#
# sshd sshd (secure shell daemon)
#
-# chkconfig: 345 11 89
+# chkconfig: 345 22 88
#
# description: sshd (secure shell daemon) is a server part of the ssh suite. \
# Ssh can be used for remote login, remote file copying, TCP port \
# forwarding etc. Ssh offers strong encryption and authentication.
-SSHD_OOM_ADJUST=-17
-
# Source function library
. /etc/rc.d/init.d/functions
# Get network config
. /etc/sysconfig/network
+SSHD_OOM_ADJUST=-1000
+PIDFILE=/var/run/sshd.pid
+
# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
fi
adjust_oom() {
- if [ -e /var/run/sshd.pid ]; then
- for pid in $(cat /var/run/sshd.pid); do
- echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
+ if [ -e $PIDFILE ]; then
+ for pid in $(cat $PIDFILE); do
+ echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
done
fi
}
checkconfig() {
+ ssh_gen_keys
/usr/sbin/sshd -t || exit 1
}
ssh_gen_keys() {
- # generate new keys with empty passwords if they do not exist
- if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
- /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
- fi
- if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_rsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
- fi
- if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
- /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_dsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
- fi
-
- # commit files. so that sudden reboot here won't lose the data.
- [ -x /bin/sync ] && /bin/sync
+ @@LIBEXECDIR@@/sshd-keygen
}
start() {
# Check if the service is already running?
- if [ -f /var/lock/subsys/sshd ]; then
+ if status --pidfile $PIDFILE sshd >/dev/null; then
msg_already_running "OpenSSH"
return
fi
- ssh_gen_keys
-
checkconfig
- if [ ! -s /etc/ssh/ssh_host_key ]; then
+ if [ "$(echo /etc/ssh/ssh_host*key)" = "/etc/ssh/ssh_host*key" ]; then
msg_not_running "OpenSSH"
nls "No SSH host key found! You must run \"%s init\" first." "$0"
exit 1
fi
msg_starting "OpenSSH"
- daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
+ daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
RETVAL=$?
adjust_oom
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}
stop() {
- if [ -f /var/lock/subsys/sshd ]; then
- msg_stopping "OpenSSH"
- # we use start-stop-daemon to stop sshd, as it is unacceptable for such
- # critical service as sshd to kill it by procname, but unfortunately
- # rc-scripts does not provide way to kill *only* by pidfile
- start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
- rm -f /var/lock/subsys/sshd >/dev/null 2>&1
- else
+ if [ ! -f /var/lock/subsys/sshd ]; then
msg_not_running "OpenSSH"
+ return
fi
+
+ msg_stopping "OpenSSH"
+ # we use start-stop-daemon to stop sshd, as it is unacceptable for such
+ # critical service as sshd to kill it by procname, but unfortunately
+ # rc-scripts does not provide way to kill *only* by pidfile
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
+ rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}
-upstart_controlled --except init configtest
+reload() {
+ if [ ! -f /var/lock/subsys/sshd ]; then
+ msg_not_running "OpenSSH"
+ RETVAL=7
+ return
+ fi
+
+ checkconfig
+ msg_reloading "OpenSSH"
+ killproc sshd -HUP
+ RETVAL=$?
+}
+
+condrestart() {
+ if [ ! -f /var/lock/subsys/sshd ]; then
+ msg_not_running "OpenSSH"
+ RETVAL=$1
+ return
+ fi
+
+ checkconfig
+ stop
+ start
+}
RETVAL=0
# See how we were called.
stop
start
;;
- status)
- status sshd
- exit $?
+ try-restart)
+ condrestart 0
+ ;;
+ reload|force-reload)
+ reload
+ ;;
+ configtest)
+ checkconfig
;;
init)
nls "Now the SSH host key will be generated. Please note, that if you"
nls "reboot."
ssh_gen_keys
;;
- configtest)
- checkconfig
- ;;
- reload|force-reload)
- if [ -f /var/lock/subsys/sshd ]; then
- checkconfig
- msg_reloading "OpenSSH"
- killproc sshd -HUP
- RETVAL=$?
- else
- msg_not_running "OpenSSH"
- exit 7
- fi
+ status)
+ status --pidfile $PIDFILE sshd
+ exit $?
;;
*)
- msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
exit 3
esac