3 # sshd sshd (secure shell daemon)
7 # description: sshd (secure shell daemon) is a server part of the ssh suite. \
8 # Ssh can be used for remote login, remote file copying, TCP port \
9 # forwarding etc. Ssh offers strong encryption and authentication.
11 # Source function library
12 . /etc/rc.d/init.d/functions
14 upstart_controlled --except init configtest
17 . /etc/sysconfig/network
20 PIDFILE=/var/run/sshd.pid
23 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
25 # Check that networking is up.
26 if is_yes "${NETWORKING}"; then
27 if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
28 msg_network_down "OpenSSH"
36 if [ -e $PIDFILE ]; then
37 for pid in $(cat $PIDFILE); do
38 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
45 /usr/sbin/sshd -t || exit 1
49 # generate new keys with empty passwords if they do not exist
50 if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
51 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
52 chmod 600 /etc/ssh/ssh_host_key
53 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
55 if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
56 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
57 chmod 600 /etc/ssh/ssh_host_rsa_key
58 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
60 if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
61 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
62 chmod 600 /etc/ssh/ssh_host_dsa_key
63 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
65 if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
66 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
67 chmod 600 /etc/ssh/ssh_host_ecdsa_key
68 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
73 # Check if the service is already running?
74 if [ -f /var/lock/subsys/sshd ]; then
75 msg_already_running "OpenSSH"
81 if [ ! -s /etc/ssh/ssh_host_key ]; then
82 msg_not_running "OpenSSH"
83 nls "No SSH host key found! You must run \"%s init\" first." "$0"
87 if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
90 if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
94 msg_starting "OpenSSH"
95 daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
98 [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
102 if [ ! -f /var/lock/subsys/sshd ]; then
103 msg_not_running "OpenSSH"
107 msg_stopping "OpenSSH"
108 # we use start-stop-daemon to stop sshd, as it is unacceptable for such
109 # critical service as sshd to kill it by procname, but unfortunately
110 # rc-scripts does not provide way to kill *only* by pidfile
111 start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
112 rm -f /var/lock/subsys/sshd >/dev/null 2>&1
116 if [ ! -f /var/lock/subsys/sshd ]; then
117 msg_not_running "OpenSSH"
123 msg_reloading "OpenSSH"
129 if [ ! -f /var/lock/subsys/sshd ]; then
130 msg_not_running "OpenSSH"
141 # See how we were called.
164 nls "Now the SSH host key will be generated. Please note, that if you"
165 nls "will use password for the key, you will need to type it on each"
170 status --pidfile $PIDFILE sshd
174 msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"