From bb16d1f1bf210d0ac6f92fa5601a60e3639cbfb9 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Fri, 31 Aug 2018 21:28:28 +0200
Subject: [PATCH] Add service files for OpenSSH server

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 .gitignore              |  2 ++
 configure.ac            |  2 ++
 docs/defconfig.md       |  4 ++++
 services/Makemodule.am  |  1 +
 services/sshd.in        |  5 +++++
 services/sshd_keygen.in | 14 ++++++++++++++
 6 files changed, 28 insertions(+)
 create mode 100644 services/sshd.in
 create mode 100644 services/sshd_keygen.in

diff --git a/.gitignore b/.gitignore
index 914f9ec..5c14884 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,6 +36,8 @@ services/hostapd
 services/swclock
 services/swclocksave
 services/nft
+services/sshd
+services/sshd_keygen
 
 scripts/devfs.sh
 scripts/ifrename.sh
diff --git a/configure.ac b/configure.ac
index d2125fb..99e4b2d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -73,6 +73,8 @@ AC_CONFIG_FILES([services/hostapd])
 AC_CONFIG_FILES([services/swclock])
 AC_CONFIG_FILES([services/swclocksave])
 AC_CONFIG_FILES([services/nft])
+AC_CONFIG_FILES([services/sshd])
+AC_CONFIG_FILES([services/sshd_keygen])
 AC_CONFIG_FILES([scripts/devfs.sh])
 AC_CONFIG_FILES([scripts/ifrename.sh])
 AC_CONFIG_FILES([scripts/ifcfg.sh])
diff --git a/docs/defconfig.md b/docs/defconfig.md
index af01375..10263ba 100644
--- a/docs/defconfig.md
+++ b/docs/defconfig.md
@@ -104,3 +104,7 @@ For the shutdown and reboot targets, the following services are executed:
    restores a somewhat usable time from a file during boot.
  * swclocksave - For systems that don't have a hardware clock, this service
    saves the current time to a file during shutdown or reboot.
+ * sshd_keygen - A wait type service that generates host keys for the OpenSSH
+   server and then disables itself.
+ * sshd - Starts an OpenSSH server after the network pseudo service and after
+   the sshd_keygen service.
diff --git a/services/Makemodule.am b/services/Makemodule.am
index 5b12ca4..0843787 100644
--- a/services/Makemodule.am
+++ b/services/Makemodule.am
@@ -8,6 +8,7 @@ init_DATA += services/dhcpcd services/dhcpcdmaster services/unbound
 init_DATA += services/dnsmasq services/ifdown services/modules
 init_DATA += services/network services/hostapd services/swclock
 init_DATA += services/swclocksave services/nft services/sigkill
+init_DATA += services/sshd services/sshd_keygen
 
 if USYSLOGD
 init_DATA += services/usyslogd
diff --git a/services/sshd.in b/services/sshd.in
new file mode 100644
index 0000000..a6292bc
--- /dev/null
+++ b/services/sshd.in
@@ -0,0 +1,5 @@
+description "OpenSSH server"
+type respawn limit 5
+target boot
+after network sshd_keygen
+exec "@SBINPATH@/sshd" -D
diff --git a/services/sshd_keygen.in b/services/sshd_keygen.in
new file mode 100644
index 0000000..6425e63
--- /dev/null
+++ b/services/sshd_keygen.in
@@ -0,0 +1,14 @@
+description "OpenSSH server - generate host keys"
+type wait
+target boot
+after network
+tty /dev/null
+exec {
+	mkdir -p "@ETCPATH@/ssh/"
+
+	ssh-keygen -f "@ETCPATH@/ssh/host_rsa_key" -N "" -t rsa
+	ssh-keygen -f "@ETCPATH@/ssh/host_ecdsa_key" -N "" -t ecdsa
+	ssh-keygen -f "@ETCPATH@/ssh/host_ed25519_key" -N "" -t ed25519
+
+	service disable sshd_keygen
+}