| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| |
| description "Start sshd to allow remote network login" |
| author "chromium-os-dev@chromium.org" |
| |
| # This must start after the iptables job so that when we enable |
| # port 22 below, the change won't be overwritten. |
| # |
| # By default, this job is only configured to start automatically in |
| # test images. |
| #for_test start on stopped iptables and stopped ip6tables |
| |
| respawn |
| expect fork |
| |
| pre-start script |
| SSH_DIR=/mnt/stateful_partition/etc/ssh |
| mkdir -p ${SSH_DIR} |
| |
| if ! sshd -t > /dev/null ; then |
| # sshd will not start with current config, generate a new set of keys. |
| for KEY_TYPE in rsa dsa ; do |
| KEY_FILE=${SSH_DIR}/ssh_host_${KEY_TYPE}_key |
| # If keys exist delete them because they are not valid and ssh-keygen |
| # will not overwrite them. |
| rm -f ${KEY_FILE} |
| rm -f ${KEY_FILE}.pub |
| ssh-keygen -q -f ${KEY_FILE} -N '' -t ${KEY_TYPE} |
| done |
| fi |
| |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT |
| ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT |
| end script |
| |
| exec /usr/sbin/sshd |