forked from open-quantum-safe/oqs-demos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
oqs-sshd
executable file
·113 lines (90 loc) · 3.5 KB
/
oqs-sshd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/sbin/openrc-run
description="OQS-OpenSSH server"
description_checkconfig="Verify configuration file"
description_reload="Reload configuration"
extra_commands="checkconfig"
extra_started_commands="reload"
OQS_INSTALL_DIR="/opt/oqs-ssh"
# NOTE: SSHD_* variables are deprecated and will be removed in future!
: ${sshd_disable_keygen:="${SSHD_DISABLE_KEYGEN:-"yes"}"}
: ${cfgfile:=${SSHD_CONFIG:-"${SSHD_CONFDIR:-${OQS_INSTALL_DIR}}/sshd_config"}}
pidfile="${SSHD_PIDFILE:-"/run/$RC_SVCNAME.pid"}"
command="${SSHD_BINARY:-"${OQS_INSTALL_DIR}/sbin/sshd"}"
command_args="${command_args:-${SSHD_OPTS:-}}"
required_files="$cfgfile"
depend() {
use logger dns
after entropy
if [ "${rc_need+set}" = "set" ] ; then
: # Do nothing, the user has explicitly set rc_need
else
local x warn_addr
for x in $(awk '/^ListenAddress/{ print $2 }' "$cfgfile" 2>/dev/null) ; do
case "$x" in
0.0.0.0|0.0.0.0:*) ;;
::|\[::\]*) ;;
*) warn_addr="$warn_addr $x" ;;
esac
done
if [ -n "$warn_addr" ] ; then
need net
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
ewarn "where FOO is the interface(s) providing the following address(es):"
ewarn "$warn_addr"
fi
fi
}
checkconfig() {
warn_deprecated_var SSHD_BINARY
warn_deprecated_var SSHD_CONFDIR
warn_deprecated_var SSHD_CONFIG cfgfile
warn_deprecated_var SSHD_DISABLE_KEYGEN sshd_disable_keygen
warn_deprecated_var SSHD_OPTS command_args
warn_deprecated_var SSHD_PIDFILE
if [ ! -d /var/empty ] ; then
mkdir -p /var/empty || return 1
fi
if ! yesno "$sshd_disable_keygen"; then
ssh-keygen -A || return 1
fi
[ "$pidfile" != "/run/oqs-sshd.pid" ] \
&& command_args="$command_args -o PidFile=$pidfile"
[ "$cfgfile" != "${OQS_INSTALL_DIR}/sshd_config" ] \
&& command_args="$command_args -f $cfgfile"
"$command" -t $command_args || return 1
}
start_pre() {
checkconfig
}
stop() {
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return 1
fi
ebegin "Stopping $RC_SVCNAME"
start-stop-daemon --stop --exec "$command" \
--pidfile "$pidfile" --quiet
eend $?
if [ "$RC_RUNLEVEL" = "shutdown" ]; then
_sshd_pids=$(pgrep "${command##*/}")
if [ -n "$_sshd_pids" ]; then
ebegin "Shutting down ssh connections"
kill -TERM $_sshd_pids >/dev/null 2>&1
eend 0
fi
fi
}
reload() {
checkconfig || return 1
ebegin "Reloading $RC_SVCNAME"
start-stop-daemon --signal HUP \
--exec "$command" --pidfile "$pidfile"
eend $?
}
warn_deprecated_var() {
local varname="$1"
local replacement="${2:-}"
eval "test -n \"\$$varname\"" || return 0
ewarn "Variable \$$varname is deprecated and will be removed in the future!"
[ "$replacement" ] && ewarn "Use \$$replacement instead of \$$varname." ||:
}