Reworked sshd script, restarts sshd if we have one and allows running of

ssh on alternate port.

1 files changed, 32 insertions, 0 deletions

diff --git a/etc/sshd b/etc/sshd
index 96c4a56..d455f67 100755
--- a/etc/sshd
+++ b/etc/sshd
@@ -77,6 +77,31 @@
 
 	$sshConfigDir = "/etc/ssh";
 
+	if($config['system']['ssh']['port'] <> "") {
+		$sshport = $config['system']['ssh']['port'];
+	} else {
+		$sshport = 22;
+	}
+
+	/* Include default configuration for pfSense */
+	$sshconf = "# This file is automatically generated at startup\n";
+	$sshconf .= "PermitRootLogin yes\n";
+	$sshconf .= "Compression yes\n";
+	$sshconf .= "ClientAliveInterval 30\n";
+	$sshconf .= "UseDNS no\n";
+	$sshconf .= "X11Forwarding no\n";
+	$sshconf .= "# override default of no subsystems\n";
+	$sshconf .= "Subsystem       sftp    /usr/libexec/sftp-server\n";
+	/* Only allow protocol 2, because we say so */
+	$sshconf .= "Protocol 2\n";
+	/* Run the server on another port if we have one defined */
+	$sshconf .= "Port $sshport\n";
+
+	/* Write the new sshd config file */
+	$fd = fopen("/etc/ssh/sshd_config", "w");
+	fwrite($fd, $sshconf);
+	pclose($fd);
+
 	/* mop up from a badly implemented ssh keys -> cf backup */
 	if($config['ssh']['dsa_key'] <> "") {
 		unset($config['ssh']['dsa_key']);
@@ -108,6 +133,13 @@
 		echo "Starting SSH... ";
 	}
 
+	/* kill existing sshd process, server only, not the childs */
+	$sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
+	if($sshd_pid <> "") {
+		echo "stopping ssh process $sshd_pid \n";
+		mwexec("kill $sshd_pid");
+	}
+	/* Launch new server process */
 	$status = mwexec("/usr/sbin/sshd");
 	if($status <> 0) {
 		file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", "");