diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2005-10-13 20:43:27 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2005-10-13 20:43:27 +0000 |
commit | 5b7eb87cad7372cbae9e790cada05f274ab68744 (patch) | |
tree | b4c151b0007cbdbeed377aa7a1ab66eeae76b372 /etc | |
parent | 74806ceecee77e0327f94432b61ecd7839502a81 (diff) | |
download | pfsense-5b7eb87cad7372cbae9e790cada05f274ab68744.zip pfsense-5b7eb87cad7372cbae9e790cada05f274ab68744.tar.gz |
Reworked sshd script, restarts sshd if we have one and allows running of
ssh on alternate port.
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/sshd | 32 |
1 files changed, 32 insertions, 0 deletions
@@ -77,6 +77,31 @@ $sshConfigDir = "/etc/ssh"; + if($config['system']['ssh']['port'] <> "") { + $sshport = $config['system']['ssh']['port']; + } else { + $sshport = 22; + } + + /* Include default configuration for pfSense */ + $sshconf = "# This file is automatically generated at startup\n"; + $sshconf .= "PermitRootLogin yes\n"; + $sshconf .= "Compression yes\n"; + $sshconf .= "ClientAliveInterval 30\n"; + $sshconf .= "UseDNS no\n"; + $sshconf .= "X11Forwarding no\n"; + $sshconf .= "# override default of no subsystems\n"; + $sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n"; + /* Only allow protocol 2, because we say so */ + $sshconf .= "Protocol 2\n"; + /* Run the server on another port if we have one defined */ + $sshconf .= "Port $sshport\n"; + + /* Write the new sshd config file */ + $fd = fopen("/etc/ssh/sshd_config", "w"); + fwrite($fd, $sshconf); + pclose($fd); + /* mop up from a badly implemented ssh keys -> cf backup */ if($config['ssh']['dsa_key'] <> "") { unset($config['ssh']['dsa_key']); @@ -108,6 +133,13 @@ echo "Starting SSH... "; } + /* kill existing sshd process, server only, not the childs */ + $sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'"); + if($sshd_pid <> "") { + echo "stopping ssh process $sshd_pid \n"; + mwexec("kill $sshd_pid"); + } + /* Launch new server process */ $status = mwexec("/usr/sbin/sshd"); if($status <> 0) { file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", ""); |