summaryrefslogtreecommitdiffstats
path: root/etc/sshd
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-12-27 21:51:06 +0000
committerErmal <eri@pfsense.org>2013-12-27 21:51:06 +0000
commit5a89049022022e98f745ccb1eba51b7f438f6fe7 (patch)
tree70aa4319228e400e407095eafaf8090188d462d8 /etc/sshd
parent9be0ec8a0e477a8f70184cdf19593aafe303819e (diff)
downloadpfsense-5a89049022022e98f745ccb1eba51b7f438f6fe7.zip
pfsense-5a89049022022e98f745ccb1eba51b7f438f6fe7.tar.gz
Modernize a bit the sshd sart file
Diffstat (limited to 'etc/sshd')
-rwxr-xr-xetc/sshd47
1 files changed, 19 insertions, 28 deletions
diff --git a/etc/sshd b/etc/sshd
index b75a67f..08c46ad 100755
--- a/etc/sshd
+++ b/etc/sshd
@@ -34,20 +34,15 @@
require_once("functions.inc");
require_once("shaper.inc");
- if !(isset($config['system']['enablesshd'])) {
+ if (!isset($config['system']['enablesshd'])) {
return;
}
/* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */
- if(!is_subsystem_dirty('sshdkeys')) {
+ if (!is_subsystem_dirty('sshdkeys')) {
conf_mount_rw();
}
- function file_size($file) {
- $size = filesize($file);
- return $size;
- }
-
/* restore ssh data for nanobsd platform */
if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key")) {
if(!file_exists("/etc/ssh/ssh_host_key.pub")) {
@@ -60,6 +55,7 @@
if(file_exists("/etc/ssh/{$f2c}"))
chmod("/etc/ssh/{$f2c}", 0600);
}
+ unset($files_to_check);
}
}
@@ -68,11 +64,10 @@
*/
$files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.ssh/authorized_keys');
foreach($files_to_check as $f2c) {
- if(file_exists("/etc/ssh/{$f2c}"))
- if(file_size("/etc/ssh/{$f2c}")==0) {
- mwexec("rm /etc/ssh/ssh_host*", true);
- }
+ if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0)
+ mwexec("rm /etc/ssh/ssh_host*", true);
}
+ unset($files_to_check);
if (!is_dir("/var/empty")) {
/* make ssh home directory */
@@ -81,16 +76,15 @@
if(!file_exists("/var/log/lastlog")) {
/* Login related files. */
- touch("/var/log/lastlog");
+ @touch("/var/log/lastlog");
}
$sshConfigDir = "/etc/ssh";
- if($config['system']['ssh']['port'] <> "") {
+ if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
$sshport = $config['system']['ssh']['port'];
- } else {
+ else
$sshport = 22;
- }
/* Include default configuration for pfSense */
$sshconf = "# This file is automatically generated at startup\n";
@@ -100,7 +94,7 @@
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
- if(isset($config['system']['ssh']['sshdkeyonly'])) {
+ if (isset($config['system']['ssh']['sshdkeyonly'])) {
$sshconf .= "# Login via Key only\n";
$sshconf .= "PasswordAuthentication no\n";
$sshconf .= "ChallengeResponseAuthentication no\n";
@@ -119,8 +113,7 @@
$sshconf .= "Port $sshport\n";
/* Apply package SSHDCond settings if config file exists */
- if(file_exists("/etc/sshd_extra"))
- {
+ if (file_exists("/etc/sshd_extra")) {
$fdExtra = fopen("/etc/sshd_extra", 'r');
$szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file
$sshconf .= $szExtra;
@@ -128,9 +121,7 @@
}
/* Write the new sshd config file */
- $fd = fopen("/etc/ssh/sshd_config", "w");
- fwrite($fd, $sshconf);
- fclose($fd);
+ @file_put_contents("/etc/ssh/sshd_config", $sshconf);
/* mop up from a badly implemented ssh keys -> cf backup */
if($config['ssh']['dsa_key'] <> "") {
@@ -147,7 +138,7 @@
/* are we already running? if so exit */
if(is_subsystem_dirty('sshdkeys')) {
- exit;
+ return;
}
// Check for all needed key files. If any are missing, the keys need to be regenerated.
@@ -158,19 +149,19 @@
$generate_keys = true;
}
}
+ unset($files_to_check);
if ($generate_keys) {
/* remove previous keys and regen later */
file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", "");
mwexec("rm /etc/ssh/ssh_host_*", true);
mark_subsystem_dirty('sshdkeys');
echo " Generating Keys:\n";
- system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
- system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
- system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
- system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
+ $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
+ $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
+ $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
+ $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
clear_subsystem_dirty('sshdkeys');
file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", "");
- echo "Starting SSH... ";
}
/* kill existing sshd process, server only, not the childs */
@@ -192,7 +183,7 @@
if($g['platform'] == "nanobsd") {
if(!is_dir("/conf/sshd"))
exec("mkdir /conf/sshd");
- exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
+ $_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
}
conf_mount_ro();
OpenPOWER on IntegriCloud