatively different
  from all the other ones sshd supports, requiring additional
  administrative care: roll back the state (e.g., from a disk backup
  or VM snapshot), and you've shot yourself in the foot.

If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.

Discussed with christos offline.

Revision 1.28 / (download) - annotate - [select for diffs], Sat May 26 00:17:54 2018 UTC (5 years, 10 months ago) by jmcneill
Branch: MAIN
Changes since 1.27: +3 -2 lines
Diff to previous 1.27 (colored) to selected 1.15 (colored) 

Silence ssh-keygen output when host keys are generated. Instead, print only
key fingerprints. This replaces dozens of lines out ASCII art output with
something more reasonable:

armv7# service sshd start
ssh-keygen: 1024 SHA256:ynP4BQ2B0Fknnf9PfF4QoUDlYi0+7rNfYXTOYP2cDic root@armv7 (DSA)
ssh-keygen: 521 SHA256:Eoj382aaJNlSxuq/aYj3AXgxfMJAkyVPoCQd2BNjJiA root@armv7 (ECDSA)
ssh-keygen: 256 SHA256:+e9/qTbbN/g6xvkadtHsmIQ+Pc0afZRxbXJsk2HKIzY root@armv7 (ED25519)
ssh-keygen: 2048 SHA256:urNaF/m6oiCe5hXFZBxGLW2PvLz0ibtRFrqYw6R+qTw root@armv7 (RSA)
ssh-keygen: 256 SHA256:Su2Nal2W3vrFz8ukpcSXngl1/bu6xUm1nSvbxTHe9Js root@armv7 (XMSS)
Starting sshd.

Revision 1.25.2.2 / (download) - annotate - [select for diffs], Mon Apr 16 01:57:33 2018 UTC (6 years ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.25.2.1: +9 -17 lines
Diff to previous 1.25.2.1 (colored) to branchpoint 1.25 (colored) to selected 1.15 (colored) 

Sync with HEAD, resolve some conflicts

Revision 1.27 / (download) - annotate - [select for diffs], Mon Apr 9 15:02:39 2018 UTC (6 years ago) by christos
Branch: MAIN
CVS Tags: pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415
Changes since 1.26: +9 -17 lines
Diff to previous 1.26 (colored) to selected 1.15 (colored) 

Simplify so we don't have to hard-code the key filenames in two places.

Revision 1.25.2.1 / (download) - annotate - [select for diffs], Sat Apr 7 04:11:58 2018 UTC (6 years ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored) to selected 1.15 (colored) 

Sync with HEAD.  77 conflicts resolved - all of them $NetBSD$

Revision 1.26 / (download) - annotate - [select for diffs], Sat Apr 7 00:41:16 2018 UTC (6 years ago) by christos
Branch: MAIN
CVS Tags: pgoyette-compat-0407
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored) to selected 1.15 (colored) 

support xmss keys

Revision 1.23.8.2 / (download) - annotate - [select for diffs], Sun Dec 10 09:44:48 2017 UTC (6 years, 4 months ago) by snj
Branch: netbsd-8
CVS Tags: netbsd-8-0-RC1
Changes since 1.23.8.1: +5 -5 lines
Diff to previous 1.23.8.1 (colored) to branchpoint 1.23 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by sevan in ticket #420):
	etc/rc.d/sshd: revision 1.25
Do away with (not well specified, even if it happens to work) absurd
15 arg test ([ ]) expression, and replace it with several well defined
2 arg tests, combined with (also well defined) sh syntax.

Revision 1.25 / (download) - annotate - [select for diffs], Mon Dec 4 14:50:33 2017 UTC (6 years, 4 months ago) by kre
Branch: MAIN
CVS Tags: pgoyette-compat-base, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.24: +5 -5 lines
Diff to previous 1.24 (colored) to selected 1.15 (colored) 


Do away with (not well specified, even if it happens to work) absurd
15 arg test ([ ]) expression, and replace it with several well defined
2 arg tests, combined with (also well defined) sh syntax.

Revision 1.23.8.1 / (download) - annotate - [select for diffs], Mon Dec 4 10:59:46 2017 UTC (6 years, 4 months ago) by snj
Branch: netbsd-8
Changes since 1.23: +2 -4 lines
Diff to previous 1.23 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by sevan in ticket #321):
	etc/rc.d/sshd: revision 1.24
Don't try to generate sshv1 keys on new systems.

Revision 1.24 / (download) - annotate - [select for diffs], Sat Oct 7 21:41:51 2017 UTC (6 years, 6 months ago) by sevan
Branch: MAIN
Changes since 1.23: +2 -4 lines
Diff to previous 1.23 (colored) to selected 1.15 (colored) 

With the new version of OpenSSH, SSHv1 is no longer supported server-side.
Along with that rsa1 type keys are no longer supported.
Don't try to generate such keys on new systems.

ok christos

Revision 1.21.10.1 / (download) - annotate - [select for diffs], Tue Aug 15 05:38:29 2017 UTC (6 years, 8 months ago) by snj
Branch: netbsd-6-0
Changes since 1.21: +26 -38 lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22
	etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Revision 1.21.12.1 / (download) - annotate - [select for diffs], Tue Aug 15 05:36:08 2017 UTC (6 years, 8 months ago) by snj
Branch: netbsd-6-1
Changes since 1.21: +26 -38 lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22
	etc/rc.d/sshd: revision 1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Revision 1.21.4.1 / (download) - annotate - [select for diffs], Tue Aug 15 05:35:01 2017 UTC (6 years, 8 months ago) by snj
Branch: netbsd-6
Changes since 1.21: +26 -38 lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by mrg in ticket #1468):
	etc/rc.d/sshd: revision 1.22-1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

Revision 1.22.10.1 / (download) - annotate - [select for diffs], Sat May 2 18:04:37 2015 UTC (8 years, 11 months ago) by martin
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0
Changes since 1.22: +26 -38 lines
Diff to previous 1.22 (colored) next main 1.23 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by nakayama in ticket #728):
	etc/rc.d/sshd: revision 1.23
Add new keytype, replace duplicated code with loop

Revision 1.23 / (download) - annotate - [select for diffs], Sun Oct 19 16:33:01 2014 UTC (9 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-8-base, matt-nb8-mediatek-base, matt-nb8-mediatek, localcount-20160914, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: netbsd-8
Changes since 1.22: +26 -38 lines
Diff to previous 1.22 (colored) to selected 1.15 (colored) 

Add new keytype, replace duplicated code with loop

Revision 1.21.2.1 / (download) - annotate - [select for diffs], Thu May 22 11:27:20 2014 UTC (9 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.15 (colored) 

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.21.8.1 / (download) - annotate - [select for diffs], Mon Feb 25 00:24:52 2013 UTC (11 years, 1 month ago) by tls
Branch: tls-maxphys
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.15 (colored) 

resync with head

Revision 1.22 / (download) - annotate - [select for diffs], Thu Feb 7 19:32:19 2013 UTC (11 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, netbsd-7-base, khorben-n900, agc-symver-base, agc-symver
Branch point for: netbsd-7
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored) to selected 1.15 (colored) 

PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.

Revision 1.21 / (download) - annotate - [select for diffs], Mon Jul 25 03:04:23 2011 UTC (12 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus
Branch point for: yamt-pagecache, tls-maxphys, netbsd-6-1, netbsd-6-0, netbsd-6
Changes since 1.20: +11 -1 lines
Diff to previous 1.20 (colored) to selected 1.15 (colored) 

generate ecdsa key

Revision 1.20 / (download) - annotate - [select for diffs], Fri Aug 13 18:08:03 2004 UTC (19 years, 8 months ago) by mycroft
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, mjf-devfs2-base2, mjf-devfs2-base, mjf-devfs2, mjf-devfs-base, mjf-devfs, matt-premerge-20091211, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-premerge-20101231, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, keiichi-mipv6-base, keiichi-mipv6, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, abandoned-netbsd-4-base, abandoned-netbsd-4
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) to selected 1.15 (colored) 

Add an _rc_subr_loaded variable, set to ":" by rc.subr.  Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

Revision 1.19 / (download) - annotate - [select for diffs], Wed Feb 18 17:36:34 2004 UTC (20 years, 2 months ago) by jonb
Branch: MAIN
CVS Tags: netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2
Changes since 1.18: +6 -4 lines
Diff to previous 1.18 (colored) to selected 1.15 (colored) 

Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.

Revision 1.18 / (download) - annotate - [select for diffs], Mon Apr 29 08:23:34 2002 UTC (21 years, 11 months ago) by lukem
Branch: MAIN
CVS Tags: netbsd-1-6-base, netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1, netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002, netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001, netbsd-1-6, fvdl_fs64_base
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored) to selected 1.15 (colored) 

Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.

Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 29 05:55:06 2002 UTC (21 years, 11 months ago) by lukem
Branch: MAIN
Changes since 1.16: +14 -18 lines
Diff to previous 1.16 (colored) to selected 1.15 (colored) 

deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).

Revision 1.16 / (download) - annotate - [select for diffs], Fri Apr 19 23:13:44 2002 UTC (22 years ago) by enami
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) 

Don't assume that $0 is this script.

Revision 1.15 / (download) - annotate - [selected], Fri Apr 19 23:12:26 2002 UTC (22 years ago) by enami
Branch: MAIN
Changes since 1.14: +16 -9 lines
Diff to previous 1.14 (colored) 

Wrap long lines.

Revision 1.14 / (download) - annotate - [select for diffs], Wed Mar 27 09:15:54 2002 UTC (22 years ago) by lukem
Branch: MAIN
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored) to selected 1.15 (colored) 

Set command_args to '-f ${sshd_conf_dir}/${name}.conf'.
This occurs before the first load_rc_config() so that it may be
overridden by the user, and appears in single quotes so the
variables don't get evaluated until the eval in run_rc_command().
Problem noted by Patrick Welche <prlw1@cam.ac.uk> in [bin/15912].

Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 24 12:50:09 2002 UTC (22 years, 1 month ago) by lukem
Branch: MAIN
Changes since 1.12: +15 -14 lines
Diff to previous 1.12 (colored) to selected 1.15 (colored) 

Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.

Revision 1.12 / (download) - annotate - [select for diffs], Wed Apr 25 23:27:37 2001 UTC (22 years, 11 months ago) by lukem
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored) to selected 1.15 (colored) 

be consistent with other scripts when temporarily setting umask to 022

Revision 1.11 / (download) - annotate - [select for diffs], Wed Apr 25 23:18:50 2001 UTC (22 years, 11 months ago) by lukem
Branch: MAIN
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored) to selected 1.15 (colored) 

set the umask to 022 (remembering the previous setting) for ssh_keygen()

Revision 1.5.2.6 / (download) - annotate - [select for diffs], Fri Mar 30 22:37:49 2001 UTC (23 years ago) by he
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-PATCH003, netbsd-1-5-PATCH002, netbsd-1-5-PATCH001
Changes since 1.5.2.5: +3 -2 lines
Diff to previous 1.5.2.5 (colored) next main 1.6 (colored) to selected 1.15 (colored) 

Pull up revision 1.10 (requested by itojun):
  Auto-generate SSH protocol version 2 RSA key.
  Use newer command syntax (``-t <type>'' instead of ``-d'').
(fix to previous)

Revision 1.5.2.5 / (download) - annotate - [select for diffs], Fri Mar 30 22:36:34 2001 UTC (23 years ago) by he
Branch: netbsd-1-5
Changes since 1.5.2.4: +13 -5 lines
Diff to previous 1.5.2.4 (colored) to selected 1.15 (colored) 

Pull up revision 1.9 (requested by itojun):
  Auto-generate SSH protocol version 2 RSA key.
  Use newer command syntax (``-t <type>'' instead of ``-d'').

Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 26 22:32:39 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (colored) to selected 1.15 (colored) 

check existence of /etc/ssh_host_rsa_key too

Revision 1.9 / (download) - annotate - [select for diffs], Mon Mar 26 22:21:26 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.8: +13 -5 lines
Diff to previous 1.8 (colored) to selected 1.15 (colored) 

auto-generate SSH protocol version 2 RSA key.
use newer command line syntax for ssh-keygen (-t <type>, instead of -d)

Revision 1.5.2.4 / (download) - annotate - [select for diffs], Mon Oct 2 01:10:34 2000 UTC (23 years, 6 months ago) by lukem
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-5-BETA2, netbsd-1-5-BETA
Changes since 1.5.2.3: +1 -1 lines
Diff to previous 1.5.2.3 (colored) to selected 1.15 (colored) 

pull up rev 1.8 (approved by thorpej):
	- always use $rcvar to determine the name of the var to checkyesno
	- fix force*

Revision 1.5.2.3 / (download) - annotate - [select for diffs], Fri Sep 29 05:45:54 2000 UTC (23 years, 6 months ago) by thorpej
Branch: netbsd-1-5
Changes since 1.5.2.2: +16 -16 lines
Diff to previous 1.5.2.2 (colored) to selected 1.15 (colored) 

Sync this with rev 1.8.

Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 19 13:04:39 2000 UTC (23 years, 7 months ago) by lukem
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored) to selected 1.15 (colored) 

- only perform the checkyesno on the variable named in $rcvar (rather than
  implicitly using $name if $rcvar isn't set), and always perform this check,
  even when using start_cmd (et al).
  this check is performed before the pidcmd
  is run, speeding up scripts that weren't going to be run anyway.
  this should speed up booting slow systems.

- take advantage of the above and remove
	start_precmd="checkyesno foo"
  in scripts that use start_cmd.

- explicitly set rcvar=foo in the rc.d/foo scripts which have an equivalent
  rc.conf entry

- fix `rcvar' and `restart' when $rcvar isn't set.
  these above changes fix PR [bin/11027].

- when doing `force*', ignore the return value of *_precmd.
  this fixes PR [bin/10781].

- rename what sysdb provides from `databases' to `sysdb', to reflect
  the name of the script.

- improve the comments in rc.subr

Revision 1.7 / (download) - annotate - [select for diffs], Thu Aug 10 22:49:43 2000 UTC (23 years, 8 months ago) by lukem
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored) to selected 1.15 (colored) 

- sshd has a pid file, so take advantage of it
- support `reload' arg (using default of SIGHUP)

Revision 1.6 / (download) - annotate - [select for diffs], Thu Aug 10 01:41:09 2000 UTC (23 years, 8 months ago) by lukem
Branch: MAIN
Changes since 1.5: +12 -13 lines
Diff to previous 1.5 (colored) to selected 1.15 (colored) 

- provide sshd not ssh
- don't start until after LOGIN (after NETWORK is way too early)
- KNF (as such :)

Revision 1.5.2.2 / (download) - annotate - [select for diffs], Wed Aug 9 19:09:46 2000 UTC (23 years, 8 months ago) by lukem
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-ALPHA2
Changes since 1.5.2.1: +48 -0 lines
Diff to previous 1.5.2.1 (colored) to selected 1.15 (colored) 

pull up the following
approved by: thorpej

	etc/rc.d/DAEMON		1.3
	etc/rc.d/LOGIN		1.3
	etc/rc.d/NETWORK	1.1
	etc/rc.d/SERVERS	1.2
	etc/rc.d/cron		1.4
	etc/rc.d/dhclient	1.6
	etc/rc.d/dmesg		1.4
	etc/rc.d/inetd		1.5
	etc/rc.d/lkm1		1.3
	etc/rc.d/lkm2		1.3
	etc/rc.d/lkm3		1.4
	etc/rc.d/motd		1.3
	etc/rc.d/mountcritlocal		1.3-1.4
	etc/rc.d/mountcritremote	1.3
	etc/rc.d/mountd		1.7
	etc/rc.d/network	1.12 1.14
	etc/rc.d/ntpdate	1.4
	etc/rc.d/ppp		1.3-1.4
	etc/rc.d/pwcheck	1.3
	etc/rc.d/rpcbind	1.4
	etc/rc.d/sshd		1.3-1.5
	etc/rc.d/swap1		1.5
	etc/rc.d/swap2		1.4
	etc/rc.d/sysdb		1.3-1.4
	etc/rc.d/syslogd	1.5-1.6
	etc/rc.d/systemfs	REMOVE
	etc/rc.d/virecover	1.3
	etc/rc.d/wscons		1.4
	etc/rc.d/xdm		1.5

summary:

* reword descriptions
* add '# KEYWORD: shutdown' to some of these scripts so that only they get run
  at shutdown time.  now, only scripts with the keyword `shutdown' will be
  run by /etc/rc.shutdown, which speeds up shutdown and makes it more robust
* add new dummy dependancy `NETWORK' to be REQUIREd by services which need
  networking to be operational before starting, and use as appropriate.
  NETWORK depends upon network and dhclient.
* move the guts of systemfs into mountcritlocal
* replace the dependancy on systemfs with mountcritremote, and remove the
  former.
* SERVERS now also depends upon ppp
* move recreating /var/run/utmp from mountcritlocal (where /var/run is
  purged but /usr/bin/install is not available) to sysdb.
  problem noted by Matthias Drochner.
* share the same load_rc_config between the lkm* scripts
* network: Don't warn that $hostname isn't set if the hostname is already set.
* network: reenable stop_cmd now that network doesn't get run at shutdown
* add sshd startup script
* use "load_rc_config swap" for swap1 and swap2
* syslog requires databases from sysdb which creates /var/run/utmp.

Should fix PRs:
    [install/9853] [bin/10002] [misc/10349] [port-i386/10633] [misc/10641]

Revision 1.5.2.1, Tue Aug 1 14:28:32 2000 UTC (23 years, 8 months ago) by lukem
Branch: netbsd-1-5
Changes since 1.5: +0 -48 lines
FILE REMOVED 

file sshd was added on branch netbsd-1-5 on 2000-08-09 19:09:46 +0000

Revision 1.5 / (download) - annotate - [select for diffs], Tue Aug 1 14:28:32 2000 UTC (23 years, 8 months ago) by jwise
Branch: MAIN
Branch point for: netbsd-1-5
Changes since 1.4: +4 -2 lines
Diff to previous 1.4 (colored) to selected 1.15 (colored) 

Change name of precmd from start_precmd to sshd_precmd.  While it worked
fine as was, the result was the line `start_precmd=start_precmd' which
looked odd.  Pointed out by Bernd Ernesti.

While here, add NetBSD RCS Id.

BTW, to clarify, as people have asked:  this script does not support
pkgsrc/security/sshd -- that package comes with a perfectly fine rc script
which in addition to supporting /etc/rc.d can also be used with 1.4.X.

This script will not trivially work with the ssh package as it a.) calls
the ssh commands at the pathnames they will be installed at by usr.bin/ssh,
and b.) generates a DSA key as well as an RSA key.

Revision 1.4 / (download) - annotate - [select for diffs], Mon Jul 31 21:43:52 2000 UTC (23 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored) to selected 1.15 (colored) 

Correct apparent past-o: RSA -> DSA

Revision 1.3 / (download) - annotate - [select for diffs], Mon Jul 31 20:39:41 2000 UTC (23 years, 8 months ago) by jwise
Branch: MAIN
Changes since 1.2: +38 -9 lines
Diff to previous 1.2 (colored) to selected 1.15 (colored) 

An sshd startup script for use with usr.bin/sshd.  Installation is conditional
on ${SSHDIST}, as with usr.bin/ssh itself.

This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.

Revision 1.2, Mon Mar 13 04:04:07 2000 UTC (24 years, 1 month ago) by lukem
Branch: MAIN
Changes since 1.1: +1 -1 lines
FILE REMOVED 

* replace daemon, login, servers with DAEMON, LOGIN, SERVERS
* remove sshd (it was from my private system)

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Fri Mar 10 11:53:24 2000 UTC (24 years, 1 month ago) by lukem
Branch: TNF
CVS Tags: rc-d-2000-03-10
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored) to selected 1.15 (colored) 

rc.d scripts derived from /etc/rc

Revision 1.1 / (download) - annotate - [select for diffs], Fri Mar 10 11:53:24 2000 UTC (24 years, 1 month ago) by lukem
Branch: MAIN
Diff to selected 1.15 (colored) 

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.


CVSweb <webmaster@jp.NetBSD.org>