On shutdown call /etc/sshd and alert we're stopping so it can compare /root/.authorized_keys with the config.xml version

2 files changed, 29 insertions, 11 deletions

diff --git a/etc/rc.shutdown b/etc/rc.shutdown
index 5059aa5..16cecbb 100755
--- a/etc/rc.shutdown
+++ b/etc/rc.shutdown
@@ -1,29 +1,33 @@
 #!/bin/sh
 
 echo
-echo
 echo "pfSense is now shutting down ..."
 echo
 
 stty status '^T'
 
 # Set shell to ignore SIGINT (2), but not children;
-# shell catches SIGQUIT (3) and returns to single user after fsck.
 trap : 2
-trap : 3        # shouldn't be needed
 
 HOME=/; export HOME
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 export PATH
 
-echo -n "Bringing interfaces down: ["
-for ci in `/sbin/ifconfig | grep "carp[0-999]" | cut -d":" -f1`; do
-    echo -n " "
-    echo -n $ci
-    /sbin/ifconfig $ci down
-    /sbin/ifconfig $ci destroy
-done
-echo " ]"
+CARPINTS=`/sbin/ifconfig | grep "carp[0-999]" | cut -d":" -f1`
+if [ $CARPINTS -gt 0 ]; then
+    echo -n "Bringing CARP interfaces down: ["
+    for ci in `/sbin/ifconfig | grep "carp[0-999]" | cut -d":" -f1`; do
+        echo -n " "
+        echo -n $ci
+        /sbin/ifconfig $ci down
+        /sbin/ifconfig $ci destroy
+    done
+    echo " ]"
+fi
 echo
 echo
 
+# Call sshd and alert we're shutting down so it can sync
+/etc/sshd stop
+echo
+echo
\ No newline at end of file
diff --git a/etc/sshd b/etc/sshd
index b8f9f29..c991ca4 100755
--- a/etc/sshd
+++ b/etc/sshd
@@ -32,6 +32,20 @@
 
 	$stderr = fopen("php://stderr", "w");
 
+	if($argv[0] == "stop") {
+		if(file_exists("/root/.authorized_keys")) {
+			$ak = return_filename_as_string("/root/.authorized_keys");
+			$ak = base64_encode($ak);
+			if($ak <> $config['ssh']['ak']) {
+				echo "Syncing /root/.authorized_keys...";
+				conf_mount_rw();
+				$config['ssh']['ak'] = $ak;
+				write_config("Syncing changed authorized_keys ssh file.");
+				conf_mount_ro();
+			}
+		}
+	}
+
 	if (!is_dir("/var/empty")) {
 		/* make ssh home directory */
 		mkdir("/var/empty", 0555);