X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=opensshd.init;h=02dbb085d6b5de40290b69f31cf668aa6204137a;hb=ace6f67b4ad85fc7cdf08ea0988aad6e47032e48;hp=5a556c27ff30f3b2ab79d1292ac304747334a6ba;hpb=fd04e71516048a7024c71d75b468686ca1b0d2ea;p=packages%2Fopenssh.git diff --git a/opensshd.init b/opensshd.init index 5a556c2..02dbb08 100644 --- a/opensshd.init +++ b/opensshd.init @@ -8,14 +8,16 @@ # Ssh can be used for remote login, remote file copying, TCP port \ # forwarding etc. Ssh offers strong encryption and authentication. -SSHD_OOM_ADJUST=-17 - # Source function library . /etc/rc.d/init.d/functions +upstart_controlled --except init configtest + # Get network config . /etc/sysconfig/network +SSHD_OOM_ADJUST=-1000 + # Get service config [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd @@ -32,16 +34,13 @@ fi adjust_oom() { if [ -e /var/run/sshd.pid ]; then for pid in $(cat /var/run/sshd.pid); do - if [ -e /proc/$pid/oom_score_adj ]; then - echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj - else - echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj - fi + echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj done fi } checkconfig() { + ssh_gen_keys /usr/sbin/sshd -t || exit 1 } @@ -62,6 +61,11 @@ ssh_gen_keys() { chmod 600 /etc/ssh/ssh_host_dsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key fi + if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then + /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2 + chmod 600 /etc/ssh/ssh_host_ecdsa_key + [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key + fi } start() { @@ -71,8 +75,6 @@ start() { return fi - ssh_gen_keys - checkconfig if [ ! -s /etc/ssh/ssh_host_key ]; then @@ -96,19 +98,43 @@ start() { } stop() { - if [ -f /var/lock/subsys/sshd ]; then - msg_stopping "OpenSSH" - # we use start-stop-daemon to stop sshd, as it is unacceptable for such - # critical service as sshd to kill it by procname, but unfortunately - # rc-scripts does not provide way to kill *only* by pidfile - start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail - rm -f /var/lock/subsys/sshd >/dev/null 2>&1 - else + if [ ! -f /var/lock/subsys/sshd ]; then msg_not_running "OpenSSH" + return fi + + msg_stopping "OpenSSH" + # we use start-stop-daemon to stop sshd, as it is unacceptable for such + # critical service as sshd to kill it by procname, but unfortunately + # rc-scripts does not provide way to kill *only* by pidfile + start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail + rm -f /var/lock/subsys/sshd >/dev/null 2>&1 } -upstart_controlled --except init configtest +reload() { + if [ ! -f /var/lock/subsys/sshd ]; then + msg_not_running "OpenSSH" + RETVAL=7 + return + fi + + checkconfig + msg_reloading "OpenSSH" + killproc sshd -HUP + RETVAL=$? +} + +condrestart() { + if [ ! -f /var/lock/subsys/sshd ]; then + msg_not_running "OpenSSH" + RETVAL=$1 + return + fi + + checkconfig + stop + start +} RETVAL=0 # See how we were called. @@ -124,9 +150,14 @@ case "$1" in stop start ;; - status) - status sshd - exit $? + try-restart) + condrestart 0 + ;; + reload|force-reload) + reload + ;; + configtest) + checkconfig ;; init) nls "Now the SSH host key will be generated. Please note, that if you" @@ -134,22 +165,12 @@ case "$1" in nls "reboot." ssh_gen_keys ;; - configtest) - checkconfig - ;; - reload|force-reload) - if [ -f /var/lock/subsys/sshd ]; then - checkconfig - msg_reloading "OpenSSH" - killproc sshd -HUP - RETVAL=$? - else - msg_not_running "OpenSSH" - exit 7 - fi + status) + status sshd + exit $? ;; *) - msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}" + msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}" exit 3 esac