#!/bin/sh
#
# SSH Secure Shell 2 daemon startup for NetBSD 1.5 and newer
#
# Note:
#   This script is only designed to work with NetBSD 1.5 and newer.
#   It will not work with older versions of NetBSD or any other OS.
#
# Quick instructions:
#   Read steps 5 and 6 below.
#
# Instructions:
#   1. Check your etc directory specification. The daemon
#      configuration files and host key are located in this directory.
#      It is defined at the compile time. If it is different from the
#      default (which is "/etc/ssh2"), you need to adjust the "sshetcdir"
#      variable below.
#
#   2. Check that you have proper daemon configuration file
#      in $sshetcdir/sshd2_config
#
#   3. If you have installed SSH Secure Shell somewhere else than
#      in /usr/local (which is the default), adjust "sshbindir"
#      and "sshsbindir" variables below accordingly.
#
#   4. If you are running the daemon on non-standard port number
#      (something else than 22), adjust the "pidfile" variable
#      below accordingly.
#
#   5. Install this script as /etc/rc.d/ssh_secure_shell
#
#   6. For automatic startup, add the following line at the end
#      of /etc/rc.conf:
#        ssh_secure_shell=YES    ssh_secure_shell_flags=""
#      (remove the comment character # at the beginning of line)
#
#   7. Usually the host identification key is created at compile time.
#      If you do not have the key, it will be automatically created
#      when this script is started for the first time. You can
#      also manually do this with the following command:
#        /etc/rc.d/ssh_secure_shell keygen
#
# Author: Janne Snabb <snabb@iki.fi>
#

# PROVIDE: ssh_secure_shell
# REQUIRE: LOGIN

. /etc/rc.subr

# Adjust these if you are running on non-default configuration:

pidfile="/var/run/sshd2_22.pid"
sshetcdir="/etc/ssh2"
sshbindir="/usr/local/bin"
sshsbindir="/usr/local/sbin"

# These should be probably left alone:

name="ssh_secure_shell"
rcvar="$name"
command="$sshsbindir/sshd2"
required_files="$sshetcdir/sshd2_config"
extra_commands="keygen reload"

ssh_secure_shell_keygen()
{
	if [ -f $sshetcdir/hostkey ]; then
		echo "You already have an DSA host key in $sshetcdir/hostkey"
		echo "Skipping Key Generation"
	else
		umask 022
		$sshbindir/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" $sshetcdir/hostkey
	fi
}

ssh_secure_shell_precmd()
{
	if [ ! -f $sshetcdir/hostkey ]; then
		/etc/rc.d/ssh_secure_shell keygen
	fi
}

keygen_cmd=ssh_secure_shell_keygen
start_precmd=ssh_secure_shell_precmd

load_rc_config $name
run_rc_command "$1"
