pfSense

Only run conf_mount_rw here if there isn't another process going.

Actually if /etc/sshd is already running, doing a conf_mount_ro() would be a bad thing, as the other process still expects rw.

Backing this out to see if it unbreaks NanoBSD upgrades with packages involved. Revert "Workaround for conf_mount_rw/ro during boot to only allow it to change at the start and end. Fixes #1279"

This reverts commit 548be1fd6697ab115cbb29d61bc5507744488094.

Workaround for conf_mount_rw/ro during boot to only allow it to change at the start and end. Fixes #1279

Make sure host private key permissions aren't too open so sshd won't complain.

Preseve attributes of files during copy.

Pass correct argument to killbyname and correctly check for sshdkeyonly toggle. Ticket #691

Fix ssh key existence test.

Do a more thorough check for missing sshd key files. Should fix #673

Silence

remove old function from 1_2, it just wipes out the authorized_keys file breaking SSH access with the way 2.0 handles SSH keys. writing out the keys is handled by the user manager now

Add shaper.inc

Unbreak sshd

Fix check for file.

Convert even ssh key gen to the new subsystem_dirty calls.

Use exec()

Doh, correct copy command

Add bit when restoring for diagnostics

Correct filename check

Require globals.inc and use correct directory name sshd, not ssh

Require globals.inc and use correct directory name sshd, not ssh

s/config/conf/

Add ssh key support for nanobsd to preserve the ssh data

Backup SSH keys for NanoBSD

Adding Ciphers Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc for the tin foil hat wearing folks.

• Ensure we are rw
• Remove seriously old dead code

Use product_name

Cleanup authentication code. The basic auth method, the passwd, htpasswd
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named...

Ticket #1697 - rm authorized key file if keys don't exist in config.xml
MFC: for 1.2.1

Call sync_webgui_passwords() instead of manual routine

Restore previous version.

Sync w/ HEAD

Remove extra PasswordAuthentication line.

Ticket #1374

SSH-Key(only) Login

MFC 15495
fix: root key files are not in /etc/ssh/root ...

MFC
pclose -> fclose

Allow JavaSSH package to work correctly.

ok: billm

Note in alert that changes to the webgui and such will not be processed until sshd has finished creating its keys. This may be a long process on 133 megahertz boxes.

File a alert when we start creating keys

file_notice() requires notices.inc

File a notice when we are done creating ssh keys

Reworked sshd script, restarts sshd if we have one and allows running of
ssh on alternate port.

• Done -> done (for bootup consistency)
• Error -> error

Silence read-only error

Exit when ssh is disabled

Do not allow sshd script to run multiple times concurrently.

Use mwexec

Do not hijack stderr

File an alert when SSHD didn't start correctly

Note when sshd startup failure

• Create a /etc/keys_generating file incase a reboot occurs we know to start over.
• Cleanup some starting text
• Add a blurb when we're generating keys to make startup text prettier

Create SSH keys with a nice of 20

return_filename_as_string -> file_get_contents

newline before running keygen

Correctly start SSHD

Use enablesshd tag

Enable SSHD on upgrade

Allow SSH service to be disabled / enabled.

Check for key existance before clearing out

Mount config rw before generating keys

Do not mount configuration ro after writing configuration with write_config() if we're booting

Make sure config is mounted rw

Do not perform mount operations

Use correct path. DOH!

Use correct path. DOH!

Do not check on config.xml items right now.

Do not stat a file if it doesn't exist

Make sure ak key is cleared

If any of the /etc/ssh/ files are corrupted then remove them so they will be forced to regenerate.

Make sure config.xml doesn't hold ssh keys for now

Disable ssh key saving for now.

Disable ssh key saving for now.

Operating on argv⁰ and [1]

exit after stop sync

Sync /root/.authorized_keys on boot

On shutdown call /etc/sshd and alert we're stopping so it can compare /root/.authorized_keys with the config.xml version

Use system("/usr/sbin/sshd"); for platform compatibility

Saving and restoring is fixed. Reenable.

Turn off SSH key saving and restoring until bugs are fixed.

Don't forget to write out ssh keys to config.xml

If keys exist and they are not stored in config.xml, remove the keys and regen and then store them in config.xml

use /etc/rc.d/sshd start

base64 encode the values when saving and restoring

• Store SSH keys in config.xml.
• Restore on bootup

Eliminate whitespace.

No need for duplicate starting ssh messages

Let user SSH in as admin instead of root only (requested for consistency)
Full path to sshd

Initial revision