opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 SSHD_OOM_ADJUST=-17
  12
  13 # Source function library
  14 . /etc/rc.d/init.d/functions
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 # Get service config
  20 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  21
  22 # Check that networking is up.
  23 if is_yes "${NETWORKING}"; then
  24         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  25                 msg_network_down "OpenSSH"
  26                 exit 1
  27         fi
  28 else
  29         exit 0
  30 fi
  31
  32 adjust_oom() {
  33         if [ -e /var/run/sshd.pid ]; then
  34                 for pid in $(cat /var/run/sshd.pid); do
  35                         if [ -e /proc/$pid/oom_score_adj ]; then
  36                                 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  37                         else
  38                                 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
  39                         fi
  40                 done
  41         fi
  42 }
  43
  44 checkconfig() {
  45         /usr/sbin/sshd -t || exit 1
  46 }
  47
  48 ssh_gen_keys() {
  49         # generate new keys with empty passwords if they do not exist
  50         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  51                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  52                 chmod 600 /etc/ssh/ssh_host_key
  53                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  54         fi
  55         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  56                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  57                 chmod 600 /etc/ssh/ssh_host_rsa_key
  58                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  59         fi
  60         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  61                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  62                 chmod 600 /etc/ssh/ssh_host_dsa_key
  63                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  64         fi
  65         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  66                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  67                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  68                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  69         fi
  70 }
  71
  72 start() {
  73         # Check if the service is already running?
  74         if [ -f /var/lock/subsys/sshd ]; then
  75                 msg_already_running "OpenSSH"
  76                 return
  77         fi
  78
  79         ssh_gen_keys
  80
  81         checkconfig
  82
  83         if [ ! -s /etc/ssh/ssh_host_key ]; then
  84                 msg_not_running "OpenSSH"
  85                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  86                 exit 1
  87         fi
  88
  89         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  90                 OPTIONS="$OPTIONS -4"
  91         fi
  92         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  93                 OPTIONS="$OPTIONS -6"
  94         fi
  95
  96         msg_starting "OpenSSH"
  97         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  98         RETVAL=$?
  99         adjust_oom
 100         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
 101 }
 102
 103 stop() {
 104         if [ -f /var/lock/subsys/sshd ]; then
 105                 msg_stopping "OpenSSH"
 106                 # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 107                 # critical service as sshd to kill it by procname, but unfortunately
 108                 # rc-scripts does not provide way to kill *only* by pidfile
 109                 start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 110                 rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 111         else
 112                 msg_not_running "OpenSSH"
 113         fi
 114 }
 115
 116 upstart_controlled --except init configtest
 117
 118 RETVAL=0
 119 # See how we were called.
 120 case "$1" in
 121   start)
 122         start
 123         ;;
 124   stop)
 125         stop
 126         ;;
 127   restart)
 128         checkconfig
 129         stop
 130         start
 131         ;;
 132   status)
 133         status sshd
 134         exit $?
 135         ;;
 136   init)
 137         nls "Now the SSH host key will be generated. Please note, that if you"
 138         nls "will use password for the key, you will need to type it on each"
 139         nls "reboot."
 140         ssh_gen_keys
 141         ;;
 142   configtest)
 143         checkconfig
 144         ;;
 145   reload|force-reload)
 146         if [ -f /var/lock/subsys/sshd ]; then
 147                 checkconfig
 148                 msg_reloading "OpenSSH"
 149                 killproc sshd -HUP
 150                 RETVAL=$?
 151         else
 152                 msg_not_running "OpenSSH"
 153                 exit 7
 154         fi
 155         ;;
 156   *)
 157         msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
 158         exit 3
 159 esac
 160
 161 exit $RETVAL