Subject: misc/12473: permit /etc/rc.d/sshd to use alternative ssh config dir
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jbernard@mines.edu>
List: netbsd-bugs
Date: 03/25/2001 16:41:44
>Number: 12473
>Category: misc
>Synopsis: permit /etc/rc.d/sshd to use alternative ssh config dir
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Mar 25 15:44:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Jim Bernard
>Release: March 25, 2001
>Organization:
>Environment:
System: NetBSD zoo 1.5S NetBSD 1.5S (ZOO-$Revision: 1.62 $) #0: Thu Mar 15 19:51:01 MST 2001 jim@zoo:/home/tmp/compile/sys/arch/i386/compile/ZOO i386
Architecture: i386
Machine: i386
>Description:
It's nice to be able to put the myriad of ssh-related files into
a subdirectory of /etc so they don't pollute the top-level directory
so much. In PR 12198 I submitted patches to ssh's pathnames.h and
Makefile.inc to permit the mk.conf variable $SSH_CONF_DIR to specify
an alternative config directory (this is consistent with usage in
the pkgsrc versions of ssh as well). However, the startup script,
/etc/rc.d/sshd is explicitly written to assume that the config
and key files are all in /etc. The patch enclosed below permits
the variable $ssh_conf_dir to be specified in /etc/rc.conf to specify
an alternative directory.
>How-To-Repeat:
NA
>Fix:
This permits $ssh_conf_dir to be set in /etc/rc.conf to change
the locations where the required files are found and where the
key files will be deposited. There should perhaps also be a
default setting provided in /etc/defaults/rc.conf, together with
a comment that (a) /etc is the compiled-in default location used
by the programs, (b) changing that requires building userland
with the mk.conf variable $SSH_CONF_DIR set, and (c) the startup
variable $ssh_conf_dir must match the value of $SSH_CONF_DIR used
at build time. Of course, this is only useful if the patches in
PR12198 have also been committed.
--- sshd-dist Thu Dec 7 10:11:45 2000
+++ sshd Sun Mar 25 11:58:07 2001
@@ -10,39 +10,40 @@
name="sshd"
rcvar=$name
command="/usr/sbin/${name}"
pidfile="/var/run/${name}.pid"
-required_files="/etc/${name}.conf"
+load_rc_config $name
+: ${ssh_conf_dir:=/etc}
+required_files="${ssh_conf_dir}/${name}.conf"
extra_commands="keygen reload"
sshd_keygen()
{
- if [ -f /etc/ssh_host_key ]; then
- echo "You already have an RSA host key in /etc/ssh_host_key"
+ if [ -f ${ssh_conf_dir}/ssh_host_key ]; then
+ echo "You already have an RSA host key in ${ssh_conf_dir}/ssh_host_key"
echo "Skipping RSA Key Generation"
else
umask 022
- /usr/bin/ssh-keygen -b 1024 -f /etc/ssh_host_key -N ''
+ /usr/bin/ssh-keygen -b 1024 -f ${ssh_conf_dir}/ssh_host_key -N ''
fi
- if [ -f /etc/ssh_host_dsa_key ]; then
- echo "You already have a DSA host key in /etc/ssh_host_dsa_key"
+ if [ -f ${ssh_conf_dir}/ssh_host_dsa_key ]; then
+ echo "You already have a DSA host key in ${ssh_conf_dir}/ssh_host_dsa_key"
echo "Skipping DSA Key Generation"
else
umask 022
- /usr/bin/ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
+ /usr/bin/ssh-keygen -d -f ${ssh_conf_dir}/ssh_host_dsa_key -N ''
fi
}
sshd_precmd()
{
- if [ ! -f /etc/ssh_host_key -o ! -f /etc/ssh_host_dsa_key ]; then
+ if [ ! -f ${ssh_conf_dir}/ssh_host_key -o ! -f ${ssh_conf_dir}/ssh_host_dsa_key ]; then
/etc/rc.d/sshd keygen
fi
}
keygen_cmd=sshd_keygen
start_precmd=sshd_precmd
-load_rc_config $name
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted: