opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 22 88
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 # Source function library
  12 . /etc/rc.d/init.d/functions
  13
  14 upstart_controlled --except init configtest
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 SSHD_OOM_ADJUST=-1000
  20 PIDFILE=/var/run/sshd.pid
  21
  22 # Get service config
  23 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  24
  25 # Check that networking is up.
  26 if is_yes "${NETWORKING}"; then
  27         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  28                 msg_network_down "OpenSSH"
  29                 exit 1
  30         fi
  31 else
  32         exit 0
  33 fi
  34
  35 adjust_oom() {
  36         if [ -e $PIDFILE ]; then
  37                 for pid in $(cat $PIDFILE); do
  38                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  39                 done
  40         fi
  41 }
  42
  43 checkconfig() {
  44         ssh_gen_keys
  45         /usr/sbin/sshd -t || exit 1
  46 }
  47
  48 ssh_gen_keys() {
  49         # generate new keys with empty passwords if they do not exist
  50         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  51                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  52                 chmod 600 /etc/ssh/ssh_host_key
  53                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  54         fi
  55         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  56                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  57                 chmod 600 /etc/ssh/ssh_host_rsa_key
  58                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  59         fi
  60         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  61                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  62                 chmod 600 /etc/ssh/ssh_host_dsa_key
  63                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  64         fi
  65         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  66                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  67                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  68                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  69         fi # ecdsa
  70 }
  71
  72 start() {
  73         # Check if the service is already running?
  74         if [ -f /var/lock/subsys/sshd ]; then
  75                 msg_already_running "OpenSSH"
  76                 return
  77         fi
  78
  79         checkconfig
  80
  81         if [ ! -s /etc/ssh/ssh_host_key ]; then
  82                 msg_not_running "OpenSSH"
  83                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  84                 exit 1
  85         fi
  86
  87         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  88                 OPTIONS="$OPTIONS -4"
  89         fi
  90         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  91                 OPTIONS="$OPTIONS -6"
  92         fi
  93
  94         msg_starting "OpenSSH"
  95         daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
  96         RETVAL=$?
  97         adjust_oom
  98         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  99 }
 100
 101 stop() {
 102         if [ ! -f /var/lock/subsys/sshd ]; then
 103                 msg_not_running "OpenSSH"
 104                 return
 105         fi
 106
 107         msg_stopping "OpenSSH"
 108         # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 109         # critical service as sshd to kill it by procname, but unfortunately
 110         # rc-scripts does not provide way to kill *only* by pidfile
 111         start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
 112         rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 113 }
 114
 115 reload() {
 116         if [ ! -f /var/lock/subsys/sshd ]; then
 117                 msg_not_running "OpenSSH"
 118                 RETVAL=7
 119                 return
 120         fi
 121
 122         checkconfig
 123         msg_reloading "OpenSSH"
 124         killproc sshd -HUP
 125         RETVAL=$?
 126 }
 127
 128 condrestart() {
 129         if [ ! -f /var/lock/subsys/sshd ]; then
 130                 msg_not_running "OpenSSH"
 131                 RETVAL=$1
 132                 return
 133         fi
 134
 135         checkconfig
 136         stop
 137         start
 138 }
 139
 140 RETVAL=0
 141 # See how we were called.
 142 case "$1" in
 143   start)
 144         start
 145         ;;
 146   stop)
 147         stop
 148         ;;
 149   restart)
 150         checkconfig
 151         stop
 152         start
 153         ;;
 154   try-restart)
 155         condrestart 0
 156         ;;
 157   reload|force-reload)
 158         reload
 159         ;;
 160   configtest)
 161         checkconfig
 162         ;;
 163   init)
 164         nls "Now the SSH host key will be generated. Please note, that if you"
 165         nls "will use password for the key, you will need to type it on each"
 166         nls "reboot."
 167         ssh_gen_keys
 168         ;;
 169   status)
 170         status --pidfile $PIDFILE sshd
 171         exit $?
 172         ;;
 173   *)
 174         msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
 175         exit 3
 176 esac
 177
 178 exit $RETVAL