[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 21 89
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e /var/run/sshd.pid ]; then
		for pid in $(cat /var/run/sshd.pid); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	ssh_gen_keys
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi # ecdsa
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		return
	fi

	msg_stopping "OpenSSH"
	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	# critical service as sshd to kill it by procname, but unfortunately
	# rc-scripts does not provide way to kill *only* by pidfile
	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=7
		return
	fi

	checkconfig
	msg_reloading "OpenSSH"
	killproc sshd -HUP
	RETVAL=$?
}

condrestart() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=$1
		return
	fi

	checkconfig
	stop
	start
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  configtest)
	checkconfig
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  status)
	status sshd
	exit $?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
cf3b46d6 AF	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
fd04e715	5	# chkconfig: 345 21 89
cf3b46d6	6	#
4a9f24b4	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
4a9f24b4	8	# Ssh can be used for remote login, remote file copying, TCP port \
cf3b46d6 AF	9	# forwarding etc. Ssh offers strong encryption and authentication.
cf3b46d6 AF	10
cf3b46d6 AF	11	# Source function library
	12	. /etc/rc.d/init.d/functions
	13
c303393a ER	14	upstart_controlled --except init configtest
c303393a ER	15
cf3b46d6 AF	16	# Get network config
	17	. /etc/sysconfig/network
	18
3cd7ffe2 ER	19	SSHD_OOM_ADJUST=-1000
3cd7ffe2 ER	20
cf3b46d6 AF	21	# Get service config
	22	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	23
	24	# Check that networking is up.
7d58fbb0	25	if is_yes "${NETWORKING}"; then
224aaee1	26	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
e6635719	27	msg_network_down "OpenSSH"
7d58fbb0	28	exit 1
	29	fi
	30	else
	31	exit 0
cf3b46d6	32	fi
a1c37c17	33
32322335	34	adjust_oom() {
141073f0 ER	35	if [ -e /var/run/sshd.pid ]; then
141073f0 ER	36	for pid in $(cat /var/run/sshd.pid); do
9172cbe8	37	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
141073f0 ER	38	done
141073f0 ER	39	fi
32322335 AM	40	}
32322335 AM	41
945a8076	42	checkconfig() {
d27ccc9b	43	ssh_gen_keys
945a8076 ER	44	/usr/sbin/sshd -t \|\| exit 1
	45	}
	46
e6635719	47	ssh_gen_keys() {
3c573fc0	48	# generate new keys with empty passwords if they do not exist
3c573fc0	49	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
e6635719	50	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
7d58fbb0	51	chmod 600 /etc/ssh/ssh_host_key
e6635719	52	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
3c573fc0	53	fi
3c573fc0	54	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
e6635719	55	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
7d58fbb0	56	chmod 600 /etc/ssh/ssh_host_rsa_key
e6635719	57	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
3c573fc0	58	fi
3c573fc0	59	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
e6635719	60	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
7d58fbb0	61	chmod 600 /etc/ssh/ssh_host_dsa_key
e6635719 ER	62	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
e6635719 ER	63	fi
7b384e20 AM	64	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	65	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	66	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	67	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
95191792	68	fi # ecdsa
e6635719 ER	69	}
	70
	71	start() {
	72	# Check if the service is already running?
	73	if [ -f /var/lock/subsys/sshd ]; then
	74	msg_already_running "OpenSSH"
	75	return
3c573fc0	76	fi
3c573fc0	77
945a8076 ER	78	checkconfig
945a8076 ER	79
e6635719 ER	80	if [ ! -s /etc/ssh/ssh_host_key ]; then
e6635719 ER	81	msg_not_running "OpenSSH"
7d58fbb0	82	nls "No SSH host key found! You must run \"%s init\" first." "$0"
01d1f289	83	exit 1
01d1f289	84	fi
3c573fc0	85
1292c55e ER	86	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	87	OPTIONS="$OPTIONS -4"
	88	fi
	89	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	90	OPTIONS="$OPTIONS -6"
	91	fi
	92
e6635719	93	msg_starting "OpenSSH"
1292c55e	94	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
e6635719 ER	95	RETVAL=$?
	96	adjust_oom
	97	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
b10eed65 ER	98	}
	99
	100	stop() {
3cd7ffe2	101	if [ ! -f /var/lock/subsys/sshd ]; then
e6635719	102	msg_not_running "OpenSSH"
3cd7ffe2	103	return
a1c37c17	104	fi
3cd7ffe2 ER	105
	106	msg_stopping "OpenSSH"
	107	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	108	# critical service as sshd to kill it by procname, but unfortunately
	109	# rc-scripts does not provide way to kill only by pidfile
	110	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok \|\| fail
	111	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	112	}
	113
	114	reload() {
	115	if [ ! -f /var/lock/subsys/sshd ]; then
	116	msg_not_running "OpenSSH"
	117	RETVAL=7
	118	return
	119	fi
	120
	121	checkconfig
	122	msg_reloading "OpenSSH"
	123	killproc sshd -HUP
	124	RETVAL=$?
b10eed65 ER	125	}
b10eed65 ER	126
8e8276e5 ER	127	condrestart() {
	128	if [ ! -f /var/lock/subsys/sshd ]; then
	129	msg_not_running "OpenSSH"
	130	RETVAL=$1
	131	return
	132	fi
	133
	134	checkconfig
	135	stop
	136	start
	137	}
	138
b10eed65 ER	139	RETVAL=0
	140	# See how we were called.
	141	case "$1" in
	142	start)
	143	start
	144	;;
	145	stop)
	146	stop
cf3b46d6	147	;;
cbd44157	148	restart)
945a8076	149	checkconfig
b10eed65 ER	150	stop
b10eed65 ER	151	start
cf3b46d6	152	;;
8e8276e5 ER	153	try-restart)
	154	condrestart 0
	155	;;
3cd7ffe2 ER	156	reload\|force-reload)
	157	reload
	158	;;
	159	configtest)
	160	checkconfig
cf3b46d6	161	;;
01d1f289	162	init)
0d883194	163	nls "Now the SSH host key will be generated. Please note, that if you"
	164	nls "will use password for the key, you will need to type it on each"
	165	nls "reboot."
e6635719	166	ssh_gen_keys
36f63877	167	;;
3cd7ffe2 ER	168	status)
	169	status sshd
	170	exit $?
36f63877	171	;;
cf3b46d6	172	*)
8e8276e5	173	msg_usage "$0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|configtest\|init\|status}"
bff0c7f8	174	exit 3
cf3b46d6 AF	175	esac
cf3b46d6 AF	176
cbd44157	177	exit $RETVAL