Broken script /usr/local/etc/rc.d/sshd in FreeBSD

wattie

wattie

Verified User
Joined
May 31, 2008
Messages
1,206
Location
Bulgaria
On FreeBSD 11.3 when I clicked on "Restart" on SSHD in DirectAdmin, I got the following error:

Code: 
/usr/local/etc/rc.d/sshd restart 2>&1

It then lists "Process is stopped" and can't be started via DirectAdmin. Console is lost so SSHD is dead.

Until now I always used /etc/rc.d/sshd which works, not /usr/local/etc/rc.d/sshd... I assume that the second script is added by DirectAdmin. And it is not working. Here is what happened when I did try to restart from the console itself:

Code: 
root@srv2:/usr/local/etc/rc.d # /usr/local/etc/rc.d/sshd restart
$Stopping sshd:

I lost console and SSHD was dead (process stopped). The /var/log/auth.log got the following entry inside:

Code: 
Aug 25 09:59:58 srv2 sshd[84285]: Exiting on signal 15

That's it. So it stops correctly, but it did not start.

Looking at the /usr/local/etc/rc.d/sshd script, it has the following code in "start()":

Code: 
start()
{
        # Create keys if necessary
        do_rsa1_keygen
        do_rsa_keygen
        do_dsa_keygen

        echo -n $"Starting $prog:"
        $SSHD $OPTIONS
        RETVAL=$?
        [ "$RETVAL" = 0 ] && touch $LOCK_FILE
        echo
}

Going up in the script, I see:

Code: 
SSHD=/usr/sbin/sshd

and the OPTIONS variable is NOT defined anywhere. I am not experienced in shell scripts at all but it looks like a clue for me. I guess you need to pass $1 to $OPTIONS. Or replace "$OPTIONS" simply with "start".

The sshd daemon itself is there:

Code: 
root@srv2:/var/log # ll /usr/sbin | grep sshd
-r-xr-xr-x  1 root  wheel     280560 Aug 17 22:11 sshd

The system script /etc/rc.d/sshd script which is working fine is doing everything differently:

Code: 
#!/bin/sh
#
# $FreeBSD: releng/11.3/etc/rc.d/sshd 303770 2016-08-05 15:32:35Z des $
#

# PROVIDE: sshd
# REQUIRE: LOGIN FILESYSTEMS
# KEYWORD: shutdown

. /etc/rc.subr

name="sshd"
desc="Secure Shell Daemon"
rcvar="sshd_enable"
command="/usr/sbin/${name}"
keygen_cmd="sshd_keygen"
start_precmd="sshd_precmd"
reload_precmd="sshd_configtest"
restart_precmd="sshd_configtest"
configtest_cmd="sshd_configtest"
pidfile="/var/run/${name}.pid"
extra_commands="configtest keygen reload"

: ${sshd_rsa1_enable:="no"}
: ${sshd_rsa_enable:="yes"}
: ${sshd_dsa_enable:="no"}
: ${sshd_ecdsa_enable:="yes"}
: ${sshd_ed25519_enable:="yes"}

sshd_keygen_alg()
{
        local alg=$1
        local ALG="$(echo $alg | tr a-z A-Z)"
        local keyfile

        if ! checkyesno "sshd_${alg}_enable" ; then
                return 0
        fi

        case $alg in
        rsa1)
                keyfile="/etc/ssh/ssh_host_key"
                ;;
        rsa|dsa|ecdsa|ed25519)
                keyfile="/etc/ssh/ssh_host_${alg}_key"
                ;;
        *)
                return 1
                ;;
        esac

        if [ ! -x /usr/bin/ssh-keygen ] ; then
                warn "/usr/bin/ssh-keygen does not exist."
                return 1
        fi

        if [ -f "${keyfile}" ] ; then
                info "$ALG host key exists."
        else
                echo "Generating $ALG host key."
                /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
                /usr/bin/ssh-keygen -l -f "$keyfile.pub"
        fi
}

sshd_keygen()
{
        sshd_keygen_alg rsa1
        sshd_keygen_alg rsa
        sshd_keygen_alg dsa
        sshd_keygen_alg ecdsa
        sshd_keygen_alg ed25519
}

sshd_configtest()
{
        echo "Performing sanity check on ${name} configuration."
        eval ${command} ${sshd_flags} -t
}

sshd_precmd()
{
        run_rc_command keygen
        run_rc_command configtest
}

load_rc_config $name
run_rc_command "$1"

My suggestion is to either switch to use the system script... or fix the broken one of course.
 
You must log in or register to reply here.
Back
Top