--- old/usr/src/cmd/ssh/etc/ssh.xml	Thu Sep  6 12:25:55 2012
+++ new/usr/src/cmd/ssh/etc/ssh.xml	Thu Sep  6 12:25:54 2012
@@ -21,6 +21,7 @@
 	CDDL HEADER END
 
 	Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+	Copyright 2012 Darren Reed.  All rights reserved.
 	Use is subject to license terms.
 
 	NOTE:  This service manifest is not editable; its contents will
@@ -38,8 +39,6 @@
 
 	<create_default_instance enabled='false' />
 
-	<single_instance />
-
 	<dependency name='fs-local'
 		grouping='require_all'
 		restart_on='none'
@@ -121,7 +120,7 @@
 	<exec_method
 		type='method'
 		name='refresh'
-		exec='/lib/svc/method/sshd restart'
+		exec=':kill -HUP'
 		timeout_seconds='60' />
 
 	<property_group name='startd'
@@ -151,6 +150,13 @@
 			value='solaris.smf.value.firewall.config' />
 	</property_group>
 
+	<property_group name='config' type='application'>
+		<propval name='options'
+			type='astring' value='' />
+		<propval name='config_file'
+			type='astring' value='' />
+        </property_group>
+
 	<stability value='Unstable' />
 
 	<template>
--- old/usr/src/cmd/ssh/etc/sshd	Thu Sep  6 12:25:55 2012
+++ new/usr/src/cmd/ssh/etc/sshd	Thu Sep  6 12:25:55 2012
@@ -1,6 +1,7 @@
 #!/sbin/sh
 #
 # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2012 Darren Reed. All rights reserved.
 # Use is subject to license terms.
 #
 
@@ -7,9 +8,55 @@
 . /lib/svc/share/ipf_include.sh
 . /lib/svc/share/smf_include.sh
 
-SSHDIR=/etc/ssh
+if [ -n "$SMF_FMRI" ] ; then
+	instance=`expr "${SMF_FMRI}" : '.*:\([^:/]*\)'`
+	_config=`svcprop -c -p config/config_file ${SMF_FMRI} 2>/dev/null`
+	_options=`svcprop -c -p config/options "${SMF_FMRI}" 2>/dev/null`
+else
+	instance=default
+	_config=""
+	_options=""
+fi
+method="$1"
+
 KEYGEN="/usr/bin/ssh-keygen -q"
-PIDFILE=/var/run/sshd.pid
+#
+# svcprop returns "" to represent an empty string which is incompatible
+# with how shells scripts usually test for an empty string (with -n/-z).
+#
+if [ "$_options" = \"\" ] ; then
+	options=""
+else
+	options=$_options
+fi
+if [ "$_config" = \"\" ] ; then
+	config=""
+else
+	config=$_config
+fi
+if [ -n "$config" ] ; then
+	#
+	# The returned string will typically be a URI that starts with
+	# "file://localhost/", meaning that it is not immediately suitable
+	# for use as a path so remove the URI header section of the string.
+	#
+	sshdconfig=`expr "$config" : '[^/]*/[^/]*/[^/]*\(.*\)'`
+	options="-f $sshdconfig $options"
+else
+	sshdconfig=/etc/ssh/sshd_config
+fi
+SSHDIR=`dirname "$sshdconfig"`
+PIDFILE=`awk '/^PidFile/ { print $2; } ' $sshdconfig 2>/dev/null`
+if [ -z "$PIDFILE" ] ; then
+	if [ "$instance" != "default" ] ; then
+		PIDFILE=/var/run/sshd-${instance}.pid
+		PIDOPTION="PidFile $PIDFILE"
+	else
+		PIDFILE=/var/run/sshd.pid
+	fi
+else
+	PIDOPTION="PidFile $PIDFILE"
+fi
 
 # Checks to see if RSA, and DSA host keys are available
 # if any of these keys are not present, the respective keys are created.
@@ -32,7 +79,7 @@
 		# space and one literal tab.
 		#
 		grep -i "^[ 	]*HostKey[ 	]*=\{0,1\}[ 	]*$keypath" \
-		    $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
+		    "$sshdconfig" | grep "$keypath" > /dev/null 2>&1
 
 		if [ $? -eq 0 ]; then
 			echo Creating new $keytype public/private host key pair
@@ -54,7 +101,7 @@
 	#
 	# Get port from /etc/ssh/sshd_config
 	#
-	tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
+	tports=`grep "^Port" $sshdconfig 2>/dev/null | \
 	    awk '{print $2}'`
 
 	echo "# $FMRI" >$ipf_file
@@ -63,6 +110,14 @@
 	done
 }
 
+check_keys()
+{
+	for keyfile in `awk '/^HostKey/ { print $2; } ' "$sshdconfig"`; do
+		type=`expr "$keyfile" : '.*_\([rd]sa\)_.*'`
+		create_key "$keyfile" "$type"
+	done
+}
+
 # This script is being used for two purposes: as part of an SMF
 # start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
 # application.
@@ -70,11 +125,10 @@
 # Both, the SMF methods and sysidconfig/sys-unconfig use different
 # arguments..
 
-case $1 in 
+case $method in 
 	# sysidconfig/sys-unconfig arguments (-c and -u)
 '-c')
-	create_key $SSHDIR/ssh_host_rsa_key rsa
-	create_key $SSHDIR/ssh_host_dsa_key dsa
+	check_keys
 	;;
 
 '-u')
@@ -94,16 +148,35 @@
 	# If host keys don't exist when the service is started, create
 	# them; sysidconfig is not run in every situation (such as on
 	# the install media).
-	# 
-	create_key $SSHDIR/ssh_host_rsa_key rsa
-	create_key $SSHDIR/ssh_host_dsa_key dsa
+	#
+	check_keys
 
-	/usr/lib/ssh/sshd
+	#
+	# This check for the presence of $sshdconfig is not required for
+	# the default instance as there is an explicit dependency
+	#
+	if [ ! -f "$sshdconfig" ] ; then
+		echo "sshd configuration file missing: $sshdconfig" >&2
+		exit $SMF_EXIT_ERR_CONFIG
+	fi
+	#
+	# With multiple instances supported, it is necessary to always check
+	# to see if the ssh host keys need to be created for non-default
+	# instances.
+	#
+	if [ "$instance" != "default" ] ; then
+		check_keys
+	fi
+	if [ -n "$PIDOPTION" ] ; then
+		/usr/lib/ssh/sshd ${options} -o "$PIDOPTION"
+	else
+		/usr/lib/ssh/sshd ${options}
+	fi
 	;;
 
 'restart')
 	if [ -f "$PIDFILE" ]; then
-		/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
+		/usr/bin/kill -HUP `/usr/bin/cat "$PIDFILE"`
 	fi
 	;;
 
