diff options
author | Ermal <eri@pfsense.org> | 2013-12-27 21:51:06 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-12-27 21:51:06 +0000 |
commit | 5a89049022022e98f745ccb1eba51b7f438f6fe7 (patch) | |
tree | 70aa4319228e400e407095eafaf8090188d462d8 /etc/sshd | |
parent | 9be0ec8a0e477a8f70184cdf19593aafe303819e (diff) | |
download | pfsense-5a89049022022e98f745ccb1eba51b7f438f6fe7.zip pfsense-5a89049022022e98f745ccb1eba51b7f438f6fe7.tar.gz |
Modernize a bit the sshd sart file
Diffstat (limited to 'etc/sshd')
-rwxr-xr-x | etc/sshd | 47 |
1 files changed, 19 insertions, 28 deletions
@@ -34,20 +34,15 @@ require_once("functions.inc"); require_once("shaper.inc"); - if !(isset($config['system']['enablesshd'])) { + if (!isset($config['system']['enablesshd'])) { return; } /* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */ - if(!is_subsystem_dirty('sshdkeys')) { + if (!is_subsystem_dirty('sshdkeys')) { conf_mount_rw(); } - function file_size($file) { - $size = filesize($file); - return $size; - } - /* restore ssh data for nanobsd platform */ if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key")) { if(!file_exists("/etc/ssh/ssh_host_key.pub")) { @@ -60,6 +55,7 @@ if(file_exists("/etc/ssh/{$f2c}")) chmod("/etc/ssh/{$f2c}", 0600); } + unset($files_to_check); } } @@ -68,11 +64,10 @@ */ $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.ssh/authorized_keys'); foreach($files_to_check as $f2c) { - if(file_exists("/etc/ssh/{$f2c}")) - if(file_size("/etc/ssh/{$f2c}")==0) { - mwexec("rm /etc/ssh/ssh_host*", true); - } + if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) + mwexec("rm /etc/ssh/ssh_host*", true); } + unset($files_to_check); if (!is_dir("/var/empty")) { /* make ssh home directory */ @@ -81,16 +76,15 @@ if(!file_exists("/var/log/lastlog")) { /* Login related files. */ - touch("/var/log/lastlog"); + @touch("/var/log/lastlog"); } $sshConfigDir = "/etc/ssh"; - if($config['system']['ssh']['port'] <> "") { + if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) $sshport = $config['system']['ssh']['port']; - } else { + else $sshport = 22; - } /* Include default configuration for pfSense */ $sshconf = "# This file is automatically generated at startup\n"; @@ -100,7 +94,7 @@ $sshconf .= "ClientAliveInterval 30\n"; $sshconf .= "UseDNS no\n"; $sshconf .= "X11Forwarding no\n"; - if(isset($config['system']['ssh']['sshdkeyonly'])) { + if (isset($config['system']['ssh']['sshdkeyonly'])) { $sshconf .= "# Login via Key only\n"; $sshconf .= "PasswordAuthentication no\n"; $sshconf .= "ChallengeResponseAuthentication no\n"; @@ -119,8 +113,7 @@ $sshconf .= "Port $sshport\n"; /* Apply package SSHDCond settings if config file exists */ - if(file_exists("/etc/sshd_extra")) - { + if (file_exists("/etc/sshd_extra")) { $fdExtra = fopen("/etc/sshd_extra", 'r'); $szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file $sshconf .= $szExtra; @@ -128,9 +121,7 @@ } /* Write the new sshd config file */ - $fd = fopen("/etc/ssh/sshd_config", "w"); - fwrite($fd, $sshconf); - fclose($fd); + @file_put_contents("/etc/ssh/sshd_config", $sshconf); /* mop up from a badly implemented ssh keys -> cf backup */ if($config['ssh']['dsa_key'] <> "") { @@ -147,7 +138,7 @@ /* are we already running? if so exit */ if(is_subsystem_dirty('sshdkeys')) { - exit; + return; } // Check for all needed key files. If any are missing, the keys need to be regenerated. @@ -158,19 +149,19 @@ $generate_keys = true; } } + unset($files_to_check); if ($generate_keys) { /* remove previous keys and regen later */ file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", ""); mwexec("rm /etc/ssh/ssh_host_*", true); mark_subsystem_dirty('sshdkeys'); echo " Generating Keys:\n"; - system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key"); - system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key"); - system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key"); - system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key"); + $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key"); + $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key"); + $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key"); + $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key"); clear_subsystem_dirty('sshdkeys'); file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", ""); - echo "Starting SSH... "; } /* kill existing sshd process, server only, not the childs */ @@ -192,7 +183,7 @@ if($g['platform'] == "nanobsd") { if(!is_dir("/conf/sshd")) exec("mkdir /conf/sshd"); - exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); + $_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } conf_mount_ro(); |