Remove backwards compat.

Add some backwards compat. Adjust grammar.

/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:

(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
even the advantage of the Mersenne prime structure of P-521 can't
compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
more widespread.

/etc/rc.d/sshd: Stop generating DSA host keys by default.

If you want them you can generate them yourself, but in this day and
age (Monday and 2023, specifically) there's no reason to be using DSA
except for compatibility with ancient legacy software.

/etc/rc.d/sshd: New check cmd and reload precmd.

- check cmd: run `sshd -t' to check sshd_config file

- reload precmd: run check cmd before reloading so we don't nuke sshd
if there's an error in the sshd_config file

(It is still possible to effectively nuke sshd by changing the
configuration tosomething that won't work on your network, but at
least we avoid making sshd just exit on reload when you make a typo
in a config option.)

XXX pullup-9
XXX pullup-10

branches: 1.32.2;
PR 56835: fix sshd startup script to only whine about bogus keys it
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).

Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.

If key generation happens with not enough entropy in the system, add
a warning to motd pointing at entropy(7) and give instructions how to
re-generate the (weak) keys after fixing up entropy.

Add a "keyregen" command, which forces regeneration of all host keys
to simplify the replacement of weak keys.

simplify more (from rudolf)

branches: 1.29.2; 1.29.4;
Revert previous: Don't generate XMSS host keys for sshd by default.

XMSS is a stateful post-quantum signature scheme.

- Post-quantum security for _online_ authentication is not important
until quantum computers become practical; there's no danger of
retroactive forgery in sessions that have already completed.

- As a stateful signature schemes, XMSS is qualitatively different
from all the other ones sshd supports, requiring additional
administrative care: roll back the state (e.g., from a disk backup
or VM snapshot), and you've shot yourself in the foot.

If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.

Discussed with christos offline.

Silence ssh-keygen output when host keys are generated. Instead, print only
key fingerprints. This replaces dozens of lines out ASCII art output with
something more reasonable:

armv7# service sshd start
ssh-keygen: 1024 SHA256:ynP4BQ2B0Fknnf9PfF4QoUDlYi0+7rNfYXTOYP2cDic root@armv7 (DSA)
ssh-keygen: 521 SHA256:Eoj382aaJNlSxuq/aYj3AXgxfMJAkyVPoCQd2BNjJiA root@armv7 (ECDSA)
ssh-keygen: 256 SHA256:+e9/qTbbN/g6xvkadtHsmIQ+Pc0afZRxbXJsk2HKIzY root@armv7 (ED25519)
ssh-keygen: 2048 SHA256:urNaF/m6oiCe5hXFZBxGLW2PvLz0ibtRFrqYw6R+qTw root@armv7 (RSA)
ssh-keygen: 256 SHA256:Su2Nal2W3vrFz8ukpcSXngl1/bu6xUm1nSvbxTHe9Js root@armv7 (XMSS)
Starting sshd.

Simplify so we don't have to hard-code the key filenames in two places.

support xmss keys

branches: 1.25.2;

Do away with (not well specified, even if it happens to work) absurd
15 arg test ([ ]) expression, and replace it with several well defined
2 arg tests, combined with (also well defined) sh syntax.

With the new version of OpenSSH, SSHv1 is no longer supported server-side.
Along with that rsa1 type keys are no longer supported.
Don't try to generate such keys on new systems.

ok christos

branches: 1.23.8;
Add new keytype, replace duplicated code with loop

branches: 1.22.10;
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.

branches: 1.21.2; 1.21.4; 1.21.8; 1.21.10; 1.21.12;
generate ecdsa key

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.

Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.

deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).

Don't assume that $0 is this script.

Wrap long lines.

Set command_args to '-f ${sshd_conf_dir}/${name}.conf'.
This occurs before the first load_rc_config() so that it may be
overridden by the user, and appears in single quotes so the
variables don't get evaluated until the eval in run_rc_command().
Problem noted by Patrick Welche <prlw1@cam.ac.uk> in [bin/15912].

Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.

be consistent with other scripts when temporarily setting umask to 022

set the umask to 022 (remembering the previous setting) for ssh_keygen()

check existence of /etc/ssh_host_rsa_key too

auto-generate SSH protocol version 2 RSA key.
use newer command line syntax for ssh-keygen (-t <type>, instead of -d)

- only perform the checkyesno on the variable named in $rcvar (rather than
implicitly using $name if $rcvar isn't set), and always perform this check,
even when using start_cmd (et al).
this check is performed before the pidcmd
is run, speeding up scripts that weren't going to be run anyway.
this should speed up booting slow systems.

- take advantage of the above and remove
start_precmd="checkyesno foo"
in scripts that use start_cmd.

- explicitly set rcvar=foo in the rc.d/foo scripts which have an equivalent
rc.conf entry

- fix `rcvar' and `restart' when $rcvar isn't set.
these above changes fix PR [bin/11027].

- when doing `force*', ignore the return value of *_precmd.
this fixes PR [bin/10781].

- rename what sysdb provides from `databases' to `sysdb', to reflect
the name of the script.

- improve the comments in rc.subr

- sshd has a pid file, so take advantage of it
- support `reload' arg (using default of SIGHUP)

- provide sshd not ssh
- don't start until after LOGIN (after NETWORK is way too early)
- KNF (as such :)

branches: 1.5.2;
Change name of precmd from start_precmd to sshd_precmd. While it worked
fine as was, the result was the line `start_precmd=start_precmd' which
looked odd. Pointed out by Bernd Ernesti.

While here, add NetBSD RCS Id.

BTW, to clarify, as people have asked: this script does not support
pkgsrc/security/sshd -- that package comes with a perfectly fine rc script
which in addition to supporting /etc/rc.d can also be used with 1.4.X.

This script will not trivially work with the ssh package as it a.) calls
the ssh commands at the pathnames they will be installed at by usr.bin/ssh,
and b.) generates a DSA key as well as an RSA key.

Correct apparent past-o: RSA -> DSA

An sshd startup script for use with usr.bin/sshd. Installation is conditional
on ${SSHDIST}, as with usr.bin/ssh itself.

This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.

* replace daemon, login, servers with DAEMON, LOGIN, SERVERS
* remove sshd (it was from my private system)

branches: 1.1.1;
Initial revision