#------------------------------------------------------------------------------
# /etc/rc.d/rc460.sshd - start sshd                                __FLI4LVER__
# was file /etc/rc.d/rc750.sshd
#
# Creation:     07.12.2000 fm
# Last Update:  $Id$
#------------------------------------------------------------------------------

case $OPT_SSHD in
yes)
    begin_script SSHD "starting sshd daemon..."

    cat <<-EOF>>/etc/services
ssh             22/tcp
ssh             22/udp
telnet          23/tcp
EOF

    : ${SSHD_PORT:=22}
    : ${SSHD_ALLOWPASSWORDLOGIN:=yes}

    sshd_filename="`echo /usr/sbin/dropbearmulti_server*`"

    # make links for multicall binary
    ln -s $sshd_filename /usr/sbin/dropbear
    case $sshd_filename in
        *scp*)  ln -s $sshd_filename /usr/bin/scp ;;
    esac
    case $sshd_filename in
        *convert*)  ln -s $sshd_filename /usr/bin/dropbearconvert ;;
    esac
    case $sshd_filename in
        *client*)
            ln -s $sshd_filename /usr/bin/ssh
            ln -s $sshd_filename /usr/bin/dbclient
        ;;
    esac

    mkdir /.ssh
    cd /.ssh

    [ 0"$SSHD_PUBLIC_KEYS_N" -eq 0 ] || for idx in `seq 1 $SSHD_PUBLIC_KEYS_N`
    do
        eval key='$SSHD_PUBLIC_KEY_'$idx
        echo $key >> authorized_keys
    done

    for pf in /etc/ssh/*
    do
        if grep -q -e "^-----BEGIN [D|R]SA PRIVATE KEY-----$" $pf
        then
            mk_writable $pf
            dropbearconvert openssh dropbear $pf $pf >/dev/null 2>/dev/null
        fi
    done

    if [ -e /etc/ssh/known_hosts ]
    then
        mv /etc/ssh/known_hosts /.ssh
    fi

    if [ -e /etc/plink/sshhostkeys ]
    then
        mv /etc/plink /.putty
        chmod 700 /.putty
    fi

    [ 0"$SSHD_PUBLIC_KEYFILES_N" -eq 0 ] || for idx in `seq 1 $SSHD_PUBLIC_KEYFILES_N`
    do
        eval kfn='$SSHD_PUBLIC_KEYFILE_'$idx
        grep "^ssh-[rd]s[as] " /etc/ssh/$kfn >/dev/null 2>/dev/null
        [ "$?" -eq 0 ] && cat /etc/ssh/$kfn >> authorized_keys
        grep "SSH2 PUBLIC KEY" /etc/ssh/$kfn >/dev/null 2>/dev/null
        if [ "$?" -eq 0 ]
        then
            grep "dsa-key" /etc/ssh/$kfn  >/dev/null 2>/dev/null
            [ "$?" -eq 0 ] && keytype=ssh-dss || keytype=ssh-rsa
            echo "$keytype `sed -e 's/^----.*$//g' -e 's/^Comment.*$//g' -e 's/^\n//g' -e 's/^[ ]*$//g' /etc/ssh/$kfn|tr -d '\012'`" >> authorized_keys
        fi
        rm -f /etc/ssh/$kfn
    done

    [ -f /.ssh/authorized_keys ] && chmod 400 /.ssh/authorized_keys
    chmod 400 /etc/ssh/* 2>/dev/null

    NOPWDLOGIN=
    if [ "$SSHD_ALLOWPASSWORDLOGIN" = no ]
    then
        NOPWDLOGIN=-s
        log_info "sshd: only public key authentication allowed!"
    fi
    trap 1
    dropbear $NOPWDLOGIN -p $SSHD_PORT
    trap "" 1

    if [ -f /usr/bin/dropbearkey ]
    then
      mkdir -p /tmp/ssh
      {
        log_info "creating in the background new dropbear hostkeys in /tmp/ssh ..."
        dropbearkey -s 1024 -t rsa -f /tmp/ssh/dropbear_rsa_host_key
        dropbearkey -s 1024 -t dss -f /tmp/ssh/dropbear_dss_host_key
        chmod 400 /tmp/ssh/*
      } &
    fi

    cd /

    end_script
;;
esac