|
1
|
#! /usr/local/bin/php -f
|
|
2
|
<?php
|
|
3
|
/*
|
|
4
|
sshd - Modified to work on disk based system
|
|
5
|
Copyright 2004 Scott K Ullrich
|
|
6
|
|
|
7
|
Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
|
|
8
|
All rights reserved.
|
|
9
|
|
|
10
|
Redistribution and use in source and binary forms, with or without
|
|
11
|
modification, are permitted provided that the following conditions are met:
|
|
12
|
|
|
13
|
1. Redistributions of source code must retain the above copyright notice,
|
|
14
|
this list of conditions and the following disclaimer.
|
|
15
|
|
|
16
|
2. Redistributions in binary form must reproduce the above copyright
|
|
17
|
notice, this list of conditions and the following disclaimer in the
|
|
18
|
documentation and/or other materials provided with the distribution.
|
|
19
|
|
|
20
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
21
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
22
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
23
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
24
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
25
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
26
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
27
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
28
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
29
|
POSSIBILITY OF SUCH DAMAGE.
|
|
30
|
*/
|
|
31
|
require_once("config.inc");
|
|
32
|
|
|
33
|
$stderr = fopen("php://stderr", "w");
|
|
34
|
|
|
35
|
if(isset($config['system']['enablesshd'])) {
|
|
36
|
/* do nothing, we're enabled */
|
|
37
|
} else {
|
|
38
|
if($g['booting'])
|
|
39
|
echo "SSHD is disabled.";
|
|
40
|
}
|
|
41
|
|
|
42
|
function file_size($file) {
|
|
43
|
$size = filesize($file);
|
|
44
|
return $size;
|
|
45
|
}
|
|
46
|
|
|
47
|
/* if any of these files are 0 bytes then they are corrupted.
|
|
48
|
* remove them
|
|
49
|
*/
|
|
50
|
$files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.authorized_keys');
|
|
51
|
foreach($files_to_check as $f2c) {
|
|
52
|
if(file_exists("/etc/ssh/{$f2c}"))
|
|
53
|
if(file_size("/etc/ssh/{$f2c}")==0) {
|
|
54
|
mwexec("rm /etc/ssh/ssh_host*");
|
|
55
|
}
|
|
56
|
}
|
|
57
|
|
|
58
|
if (!is_dir("/var/empty")) {
|
|
59
|
/* make ssh home directory */
|
|
60
|
mkdir("/var/empty", 0555);
|
|
61
|
}
|
|
62
|
|
|
63
|
if(!file_exists("")) {
|
|
64
|
/* Login related files. */
|
|
65
|
touch("/var/log/lastlog");
|
|
66
|
}
|
|
67
|
|
|
68
|
/* Make the root passwords are the same as the web admin password. */
|
|
69
|
$fd = popen("/usr/sbin/pw usermod -n root -H 0", "w");
|
|
70
|
fwrite($fd, $config['system']['password']);
|
|
71
|
pclose($fd);
|
|
72
|
|
|
73
|
/* Make the admin passwords are the same as the web admin password. */
|
|
74
|
$fd = popen("/usr/sbin/pw usermod -n admin -H 0", "w");
|
|
75
|
fwrite($fd, $config['system']['password']);
|
|
76
|
pclose($fd);
|
|
77
|
|
|
78
|
$sshConfigDir = "/etc/ssh";
|
|
79
|
|
|
80
|
if($config['ssh']['dsa_key'] <> "") {
|
|
81
|
unset($config['ssh']['dsa_key']);
|
|
82
|
unset($config['ssh']['rsa_key']);
|
|
83
|
unset($config['ssh']['rsa1_key']);
|
|
84
|
unset($config['ssh']['dsa']);
|
|
85
|
unset($config['ssh']['rsa']);
|
|
86
|
unset($config['ssh']['rsa1']);
|
|
87
|
unset($config['ssh']['ak']);
|
|
88
|
write_config("Clearing SSH keys from config.xml");
|
|
89
|
}
|
|
90
|
|
|
91
|
//if (!file_exists("$sshConfigDir/ssh_host_key") and $config['ssh']['dsa'] == "") {
|
|
92
|
if (!file_exists("$sshConfigDir/ssh_host_key")) {
|
|
93
|
/* remove previous keys and regen later */
|
|
94
|
conf_mount_rw();
|
|
95
|
mwexec("rm /etc/ssh/ssh_host_*");
|
|
96
|
echo "\n";
|
|
97
|
system("/usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
|
|
98
|
system("/usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
|
|
99
|
system("/usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
|
|
100
|
|
|
101
|
}
|
|
102
|
|
|
103
|
system("/usr/sbin/sshd");
|
|
104
|
fwrite($stderr, "Done.\n");
|
|
105
|
exit;
|
|
106
|
|
|
107
|
/* exit early, this needs more testing. */
|
|
108
|
|
|
109
|
if (!file_exists("$sshConfigDir/ssh_host_key") and $config['ssh']['dsa'] == "") {
|
|
110
|
/* generate keys */
|
|
111
|
system("/usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
|
|
112
|
system("/usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
|
|
113
|
system("/usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
|
|
114
|
|
|
115
|
/* save keys */
|
|
116
|
$dsa = file_get_contents("{$sshConfigDir}/ssh_host_dsa_key");
|
|
117
|
$rsa = file_get_contents("{$sshConfigDir}/ssh_host_rsa_key");
|
|
118
|
$rsa1 = file_get_contents("{$sshConfigDir}/ssh_host_key");
|
|
119
|
$config['ssh']['dsa'] = base64_encode($dsa);
|
|
120
|
$config['ssh']['rsa'] = base64_encode($rsa);
|
|
121
|
$config['ssh']['rsa1']= base64_encode($rsa1);
|
|
122
|
|
|
123
|
/* save public keys */
|
|
124
|
$dsapub = file_get_contents("{$sshConfigDir}/ssh_host_dsa_key.pub");
|
|
125
|
$rsapub = file_get_contents("{$sshConfigDir}/ssh_host_rsa_key.pub");
|
|
126
|
$rsa1pub = file_get_contents("{$sshConfigDir}/ssh_host_key.pub");
|
|
127
|
$config['ssh']['dsa_key'] = base64_encode($dsapub);
|
|
128
|
$config['ssh']['rsa_key'] = base64_encode($rsapub);
|
|
129
|
$config['ssh']['rsa1_key']= base64_encode($rsa1pub);
|
|
130
|
write_config("Saved SSH keys.");
|
|
131
|
} else {
|
|
132
|
/* restore keys */
|
|
133
|
$rsa1 = base64_decode($config['ssh']['rsa1']);
|
|
134
|
$rsa = base64_decode($config['ssh']['rsa']);
|
|
135
|
$dsa = base64_decode($config['ssh']['dsa']);
|
|
136
|
file_put_contents("{$sshConfigDir}/ssh_host_key", $rsa1);
|
|
137
|
file_put_contents("{$sshConfigDir}/ssh_host_rsa_key", $rsa);
|
|
138
|
file_put_contents("{$sshConfigDir}/ssh_host_dsa_key", $dsa);
|
|
139
|
|
|
140
|
/* restore public keys */
|
|
141
|
$rsa1_pub = base64_decode($config['ssh']['rsa1_key']);
|
|
142
|
$rsa_pub = base64_decode($config['ssh']['rsa_key']);
|
|
143
|
$dsa_pub = base64_decode($config['ssh']['dsa_key']);
|
|
144
|
file_put_contents("{$sshConfigDir}/ssh_host_key.pub", $rsa1_pub);
|
|
145
|
file_put_contents("{$sshConfigDir}/ssh_host_rsa_key.pub", $rsa_pub);
|
|
146
|
file_put_contents("{$sshConfigDir}/ssh_host_dsa_key.pub", $dsa_pub);
|
|
147
|
|
|
148
|
/* change keys owner to root */
|
|
149
|
chown("{$sshConfigDir}/ssh_host_key", "root");
|
|
150
|
chown("{$sshConfigDir}/ssh_host_rsa_key", "root");
|
|
151
|
chown("{$sshConfigDir}/ssh_host_dsa_key", "root");
|
|
152
|
|
|
153
|
/* change public keys owner to root */
|
|
154
|
chown("{$sshConfigDir}/ssh_host_key.pub", "root");
|
|
155
|
chown("{$sshConfigDir}/ssh_host_rsa_key.pub", "root");
|
|
156
|
chown("{$sshConfigDir}/ssh_host_dsa_key.pub", "root");
|
|
157
|
|
|
158
|
/* change mode on keys to u+rw */
|
|
159
|
chmod("{$sshConfigDir}/ssh_host_key",0600);
|
|
160
|
chmod("{$sshConfigDir}/ssh_host_rsa_key",0600);
|
|
161
|
chmod("{$sshConfigDir}/ssh_host_dsa_key",0600);
|
|
162
|
|
|
163
|
/* change mode on public keys to u+rw */
|
|
164
|
chmod("{$sshConfigDir}/ssh_host_key.pub",0600);
|
|
165
|
chmod("{$sshConfigDir}/ssh_host_rsa_key.pub",0600);
|
|
166
|
chmod("{$sshConfigDir}/ssh_host_dsa_key.pub",0600);
|
|
167
|
}
|
|
168
|
|
|
169
|
if($config['ssh']['ak'] <> "") {
|
|
170
|
$ak = base64_decode($config['ssh']['ak']);
|
|
171
|
file_put_contents("/root/.authorized_keys", $ak);
|
|
172
|
chmod("/root/.authorized_keys",0600);
|
|
173
|
}
|
|
174
|
|
|
175
|
/* start sshd */
|
|
176
|
system("/usr/sbin/sshd");
|
|
177
|
fwrite($stderr, "Done.\n");
|
|
178
|
|
|
179
|
?>
|