#!/bin/sh

# Create ssh keys
/usr/local/bin/ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

# Run sshd at startup
chown root:sys /etc/init.d/sshd
chmod 555 /etc/init.d/sshd
ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd

# Use only ssh protocol 2; version 1.33 and 1.5 of ssh protocol
# is not completely cryptographically safe (according to Nessus probe)
# Do not allow remote root logins via ssh
# Prevent /etc/motd from displaying twice when using ssh
# Allow X11 forwarding
sed -e 's/#Protocol 2,1/Protocol 2/' \
   -e 's/PermitRootLogin yes/#PermitRootLogin no/' \
   -e 's/#X11Forwarding no/X11Forwarding yes/' \
   -e 's/#PrintMotd yes/PrintMotd no/' \
   /usr/local/etc/sshd_config > /usr/local/etc/sshd_config_new
mv /usr/local/etc/sshd_config_new /usr/local/etc/sshd_config

# Create privilege separation user and environment
mkdir -m 755 /var/empty
chown root:sys /var/empty
groupadd sshd
useradd -g sshd -c "OpenSSH privilege separation user" -d /var/empty -s /bin/false sshd

# Remove this one-time installation file
rm $0